1
2A02 2A02
Terminal Services Terminal Services for Windows 2000for Windows 2000Jürgen KrautnerJürgen Krautner
2
OutlineOutline
uu New FeaturesNew Features
uu Setup / Server ManagementSetup / Server Management
uu Licensing /Licensing / LoadbalancingLoadbalancing
uu Future DirectionsFuture Directions
uu Questions & AnswersQuestions & Answers
3
Application ServingApplication Serving
Corporate Intranet
Terminal Server
RAS
PPTP Modem
Deploy Once …
… Then Run AnywhereRemote Sites / Branch Offices
IISInternet
via ActiveX Client
UNIXMac
RDP/ICA
DOS
Win
4
uu Integrated component ofIntegrated component ofll Windows 2000 Server Windows 2000 Server (2 Cpu, 4GB)
ll Windows 2000Windows 2000 Advanced Server (8 Cpu, 8GB)
ll Windows 2000Windows 2000 Data Center Server (32 Cpu, 64GB)
PackagingPackaging
5
Usage ScenariosUsage Scenariosuu Application ServingApplication Serving
ll Deploying Win32 apps on Legacy PCs Deploying Win32 apps on Legacy PCs ll Centralized Application ManagementCentralized Application Managementll Enhanced Remote Access Enhanced Remote Access ll WindowsWindows--based Terminalsbased Terminalsll Accelerating OS upgrade deploymentsAccelerating OS upgrade deployments
uu Remote AdministrationRemote Administrationll Server managementServer managementll Administration from downAdministration from down--level clientslevel clients
6
uu Remote administration modeRemote administration mode
uu Application server modeApplication server mode
Server Server -- Configuration options …Configuration options …
Mode can be changed post-
install, but some apps
may need to be reinstalled.
2
7
Setup Options …Setup Options …
uu BuiltBuilt--in Windows 2000 feature in Windows 2000 feature ll Add/Remove ProgramsAdd/Remove Programs
uu Enabled on upgrade fromEnabled on upgrade fromTerminal Server 4.0Terminal Server 4.0
uu Upgrade / Install OptionsUpgrade / Install Optionsll Clean installClean installll Upgrade from TerminalUpgrade from Terminal
Server 4.0Server 4.0ll Cannot upgrade fromCannot upgrade from
Citrix WinFrameCitrix WinFrame ServersServersll MetaFrameMetaFrame needs to be needs to be
deinstalled deinstalled
8
Remote AdministrationRemote Administration
uu Scheduling optimized for background servicesScheduling optimized for background servicesuu Administrator only connect securityAdministrator only connect securityuu TS App Compatibility code disabledTS App Compatibility code disabled
ll No special “install” mode requiredNo special “install” mode required
uu Client Licensing RequirementsClient Licensing Requirementsll Two builtTwo built--in perin per--server connectionsserver connectionsll No perNo per--seat TSseat TS--CAL or NTSCAL or NTS--CAL requiredCAL requiredll Client can run on any OSClient can run on any OS
uu Minimal Resource & Performance ImpactMinimal Resource & Performance Impactll ~85K non~85K non--paged, ~175K paged kernel memorypaged, ~175K paged kernel memoryll ~2.25Mb overall commit~2.25Mb overall commitll No idle session creationNo idle session creation
9
Application ServingApplication Serving
uu Designed to serve interactive apps.Designed to serve interactive apps.uu Scheduling for interactive applicationsScheduling for interactive applicationsuu Domain User connect securityDomain User connect securityuu Supports enhanced Supports enhanced
app compatibilityapp compatibilityuu Client licensing requirementsClient licensing requirements
ll TSTS--CAL and NTSCAL and NTS--CAL required per seatCAL required per seatll Internet Connector Licensing (200 user max)Internet Connector Licensing (200 user max)ll Terminal Services Licensing must be deployedTerminal Services Licensing must be deployed
10
New InfrastructureNew Infrastructure
uu Single binary kernelSingle binary kernelll Common kernel componentsCommon kernel componentsll Unified service packs, hot fixes Unified service packs, hot fixes ll Better performance and scalabilityBetter performance and scalability
