by
Brian Madden
Gabe Knuth and I wrote our first server-based computing software
round-up almost a year ago. Due to the popularity of this paper, we
decided to update it in August 2004 to include the most recent versions
of each vendor’s products.
For years, Citrix has been the only choice for software to power
server-based computing environments. Sure, Microsoft's Terminal Server
products were out there, but their features paled in comparison to
those of Citrix MetaFrame Presentation Server.
However, as Terminal Server continues to gain ground as a standalone
solution, many people wonder whether they need to spend money on Citrix
or if Terminal Server is enough on its own. Additionally, people often
wonder whether any of the smaller, third-party vendors’ products are
worth looking into.
This article will help you answer these questions. In it, we're
going to look at the features of Microsoft's newest Terminal Server
offering and Citrix's newest MetaFrame Presentation Server offering.
We'll also look at several smaller vendors—Jetro Platforms' CockpIT and
BoostIT products, Tarantella's Secure Global Desktop Terminal Server
Edition, DAT Panther, PowerTerm WebConnect, and HOBLink JWT.
The Contenders
This article compares the following products:
- Microsoft Windows Server 2003 Terminal Services
- Citrix MetaFrame Presentation Server 3.0
- Jetro Platforms' CockpIT / BoostIT
- Tarantella Secure Global Desktop / Terminal Server Edition
- DAT Panther
- Ericom PowerTerm WebConnect
- HOBLink JWT
Before we get into the side-by-side comparison of all the products,
let's take a quick look at an overview of each one.
Terminal Services for Microsoft
Windows Server 2003
I wrote a full review of Terminal Server on Windows 2003 when it was
released in April 2003. (Click here to read it.) What's interesting
about Terminal Server is it's an absolute requirement if you want to
use any of these products. Your real decision is whether you want to
use Terminal Server by itself or whether you want to use a third-party
product in addition to Terminal Server.
Terminal Server has come a long way since Microsoft released the
first version of it in 1998. From a pure protocol standpoint, Terminal
Server's RDP protocol of today is just as good as Citrix's ICA
protocol. They both support virtually any client platform and they both
support access to all local client resources (ports, printers, audio,
and the clipboard). Additionally, the new version of RDP supports
24-bit color and very high resolutions.
This protocol equality does not mean that there is no longer a need
for third-party products. It just means that there are other things you
need to look for when deciding which products are best for your
server-based computing solution.
For example, Terminal Server still has some major weaknesses,
including:
- Load-balancing is limited to 32-nodes. Furthermore, the
load-balancing algorithm is based on network traffic—not user or
processor load.
- Applications cannot be accessed "seamlessly." This is not a
problem if you only plan to run full remote desktops, but the
integration of local and remote applications is not that great.
- Terminal Server does not offer application publishing. Users must
access a server to access an application. For example, third-party
software allows a user to request an application by name (i.e.
"Excel"). Terminal Server requires that an administrator manually set
up shortcuts to each application. Again, this is less of a problem if
the server is to be used exclusively for remote desktop access instead
of remote application access.
- In Terminal Server environments, each server must be available
outside the firewall for external access to applications. It does not
include any kind of proxy for the RDP protocol.
The bottom line with Terminal Server is that it can stand on its own
in certain environments where users will be accessing full remote
desktops, but it cries out for third-party tools in larger and more
complex environments. If you do choose to build a Terminal Server-only
solution, check out our latest book, “Terminal Services for Windows
Server 2003: Advanced Technical Design Guide.”
Citrix MetaFrame Presentation
Server 3.0
Citrix is the company that essentially invented modern day Microsoft
Windows server-based computing. MetaFrame Presentation Server 3.0 (MPS
3) offers dozens of features, including the all-important application
load-balancing, application publishing with seamless windows, and a web
interface user portal.
