What new features should Microsoft add to Terminal Services?

Written on Mar 07 2007 Filed under: Microsoft 16,298 views, 28 comments

by Brian Madden

The annual Microsoft MVP conference is coming up next week at the Microsoft headquarters in Redmond. This is the gathering where more than 2000 MVPs get together to talk to the Microsoft product groups about the new products, features, and feedback. Longtime readers will remember that Ron Oglesby and I attended our first MVP conference three years ago, and it really opened our eyes as to how cool the terminal server product group at Microsoft was, and how they seemed genuinely interested in hearing our feedback.

There are now a total of 19 Terminal Server MVPs, and we've all gotten to be pretty close over the last several years. (I'm personally looking forward to meeting Gustavo Gurmandi and Eric Perromat--the two TS MVPs I haven't met yet.) And remember, anyone can be an MVP! All you have to do is join the conversation by writing blogs, answering forum questions, presenting at a user conference, etc.

Anyway, the three-day MVP conference is a mixture of us attending presentations by various technical folks and smaller interactive discussions with the product groups. This year, the Terminal Server product group is turning the tables and asking us, the MVPs, to prepare two presentations that we will deliver to them. The two topics are:

• Feedback on Longhorn Terminal Services: What are the top features of Longhorn TS that people like, and what additional features should Microsoft consider for Longhorn and beyond?
• The Terminal Server Community Impact: What's happening in the industry that we (the MVPs) think the Terminal Server product group should keep tabs on.

We MVPs have been discussing these topics via email over the past few weeks, and we decided to open up the discussion to the community-at-large. So I ask you, community, to please share your opinions. Let's take a look at some of the topics that we've discussed so far. (Before we do, I want to point out that I cannot take credit for all of these ideas myself. This list is based on the work of many people.)

What features would we like to see in terminal services?

This year, the terminal server product group asked us, the MVPs, to give a presentation to them about what features the community would most like to see in terminal services.

Internet Explorer on Terminal Server

There seem to be a lot of requests for the ability to have a more locked-down version of Internet Explorer for terminal server environments. Right now there are so many different policy settings that affect certain aspects of this, but there is no easy "make IE work on TS" button, and yet so many people use IE. Perhaps there could even be an IE "Lite" version for terminal services?

USB Drive Policies and Support

We already know that Terminal Server does a pretty good job working with client-side USB devices. Unfortunately, it's almost "too good" of a job, and client USB drives are hard to lock down since it's tough to differentiate them from regular client drives. Especially in today's world where self contained apps can run right off USB drives, it would be cool if there were some way to control what could and couldn't be done via a TS session from a client-side USB drive. Maybe this is as simple as better policy templates? Maybe not?

Help us with security and lockdown

In general, most people are getting to be more aware that Terminal Servers need to be locked down in special ways, but why is it that after almost a decade of Terminal Server, administrators must basically reinvent the wheel and search for the appropriate set of GPO settings with each new environment? How about a custom security template specifically made for terminal services? And maybe as soon as TS was installed, a wizard could pop up which guides the administrator through the process of applying the TS security template?

"Real" load balancing

In my mind, the biggest hole in the Longhorn TS feature list is some kind of "real" load balancing--something more than Windows NLB. NLB is fine for web servers and stuff, but the fact that basis its load algorithm completely on network load (i.e. the "N" in "NLB") means that it's not very useful in a Terminal Server environment.

This doesn't even have to be a TS product group enhancement. How hard would it be for the NLB team to modify the code so that it could load balance based on any perfmon counter? (My guess is that wouldn't be hard at all, but that would put Microsoft into the angry partner territory.)

Other feature requests?

In addition to the few requests we've outlined here, what else would you like to see in the core TS product from Microsoft? Better RDP printing? Patch management? Profile changes? Please share your ideas in the comments area of this article.

Longhorn features: Which ones do you like? Which ones don't you care about?

People have been discussing the features of Terminal Services for Longhorn for over three years. (In fact, out of the hundreds and hundreds of articles on this site, article #5--that's zero zero five--from July 2003 was about RDP 6.0.) If you're not familiar with the new terminal services features that Microsoft will add into Longhorn server, take a look at all that we've written on the topic.

But getting back to Microsoft's question, what features will people like most? And what features won't they care about?