uu TS is an integrated OS componentTS is an integrated OS componentll Enabled via Setup or Add/Remove ProgramsEnabled via Setup or Add/Remove Programs
uu Adjustable SchedulingAdjustable Schedulingll Lets TS work better with background servicesLets TS work better with background services
uu Leverages Win2000 Multilingual UI featureLeverages Win2000 Multilingual UI feature
uu Support for all DCOM activation modesSupport for all DCOM activation modes
11
Features (old) Features (old)
uu Roaming Disconnect / ReconnectRoaming Disconnect / Reconnect
uu Multiple LogonMultiple Logon
uu Client Connection ManagerClient Connection Manager
uu Integration withIntegration withll Performance MonitorPerformance Monitorll User ManagerUser Manager
uu RDP EncryptionRDP Encryption
12
New New Features Features
uu Local Printer redirectionLocal Printer redirectionll Auto detection & install of printersAuto detection & install of printersll Supports printing from Windows applicationsSupports printing from Windows applicationsll Leverages clientLeverages client--side spooler (if available)side spooler (if available)
uu Session Remote ControlSession Remote Controlll Administrators can shadow a client’s session Administrators can shadow a client’s session ll Provide help or intervene from remote locationProvide help or intervene from remote locationll Extremely useful helpdesk featureExtremely useful helpdesk feature
1
13
NewNew FeaturesFeatures cont’dcont’d
uu Clipboard redirection Clipboard redirection ll Cut & paste between apps running locally and those Cut & paste between apps running locally and those
running in the remote sessionrunning in the remote session
uu Drive Redirection & File CopyDrive Redirection & File Copyll ReskitReskit
uu Integration with W2000 (AD, MMC)Integration with W2000 (AD, MMC)
uu Network Load Balancing ( former WLBS)Network Load Balancing ( former WLBS)ll Only with Advanced Server /Only with Advanced Server / DatacenterDatacenter
uu DFS SupportDFS Support
14
NewNew Features cont’d…Features cont’d…
uu Client for HPCClient for HPC--Pro (Pro (WinCEWinCE 2.11) platform 2.11) platform
uu RDP Performance Improvements (RDP Performance Improvements (5.05.0))ll Persistent client side bitmap cachingPersistent client side bitmap cachingll Further performance tuningFurther performance tuning
(~15% bandwidth reduction from TSE4)(~15% bandwidth reduction from TSE4)
0
10
20
30
40
50
TSE4 47,7 49,5 43
Beta3 39,9 40,5 37
Bytes (M) Frames (10K) CPU
Bet
terWinBench ’99 Results
(Compression Off, Persistent Cache Off)
15
NewNew Features cont’d…Features cont’d…
uu Virtual channel supportVirtual channel supportll Provides access to RDP data channelsProvides access to RDP data channelsll Includes as part of the SDKIncludes as part of the SDKll Can be used to add custom devices Can be used to add custom devices
–– audio, scanners, barcode readers etc.audio, scanners, barcode readers etc.
uu New Public APIsNew Public APIsll TS Server Management & User ConfigurationTS Server Management & User Configuration
16
API API -- Administration Administration ((WTSxxxWTSxxx))
ll Sessions / ProcessesSessions / Processes-- WTSOpenServerWTSOpenServer (or WTS_CURRENT_SERVER_HANDLE)(or WTS_CURRENT_SERVER_HANDLE)ll WTSEnumerateSessionsWTSEnumerateSessionsll WTSQuerySessionInformationWTSQuerySessionInformationll WTSSendMessageWTSSendMessagell WTSDisconnectSessionWTSDisconnectSession // WTSLogoffSessionWTSLogoffSessionll WTSEnumerateProcessesWTSEnumerateProcesses // WTSTerminateProcessWTSTerminateProcess
ll AdministrationAdministrationll WTSQueryUserConfigWTSQueryUserConfig andand WTSSetUserConfigWTSSetUserConfigll WTSWaitSystemEventWTSWaitSystemEventll WTSShutdownSystemWTSShutdownSystem (for User)(for User)
ll OthersOthersll VerifyVersionInfVerifyVersionInf() () ((vsvs. registry). registry)ll NetServerEnumNetServerEnum SV_TYPE_TERMINALSERVERSV_TYPE_TERMINALSERVERll new linker flag TSAWAREnew linker flag TSAWAREll Terminal Server User, STerminal Server User, S--11--55--13. 13.