In addition to the core features of MetaFrame, the license fee
includes rights to use applications such as "MetaFrame Secure Gateway"
(MSG). MSG lets you funnel all of your users, completely encrypted,
through a single port on a single IP address. (Check out this
article for full details about all the new features of MPS 3.)
While not included with the core product, Citrix also offers a number
additional products that further extend MetaFrame's capabilities.
Example include MetaFrame Conferencing Manager (a product that enables
real-time application sharing and collaboration between users anywhere
in the world) and MetaFrame Secure Access Manager (which provides
secure and personalized information via a web portal).
The downside to MetaFrame is the price. While it clearly offers the
most features and capabilities, it’s also the most expensive, with
per-user MSRP prices starting at almost $100 more than the next
most-expensive competitor.
Jetro CockpIT 3.0 / BoostIT 3.0
Jetro Platforms' current server-based computing product is CockpIT
3.0. Jetro does not view themselves as a direct competitor to Citrix,
Microsoft, or Tarantella. Instead, they focus on creating a "management
platform" that allows you to manage your existing environments whether
they're Terminal Servers, Citrix MetaFrame servers, or a combination of
both.
Jetro uses its own client software that contacts a Jetro server
which maintains application lists, server load, user policies, and
permissions. Once it determines which server a user should connect to,
the Jetro client passes the connection information to the user's
standard RDP or ICA client and the session is launched.
Jetro sells two products: CockpIT and BoostIT. These products are
technically 100% identical with the only difference being how they are
licensed. CockpIT adds all of Jetro's capabilities to Terminal Server
and RDP environments. BoostIT supports ICA sessions in addition to RDP.
Now, here's where it gets interesting. BoostIT is much cheaper than
CockpIT. That's right. The product that supports RDP and ICA is much
cheaper ($40 per user) than the product that supports RDP only ($160
per user). Jetro's reasoning behind this is that if you need the ICA
version, you've already spent enough money on thin client computing
licenses, so they give you a break. (Think of it as a "competitive
upgrade.") The catch, of course, is that you have to have previously
bought a Citrix ICA license for each BoostIT license that you buy, and
they require proof of this upon ordering.
Jetro adds some impressive features onto native Terminal Server. In
addition to the now "standard" third-party offerings of seamless
windows, application publishing, a slick web interface for application
access, and application level load-balancing, Jetro's products also
allow you to seamlessly publish and manage applications to users
regardless of whether they access them via ICA or RDP.
In addition, Jetro provides some basic system monitoring
functionality from their admin interface. Metrics shown include: Load
Degree, % Processor Time, % User Time, Available Mbytes of memory,
Handle Count, Pages/Sec, and Thread Count. While not as robust as
Citrix’s Resource Manager or Lakeside Software’s SysTrack, it does
provide some indication of the current state of the server from a
centralized location. There is also a reporting feature that allows an
administrator to generate reports showing server activity by user,
server, or application.
The current version of CockpIT/BoostIT is 3.0, which was released in
May 2003. Jetro claims that an update to 3.5 is imminent, although they
wouldn’t show it to us since we’re not a partner.
More information about Jetro CockpIT and BoostIT, is available via
the Jetro Platforms website at http://www.jp-inc.com.
Tarantella Secure Global Desktop
2.1 - Terminal Services Edition
Tarantella’s Secure Global Desktop 2.1, Terminal Server Edition wins
the award for the longest product name. (TSGD2.1TSE?) It’s built from
the framework laid out by New Moon that Tarantella bought back in 2003.
Tarantella’s goals with this product are simple: to bring to market a
less expensive alternative to MetaFrame Presentation Server. The
Terminal Server Edition of Secure Global Desktop offers about 80% of
the functionality of MetaFrame Presentation Server for about 20% of the
price. (At least when compared to the initial price. Subscription
renewal / maintenance for the Tarantella product is about 66% of
renewal for MetaFrame Presentation Server Advanced Edition.)