Not to be disrespectful to anyone, but let's face it: the more "Citrix-like" features that are added, the happier people will be.

Specifically, I believe that the new terminal services web access (TSWA), combined with the Remote Programs (RP) feature in seamless windows mode will be huge. As will the fact that Microsoft is building in client peripheral device redirection at the UMDF level.

With regards to features that are not as exciting (or that are exciting to a subset of users), I think the TS Gateway falls into this category. (The TS Gateway is an RDP SSL-VPN gateway service that can proxy multiple SSL-encrypted RDP sessions through a single gateway server.) The reason I feel that the TS Gateway is not that interesting is because it only focuses on RDP, and most companies have a larger VPN strategy (be it IPSEC or SSL) for providing remote access. Especially considering that Microsoft bought SSL-VPN maker Whale Communications, I think that a lot of people will opt for the "real" SSL-VPN capabilities of ISA server instead of the "lite," RDP-only capabilities of the TS Gateway.

Then again, the TS Gateway has some advantages. First is the fact that it's built right into the Windows Server product and the new RDP clients, so all you have to do to use it on the client is check a box in the connection properties. Also, it's part of Microsoft's larger "Anywhere Access" strategy, which also includes Exchange's RPC over HTTP/S and the upcoming SMB over HTTP/S. Then again, I want to make sure that the TS group isn't spending too much time focusing on a feature that wouldn't be as useful as something else. (Are they? Share your thoughts in the comments!)

Keep in mind the perspective of Microsoft

Perhaps the most important thing to keep in mind moving forward is that Microsoft is Microsoft, and Citrix is Citrix. What I mean by that is that Citrix as a company is focused on technology that delivers applications to users. Microsoft is focused on the core platform. Of course the purpose of this article is not to be "another" Citrix versus Microsoft discussion, but such comparisons are inevitable when thinking about core TS feature enhancements.

So my point is that while Microsoft has many of the core application delivery components--Terminal Services with TS Web Access, Remote Programs, TS Gateway, ISA Server with SSL-VPN features, Softricity--they are primarily focused on the core application platform. Whether they can tie together these very different technologies from different product groups remains to be seen, and that's where Citrix excels. (By the way, I’m not suggesting that Microsoft should focus on this stuff per se. I’m saying that to me, this kind of holistic thinking is the next step in the evolution of TS. Now that they have all the basics covered, it’s time to make a strategy if they want to continue to grow their market share.)

Anyway, please share your ideas and opinions in the comments below. Are they more features that you'd like to see in Terminal Services? What Longhorn TS features do you like? What don't you care about? We'll aggregate all of the thoughts and comments for our presentation to the TS product group next week.

Comments

Michel Roth wrote Come on with the Load Balancing already!

on Wed, Mar 7 2007 8:47 AM

You said it Brian: L O A D  B A L A N C I N G 
(I'm not even willing to call NLB load balancing)

adrian_vg@yahoo.com wrote No powertoys for WinXP x64

on Wed, Mar 7 2007 8:47 AM

Pls let Bill know I'm still pissed with MS that they didn't release x64 versions of Powertoys for WinXP x64. I had to resort to 3rd party hacked 64b versions instead. Not very professional of MS... If they can't make these tools available after release, have them built-in in explorer! I mean, how can you live without "Command prompt here" and tweakui when I as a sysadmin spend the better part of the day in explorer??
 

Birkoff wrote file type management

on Wed, Mar 7 2007 8:48 AM

This is not something i encounter very often myself, but when i do it's always quite a hassle to easily enable per-user file type associations (adobe reader for everyone / adobe acrobat pro for exceptions for example). of course this is something that not only microsoft should solve, but also the software vendors should get their software act better in TS environments, but perhaps there are ways to make it easier to confiure this including automation (like command line tools)

bjorn bats wrote moscow

on Wed, Mar 7 2007 8:52 AM

Hi,
well i am the first responder here.
 
Brain i agree with the most in your article but first of all i think we have to make a MoSCow list.
(Must have,Should have,Could have).
in my opinion not all the features and idea's are Must haves.
Lets first think on the must have, what would be really great to have in microsoft TS longhorn version 2 ?
 