17
API API -- Extensions Extensions ((VirtualChannelxxxVirtualChannelxxx))
ll ClientClient–– VirtualChannelEntryVirtualChannelEntry–– VirtualChannelInitVirtualChannelInit–– VirtualChannelWriteVirtualChannelWrite–– VirtualChannelOpenEvent VirtualChannelOpenEvent –– VirtualChannelCloseVirtualChannelClose
ll ServerServer–– WTSVirtualChannelOpenWTSVirtualChannelOpen–– WTSVirtualChannelReadWTSVirtualChannelRead / Write/ Write–– WTSVirtualChannelPurgeInput WTSVirtualChannelPurgeInput –– WTSVirtualChannelPurgeOutputWTSVirtualChannelPurgeOutput
WTSAPI32.Lib
18
Protocol FunctionProtocol Function ComparisionComparision
2
19
Administration ToolsAdministration Tools
uu Terminal Services ManagerTerminal Services Managerll Monitors users and their processesMonitors users and their processes
ll Disconnect and logoff user sessionsDisconnect and logoff user sessions
ll Used to initiate session remote controlUsed to initiate session remote control
uu User Manager ExtensionsUser Manager Extensionsll Set perSet per--user Terminal Sever attributesuser Terminal Sever attributes
ll Works with Works with DSAdmin DSAdmin or Local User Manageror Local User Manager
uu Terminal Services ConfigurationTerminal Services Configurationll MMCMMC--based tool for Protocol / Server configurationbased tool for Protocol / Server configuration
20
Administration Tools ..Administration Tools ..
uu Terminal Services LicensingTerminal Services Licensingll Tracks perTracks per--seat license usage for all protocolsseat license usage for all protocols
uu ““ConfigConfig Your Server”Your Server”l Default Popup
uu ServicesServicesl Configure Service Properties
uu System PropertiesSystem Propertiesl Scheduling
u Performance Monitoru CMD-Line
Configure Configure ServerServer
Online Online HelpHelp RDPRDP--GeneralGeneral
uu Per Network AdapterPer Network Adapter
uu LowLow
ll RC4 56 Bit RC4 56 Bit –– one wayone way
uu MediumMedium
ll RC4 56 Bit RC4 56 Bit –– two waytwo way
uu HighHigh
ll RC4 128 BitRC4 128 Bit–– two waytwo way
(40 Bit (40 Bit forfor TSE 4)TSE 4)
24
uu Default is Administrators onlyDefault is Administrators onlyll Does not apply to upgraded TSE4 serversDoes not apply to upgraded TSE4 servers
uu Permissions tab is usedPermissions tab is usedfor changing settingsfor changing settings
uu Advanced… button forAdvanced… button fordetailed access controldetailed access control
uu New Windows 2000 UINew Windows 2000 UIcan enable auditingcan enable auditing
Configuration OptionsConfiguration OptionsControlling Who Can ConnectControlling Who Can Connect
1
25
uu Extensions for AD Admin ToolExtensions for AD Admin Toolll EnvironmentEnvironmentll TimeoutTimeoutll Profile Dir.Profile Dir.ll Remote ControlRemote Control
ManagementManagementUser settings…User settings…
26
uu Windows 2000 adds a new builtWindows 2000 adds a new built--in group called in group called TERMINAL SERVICES USERSTERMINAL SERVICES USERS
uu Similar to Interactive Users GroupSimilar to Interactive Users Group
uu All user logging on viaAll user logging on viaTS are part of this groupTS are part of this group
uu This group SID can beThis group SID can beadded to added to ACLsACLs
uu Used as part of applicationUsed as part of applicationcompatibility configurationcompatibility configuration
Security OptionsSecurity OptionsSpecial SID For Access ControlSpecial SID For Access Control
27
uu Two new categories of Two new categories of perfperf. counters. countersuu Terminal ServerTerminal Server
ll Active, Inactive & Total Session countersActive, Inactive & Total Session countersuu Terminal Server Sessions Terminal Server Sessions
ll Protocol PerformanceProtocol PerformanceCountersCounters