Note: Tarantella has two “editions” of Secure Global Desktop: an
Enterprise Edition and a Terminal Services Edition. Everything we’re
talking about here is the Terminal Services Edition. The Enterprise
Edition is the “other” stuff that Tarantella is known for, primarily
used to hook together Windows Terminal Servers and UNIX x-windows and
x-desktops.
Secure Global Desktop - TSE can run on Windows 2000 or Windows 2003.
It has all the "major" features of a third-party application server,
including application publishing, seamless windows, a web interface,
and application-level load-balancing.
Load balancing is accomplished independent of Windows through the
use of load balancing services installed on at least one server. This
operates in much the same way as the Citrix Load Manager to achieve a
load-balanced environment. This fact alone can save a company several
thousand dollars in a farm with several servers when compared to using
pure Terminal Server since Tarantella’s load-balancing doesn't require
the Enterprise Edition of Windows 2003.
One of the features of Secure Global Desktop – TSE that sets it
apart from the rest of the pack is the ability to publish applications
to specific terminals or groups of terminals rather than simply to
users and groups. This is very beneficial in a kiosk or shop floor
environment where terminals have one dedicated purpose.
Tarantella is one of the few companies that officially licensed
Microsoft's RDP technology, and therefore they provide their own
version of Microsoft’s Terminal Services Advanced Client (TSAC). While
using the RDP protocol at its core, the Secure Global Desktop client
also provides access to additional services like seamless windows and
the web interface. Tarantella offers SGD clients for 32-bit Windows,
Windows CE, Linux, and Java.
The feature set of Secure Global Desktop 2.1 – Terminal Services
Edition, albeit less robust than MetaFrame Presentation Server, is
significantly more rich than Windows Terminal Services. Tarantella has
succeeded in adding the most used features of Citrix MetaFrame to
Windows Terminal Services and has made their product available at a
fraction of the cost of MetaFrame.
Tarantella is working on version 4 of Secure Global Desktop 2.1 –
Terminal Services Edition, and they’re planning on a 4th quarter 2004
release. New features are said to include certificate-based server
authentication, ticketing, SSL encryption and tunneling of all RDP
traffic with a MetaFrame Secure Gateway-like relay server, better
printing performance, and additional system monitoring and reporting
capabilities.
More information about Secure Global Desktop 2.1 can be found on
Tarantella’s website.
Ericom PowerTerm WebConnect
Of all the products tested, Ericom’s WebConnect is the newest
entrant into the SBC arena. In addition to providing a web interface to
Ericom’s other software products (mostly legacy connectivity
solutions), Webconnect allows for web-based connectivity to Windows
2000/2003 Terminal Servers.
The main feature of WebConnect is seamless windows, into which
they’ve put a lot of work to make it competitive with the other
products out there. In conjunction with seamless windows, WebConnect
also offers the ability to publish applications. Another important
feature is the secure gateway feature, which lets a user access
Ericom’s entire suite of WebConnect applications through a single
external presence, including their RemoteView RDP client.
The RemoteView client, like other RDP clients, is built on top of
the Microsoft Terminal Server Advanced Client (TSAC). RemoteView adds
the ability to contact the WebConnect server for connection-specific
parameters (server address, display settings, etc.) before connecting
to the server. One drawback, however, is that RemoteView only works on
Win32 platforms, although they claim support for other platforms is in
development.
From a technical standpoint, a user contacts a web server to
enumerate the applications to which he/she has access. Based on what
the user selects, the appropriate client is launched (legacy,
RemoteView, etc.). The client application then contacts the WebConnect
server for the application parameters and uses those parameters to
launch the actual application.
One drawback is that there is no application-based load balancing
for Terminal Servers. Terminal servers could be configured in an NLB
cluster to afford some redundancy, although it would be strictly
network-based. Another drawback is that for seamless windows to work,
the Terminal Server must be a Windows 2003 server.