The features i like but are not new are.
 
i like the file type association - more and more company's need this feature (oops for citrix)
i like the seamless windows - this is a must have (oops for citrix)
the web access with the rdp can be cool , but a drawback is that you have to choose for active directory applications, otherwise you have to publish a web site for every terminal server. The TS website has a very poor layout and cannot be administered from one console I have to log-on to the TS website with an administrator account to change things.
 
 
the features i don't like
 
i agree with brain about the terminal server gateway (TSG) its only rdp encrypted with SSL. but then again its free and have some build in policies, and could be powerfull with Network Policy Server (NPS)
i think this product is more powerfull than the free citrix secure gateway, the citrix access gateway appliance cannot be compared and is much more powerfull.
 
the NLB feature, its still Network load balancing so its not usefull ( :-) for citrix)
 
i also dont like the remote programs admin tool and the remote programs , its just not IT, I can make some rdp shortcuts which i have to deliver some how to the client ?.
When i change the rdp shortcut i have to redeploy it to the client, with Citrix it is "real" time , if i change for example colordept, next time a user logs in with ica client or whatever its changed.
 
so yes, its an open door that if microsoft can add some stuff from citrix in their product in Longhorn, life for an SBC specialist would be much easier.
 
Some Things  like
 
- an real time application publishing mechanism (must have)
- a way easy document the TS applications and settings. (should have)
- one admin tool to change TS website (should have)
- one admin template for TS (could have)
- easy printing management (should have)

 
 
i will respond more later, i have some work to do.
 
see ya brain at briforum :)
 
bjorn bats
www.bjornbats.nl
 
 

Matthew Francis wrote How about...

on Wed, Mar 7 2007 10:18 AM

How about the ability to stop Terminal Service service without a friggin reboot.
Just let Citrix do what it does better.

Brian Thornton wrote Profiles,Profiles,Profiles......

on Wed, Mar 7 2007 10:36 AM

An easier way to manage User Profiles. Something like FlexProfiles that is produced by [link=http: I have tested FlexProfiles and am very happy with what they can do but my organisation will not implement Flexprofiles because there is no 'dedicated' support for the product. I expect there are other organisations out there like ours.
 
Brian
 
 

Rick Eilenberger wrote IE Java, EMF Printing, and the Stretch...

on Wed, Mar 7 2007 11:30 AM

I have not been directly engaged in IE management within the published desktop for the better part of a year now, I did however spend three years prior supporting IE within this context. 

The tough part to managing IE in my experience was Java.  I found that users on the lowest tier of the service environment (shipping clerks, data entry, interns) are doing the grunt work of checking the shipping and arrival of products moving throughout the transport chain.  Has the cargo container left China?  What boat is it on?  When will it arrive in Long Beach?  Has it arrived on time?  Which trucking firm is preferred by the client?  Check the trucking firm website?  Confirm delivery...collect the payment!
 
All the while from site to site there is variance in the B2B websites delivering these services, one site uses Sun Java another uses MS Java.  One site is updating its java another is not.  Loading java updates to servers impacts access to the CMC.  The testing of applications for roll out into production.  On and on...
 
The rhetorical flourish here is, how can MS simplify the java management with IE  more appropriately?  Simplifying the IE management process opens up a broader opportunity for cost savings on the hardware side...i.e. thin client for this work process.
 
Printing...
 
Driver management is a PITA.  Citrix has gone some distance with the UPD, but the D is still in the equation.  I would like to see MS buy Tricerat and roll the whole thing into the TS offering.  Time and again it is the printing function that delays the deliverable to the customer.  I would love to see MS remove the D from our lives and replace it with EMF as the default.
 
The Stretch....
 
If I were to stretch here I would like to see a TS management component capable of generating proper file shares within the fabric of the network.  Time and again I have to pass KB articles to systems engineers who have never heard of roaming profiles.  I get the job done, but the effort is time consuming.  How about some intergration which incorporates a delegated role for TS admin requirements allowing for the creation of files as necessary within the network?
 
Whew....typing is tiring.  Good luck in Redmond.  The pizza is better in Chicago however!  Ha!

Michel Roth wrote RE: How about...

on Wed, Mar 7 2007 11:57 AM

You're lucky. In Longhorn Terminal Server you can! (stop/restart Terminal Service service without a friggin reboot)
 
Regards,
Michel Roth.
Thincomputing.net

bjorn bats wrote RE: Profiles,Profiles,Profiles......

on Wed, Mar 7 2007 1:36 PM

in longhorn there is a better profile algorithm that should prevent profile corruption.
maybe we won't need the flexprofiles anymore.
 