ll PerPer--session Processsession ProcessMetricsMetrics
ll ~ 75 Counter~ 75 Counter
Server ManagementServer ManagementPerformance MonitoringPerformance Monitoring
Service PropertiesService Properties
29
uu ApplicationsApplications“quantum stretching”“quantum stretching”
Advanced Advanced SystemSystem PropertiesProperties
30
IntelliMirror & MSIIntelliMirror & MSI
uu Provides and assigns SW to users via GPProvides and assigns SW to users via GP
uu Design decision:Design decision:ll Disabled on every TS SessionDisabled on every TS Session
ll Prevents users from installing application on serversPrevents users from installing application on servers
ll Remember TS : special installation mode !!Remember TS : special installation mode !!
uu Advanced Power ManagementAdvanced Power Managementll Q237551Q237551--Power Options Icon Missing in Control PanelPower Options Icon Missing in Control Panel
ll Q243651Q243651--APM Features Are Disabled with Terminal ServicesAPM Features Are Disabled with Terminal Services
2
31
uu Mapping (new/old)Mapping (new/old)ll SystemSystem\\CurrentControlSetCurrentControlSet\\ControlControl\\Terminal ServerTerminal Server\\UtilitiesUtilities
uu Query informationQuery informationll query process | session |query process | session | termservertermserver | user| user
uu Session ManagementSession Managementll tscontscon, , tsdiscontsdiscon, , ll logoff, reset session, shadow, logoff, reset session, shadow, msgmsgll tsshutdntsshutdn,, tskilltskillll change logon /enable change logon /enable || /disable /disable | | /query/query
uu Application ManagementApplication Managementl change user /query || /execute || /installll register filenameregister filename /system | //system | /useruser
uu OthersOthersll tsproftsprof,, flattempflattemp, change port, change port
CommandCommand--line Utilitiesline Utilities
32
uu Renamed from TSE4Renamed from TSE4ll connectconnect àà tscontscon
ll disconndisconn àà tsdiscontsdiscon
ll killkill àà tskilltskill
ll shutdownshutdown àà tsshutdntsshutdn
uu DiscontinuedDiscontinuedll tscfg tscfg (replaced by TSCC)(replaced by TSCC)
ll qobjectqobject, , peruserperuser, , regfixregfix, ,
ll C2config, migrate, C2config, migrate, rmvlnksrmvlnks
ll Netware UserNetware User MigMig. Wiz. . Wiz.
CommandCommand--line Utilitiesline Utilities
33
Resource KitResource Kit
Q240444 Useful TS-Resource Kit Utilities
u Appsec restrict excution of programsu Drive Share map local drive to sessionu File Copy Copy/paste of filesu LsReport Display License Information (file)u LsView Display current available Lics.u Robo* Tools for capacity planningu Simclient Client Simulationu Tsreg Change client cache settings u Tsver Client Version checku Winsta Monitoring TS-client sessions
u Tsreg.hlp Documentation of Registry entries
34
uu NLBS (former WLBS)NLBS (former WLBS)ll Available on Advanced Server (no download)Available on Advanced Server (no download)ll Load distribution of client connectionsLoad distribution of client connectionsll Provides high availability to TS ServersProvides high availability to TS Serversll Can manage up to 32 servers per clusterCan manage up to 32 servers per clusterll Installable as serviceInstallable as service
uu Other Load Balancing optionsOther Load Balancing optionsll DNS Round RobinDNS Round Robinll 33rdrd Party Solutions Party Solutions –– Citrix, Citrix, CubixCubix, NCD, NCD
Server Load DistributionServer Load Distribution
35
Licensing RequirementsLicensing Requirements
uu Using Terminal Services in Application Server mode Using Terminal Services in Application Server mode requires that each client be properly licensed.requires that each client be properly licensed.