While WebConnect isn’t the most advanced Terminal Server add-on on
the market, it could prove extremely useful to enterprises that
currently have a lot of legacy systems and a light to moderate demand
for Windows-based terminal services. Even though the topic of legacy
systems goes beyond the scope of this article, it’s safe to say that
given Ericom’s legacy-oriented products, there could be a place for it
in a highly legacy environment.
You can learn more about Ericom PowerTerm Webconnect RemoteView at
their site.
HOBLink JWT
HOBLink JWT has been popular in Europe for quite a while and it’s
just now starting to show a presence in the US. There are two versions
of HOBLink JWT—a standard version simply called HOBLink JWT, and an
enterprise-oriented version called HOBLink JWT EA (Enterprise Access).
In addition to these products, HOB also has a product called HOBLink
Secure that acts as a secure gateway using the HOBLink JWT client.
HOBLink JWT uses a fully-functioning Java client that enables an
organization to centralize the client used to access RDP sessions. The
client features are equal to the 32-bit RDC client from Microsoft in
that it offers local drive and printer access, clipboard mapping and
audio mapping. Additionally, HOBLink JWT adds on several features to
help leverage Windows Terminal Services, including application
publishing, seamless windows, and application-based load
balancing.
HOBLink JWT EA adds several management features such as user
policies, a centralized management console, and AD integration.
Also, HOBLink JWT EA has full read/write LDAP support which allows
users to authenticate against different types of LDAP-compliant
directories (not just Active Directory).
HOBLink JWT can provide effective, centralized access to Windows
Terminal Servers and has been designed to scale easily with the growth
of an enterprise’s SBC farm. While Java might not be the answer
for all SBC client problems, this is certainly a step in the right
direction.
A drawback of HOBLink JWT is that in order to have a secure gateway
feature, you have to buy another product from them called HOBLink
Secure. This product provides SSL encryption of the RDP traffic similar
to the other secure gateway-like products included with other vendors.
For more information on HOBLink JWT, HOBLink JWT EA, and HOBLink
Secure, visit HOB’s website.
DAT Panther Server 2002
The DAT Group is a large UK-based Microsoft partner that is
primarily known for their customized mobile applications. DAT Panther
Server 2002 adds some basic functionality on top of Terminal Server.
Leveraging the RDP protocol, Panther adds seamless windows, application
publishing, and application-level load balancing to Terminal Server
environments.
While it lacks a web application interface and some of the other
features of the competing software packages, DAT Panther adds basic
functionality to Terminal Server for a reasonable cost.
Server-Based Computing Software
Feature Comparison Matrix
In addition the basic information about each vendor's offerings,
this chart provides a side-by-side comparison of the features and
capabilities of each product.
 |
The green check indicates that this feature is explicitly
part of this product. |
 |
The gray check is for the products that run on top of
Terminal Server that inherit this functionality from Terminal Server. |
| (1) |
A number in parenthesis after a check indicates that a
footnote contains more information. Click on the number to view the
footnote. |
| Basic
Information |
Terminal Server |
MetaFrame 3
|
Jetro |
Tarantella SDG / TSE
|
DAT Panther |
Ericom WebConnect
|
HOBLink JWT
|
| min. Terminal Server version required |
n/a |
2000(1) |
2000 |
NT4 |
2000
Advanced
|
2000
|
2000
|
| Remote Session Protocol |
RDP |
ICA |
ICA/RDP |
RDP |
RDP |
RDP
|
RDP
|
| Cost per user (US$)(3) |
Baseline(2) |
$250-350 |
$40-160 |
$60(18) |
$80 |
$150
|
$150
|
| Maintenance cost per user / per
year |
Baseline(2) |
$40-50 |
First
year free / $16 after |
2
yrs free (18) |
n/a
|
|
15%
|
| License Type (concurrent or named user) |
either |
conc. |
conc. |
conc. |
conc. |
conc.