uu ClientClient licensing options:licensing options:ll Required: W2000 Server CAL or BackOffice CAL Required: W2000 Server CAL or BackOffice CAL ll Required: W2000 Prof. or W2000 TSRequired: W2000 Prof. or W2000 TS--CALCALll Optional: W2000 TSOptional: W2000 TS-- Internet Connector License. Internet Connector License.
36
FeaturesFeatures
uu Flexible deployment with managementFlexible deployment with managementll 9090--day grace period for License Serverday grace period for License Serverll 9090--day temporary client licenseday temporary client licensell Terminal Services separate from License ServiceTerminal Services separate from License Service
1
37
Product
InfrastructureMicrosoft
Licensing ComponentsLicensing Components
Win2000 Server +
TS Licensing Service
(aka License Server)
MicrosoftCertificate Authority & License Clearinghouse
Win2000 Server +Terminal Services
Clients
Customer
38
Future DirectionsFuture Directions
uu Post Windows 2000Post Windows 2000ll RDP ActiveX (RDP ActiveX (IExplorerIExplorer) Client) Clientll RDP MSI package for IntelliMirror deployment of RDP MSI package for IntelliMirror deployment of
applications via TSapplications via TS
uu RDP ClientRDP Clientll Port, File System, Audio/Video RedirectionPort, File System, Audio/Video Redirectionll HighHigh--Color SupportColor Support
39
Future Directions cont.Future Directions cont.(Future Releases)(Future Releases)
uu Load BalancingLoad Balancingll Better Load Distribution MetricsBetter Load Distribution Metricsll PerPer--cluster Application Managementcluster Application Managementll Cluster aware disconnect / reconnectCluster aware disconnect / reconnect
uu ManagementManagementll Automatic RDP Client UpdateAutomatic RDP Client Updatell Integration with Group Policy & Active DirectoryIntegration with Group Policy & Active Directory
40
uu WhitepapersWhitepapersll Optimizing Applications for TS 2000 and NT4Optimizing Applications for TS 2000 and NT4
ll TS2000: an integrated, Server based Computing Solution TS2000: an integrated, Server based Computing Solution
ll Windows 2000 TSWindows 2000 TS--LizensingLizensing
ll Windows 2000 TSWindows 2000 TS--Capacity and ScalingCapacity and Scaling
ll TS ApplicationTS Application CompatibiltyCompatibilty NotesNoteshttp://www.http://www.microsoftmicrosoft.com/windows2000/library/technologies/terminal/default.asp.com/windows2000/library/technologies/terminal/default.asp
uu TechnetTechnet: : Q186572Q186572ll Q186572Q186572 TSTS WalkthrouWalkthrou: Startup, Connection and Application: Startup, Connection and Application
InformationInformation
41
BooksBooks
uu ISBN ISBN
33--8606386063--617617--00
QUESTIONS?QUESTIONS?
2
43
RDP Protocol Stream
Terminal Server
RDP Client(mstsc.exe)
Presentation
Clipboard
Virtual Channel ArchitectureVirtual Channel Architecture
Extension DLL
App.exe
VirtualChannelOpen(“MyData”)
ChannelInit(“MyData”)
“MyData”
44
License Server ActivationLicense Server Activation
45
Activation Activation ......
46
Activation Activation ......
47
Client Client RegistrationRegistration
Compaq Computer Corporation© 1999