|
either
|
| Major
Features |
Terminal Server |
MetaFrame 3
|
Jetro |
Tarantella SDG / TSE
|
DAT Panther |
Ericom WebConnect
|
HOBLink JWT
|
| Application Publishing |
|
|
|
|
|
|
|
| Seamless Windows |
|
|
|
|
|
|
|
| Application Load Balancing |
|
Advanced Ed (4) |
|
|
|
|
|
| Web Application Interface |
|
|
|
|
|
|
|
| Other
Features |
Terminal Server |
MetaFrame 3
|
Jetro |
Tarantella SDG / TSE
|
DAT Panther |
Ericom WebConnect
|
HOBLink JWT
|
| Content Publishing |
|
|
|
|
|
|
|
| Content Redirection |
|
|
|
|
|
|
with TW |
| Publish applications to specific workstations |
|
(via
policies) |
|
|
|
|
EA
|
| Connect to single application (instead of a full
desktop) |
|
|
|
|
|
|
|
| Print driver mapping |
|
|
|
|
|
|
|
| Print driver replication |
(5) |
|
|
|
|
|
|
| Universal Printing |
|
|
|
|
|
|
|
| Server load-balancing |
(15) |
Advanced Ed (4) |
|
|
|
|
|
| Server availability scheduling |
|
|
|
|
|
|
|
| Session Shadowing |
|
(6) |
|
|
|
|
|
Dynamic Session reconfig
|
|
|
|
|
|
|
|
| Client
Features |
Terminal Server |
MetaFrame 3
|
Jetro |
Tarantella SDG / TSE
|
DAT Panther |
Ericom WebConnect
|
HOBLink JWT
|
| Web-based client install |
|
|
|
|
|
|
|
| Auto client update (7) |
|
|
|
|
|
|
|
| Local Drive Access |
|
|
|
|
|
|
|
| Local Printer Access |
|
|
|
|
|
|
|
| Local / Remote Clipboard Mapping |
|
|
|
|
|
|
|
| Local COM/LPT Port Access |
|
|
|
|
|
|
|
| Audio Mapping |
W2k3
only
|
|
W2k3 only |
W2k3
only |
W2k3
only |
W2k3 only
|
|
| Client Desktop Integration (automatically place
application icons in Start Menu, etc.) |
|
|
|
|
|
|
|
| Have it's own client |
|
|
|
|
|
|
|
| 24-bit color, high resolution |
W2k3
only |
|
W2k3 only |
W2k3
only |
W2k3
only |
W2k3 only
|
|
| Client multi-monitor support |
|
|
|
|
|
|
|
| Client
Platforms |
Terminal Server |
MetaFrame 3
|
Jetro |
Tarantella SDG / TSE
|
DAT Panther |
Ericom WebConnect
|
HOBLink JWT
|
| 32-bit Windows |
|
|
|
|
|
|
(19) |
| 16-bit Windows |
|
|
|
|
|
|
|
| DOS |
(8) |
|
|
|
|
|
|
| Macintosh |
|
|
|
|
|
|
(19)
|
| Linux/Unix |
(9) |
|
|
|
|
|
(19)
|
| Java |
(10) |
|
|
|
|
|
|
| Windows CE / PocketPC |
|
|
|
|
|
|
|
| Security
Features |
Terminal Server |
MetaFrame 3
|
Jetro |
Tarantella SDG / TSE
|
DAT Panther |
Ericom WebConnect
|
HOBLink JWT
|
| SSL Encryption |
|
|
|
|
|
|
|
| TLS Encryption |
|
|
|
|
|
|
|
| Proxy Support |
|
|
|
|
|
|
|
| SSL Gateway Support |
|
|
|
|
|
|
|
| NIAP Certification |
EAL
4+ (11) |
|
|
|
|
|
EAL 2
|
| Pass-through authentication |
|
|
|
|
|
|
|
| Management Features |
Terminal Server |
MetaFrame 3
|
Jetro |
Tarantella SDG / TSE
|
DAT Panther |
Ericom WebConnect
|
HOBLink JWT
|
| Delegated administration |
|
(12) |
|
|
|
|
|
| Remotely push server install |
|
|
|
|
|
settings
only |
|
| User policies |
|
|
|
|
|
|
EA
|
| Centralized Mgmt Console |
|
|
|
|
|
|
EA
|
| Clone Server |
|
|
|
|
|
|
|
| System Monitoring |
(13) |
Ent Ed. (14) |
|
|
|
|
|
| Detailed Usage Reporting |
|
Ent
Ed. (14) |
|
|
(16) |
|
|
| Application packaging & delivery |
|
Ent
Ed. (14) |
|
|
|
|
|
| Full Active Directory Integration |
|
|
(17) |
(17) |
|
(17)
|
EA
|
LDAP Support
|
|
|
|
|
|
|
EA
|
notes
This chart only provides an overview of the basic features. Each vendor
believes that their product is better than the rest, and each vendor is
able to provide you with a more complete list of features.
(1) Citrix MetaFrame XP with Feature
Release 2 and newer require Windows 2000 or Windows 2003. MetaFrame XP
with Feature Release 1 and older also run on Windows NT 4.0 Terminal
Server Edition.
(2) Microsoft Windows Terminal Server pricing is listed
as "baseline" because you need to but these licenses no matter what.
(i.e. The other three vendors' pricing is in addition to the Microsoft
pricing.) Plus, the Microsoft pricing and licensing has too many
options to fit in this little chart.
(3) These prices or the Manufacturer's Suggested Retail
Prices. You actuall pricing may vary depending on your reseller. Also,
when we asked for MSRP information from the vendors, every vendor
pointed out that they offered discounted pricing for larger purchases,
and that they offered special pricing for public sector and education
markets.
(4) This feature requires the "Advanced" version of
MetaFrame (formally known as "XPa"). The US MSRP of MetaFrame XP
Advanced Edition is $300 per user, and maintenance is $45 per user per
year.
(5) Print driver replication requires a free utility
called "Print Migrator." If you want to automate the replication
process, you'll have to script it and use the command scheduler.
(6) An addition to standard admin shadowing, Citrix
offers "user-to-user" shadowing, which allows users (with appropriate
permissions) to shadow other users via a specialized shadowing tool.
This is very cool.
(7) Auto-client update capabilities are not included
with Terminal Server. However, Microsoft likes to point out that you
can use SMS, IntelliMirror, and/or MSI technologies to automatically
update RDP client software. Still, this is not as easy to use as
Citrix's out-of-the-box auto client update capabilities.
(8) DOS client support is available via a third-party
client from
(9) Linux / Unix client support is available via a
free, open source client
(10) Java client support is available via a
third-party client from
(11) Microsoft Windows 2000 is EAL 4 + Flaw
Remediation certified. Check
out this link for details. As of this writing, Windows Server 2003
is not yet certified.
(12) Citrix delegated administration
(13) Win sys monitoring and analysis
(14) This feature requires the "Enterprise" version of
MetaFrame (formally known as "XPe"). The US MSRP of MetaFrame XP
Enterprise Edition is $350 per user, and maintenance is $50 per user
per year.
(15) Requires the "Enterprise" edition of Windows 2003
to fully use server load-balancing.
(16) DAT Panther does not include a built-in reporting
engine. Rather, it makes all its information available for export to
Excel, Crystal Reports, etc.
(17) New Moon's and Jetro's products do integrate with
Active Directory. However, rather than extending the AD schema, they
maintain their own database that contains a replica of the AD
information that they need.
(18) Tarantella Secure Global Desktop - TSE has no base price. Instead,
you simply pay for two years of maintenance. That's a fancy way of
saying it costs $60 per user.
(19) The only HOBLink client is Java. Therefore, you can get Win32 /
Mac / etc. access by running the Java client on that specific platform.
(Note: You must be logged in to post a comment.)
If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.