 

marcel a campo wrote Softgrid

on Wed, Mar 7 2007 2:50 PM

Ok, maybe slightly off topic, but still relevant. Softgrid is getting very popular as a tool to distribute applications. Unfortunately there is a different license model for Softgrid for TS compared to Softgrid for Desktops. With the latter you are forced to have Software Assurance.
 
For companies it is very attractive that the same sequence can be used to distribute an app to both Terminal Servers and to Fat Clients. But because there is a different license model for the two, companies sometimes still are forced to use only 1 of the 2. So my plea is to make Softgrid for Desktops also available for companies without SA!

Ruben Spruijt wrote SoftGrid x64

on Wed, Mar 7 2007 3:28 PM

Hi,
 
x64 is great for Terminal Server environments, SoftGrid is also great for Terminal Server environments (and beyond).
Why is the x64 SoftGrid client for TS planned for 2009 ?!?..
 
With regards,
Ruben

Jason Conger wrote New .Net SDK

on Wed, Mar 7 2007 4:11 PM

A native .Net assembly API would be nice.  Programming for Terminal Services using managed languages is a little cryptic with a lot of Marshall calls.  Bernhard Tritsch's BriForum Sessions (http://www.briforum.com/2006/session.aspx?id=55) have helped me a lot in this aspect, but it would be nice to just reference a Namespace in some C# code to start writing utilities for Terminal Services rather than importing the wtsapi32.dll.

Greg Wood wrote Multi-mon support

on Wed, Mar 7 2007 4:58 PM

I still dont think you can move a seemless longhorn window to the second monitor of a multi-mon setup (Propalms / 2x are affected by this now, but Citrix is not)

Load Balancing, as mentioned before would still be the best feature.

agressiv

Michael Pardee wrote RE: Profiles,Profiles,Profiles......

on Wed, Mar 7 2007 7:55 PM

I agree, better profile management. The corruption isn't what kills us, it the profiles ability to grow, causing longer login times across WAN connections when your profiles are in one data center (because 99% of your apps are hosted there) and you are accessing a different set of servers in another data center. The roaming can kill you.

Andy Wood wrote cd support

on Thu, Mar 8 2007 5:19 AM

the ability to write to a local cd from within the terminal server session - that'd be pretty useful

bjorn bats wrote RE: Profiles,Profiles,Profiles......

on Thu, Mar 8 2007 5:38 AM

yeah ok, but in the smaller environments with just one datacenter, or user who don't have applications in other datacenters, roaming with folder redirection could do the trick.
 
in very large environment its handy to have flex profiles, but it also brings some administration on the ini files when scripting applications.
but when flex is set up right , its easier to delete just one ini file instead of whole profile.
And the profile isnt growing fast.
 
see ya.
www.bjornbats.nl

bjorn bats wrote RE: Softgrid

on Thu, Mar 8 2007 5:43 AM

yep, i agree.
 

Bob harrison wrote Profiles, printing, and licenses

on Thu, Mar 8 2007 7:45 AM

I hope you add my big three to the must do list for Microsoft.  Profiles, and printing are the biggest problems that I have with TS/Citrix, and I should not need to purchase 3rd party products to solve these problems.  Longhorn may do a better job of handling profiles, but I will believe that when I see it.  Microsoft also needs to simplify TS licensing, what a pain.

Dan Shappir wrote Wish list for TS

on Thu, Mar 8 2007 11:57 AM

Here is my wish list for TS:
 
1. More of a general Windows feature than a TS one: session virtualization. Yes session virtualization rather than machine virtualization or application virtualization. Done correctly this could provide a combination of all the benefits of SBC and VDI, among other benefits. I'll write about in my blog sometime.
 
2. WPF remoting - not sure if this feature will ultimately will or won't be included in Longhorn TS. I really, really wish it will as it represents the potential for TS to become an actual target platform for developers looking to create server-based applications, i.e. an alternative to web-based apps. Guess I'll have to write about that sometime as well.
 
Dan

Thomas Krag wrote RE: Wish list for TS

on Thu, Mar 8 2007 1:56 PM

I agree with you Dan.
Session virtualization combined with VMotion would be cool.
Empty your server for maintenance in a few seconds - thats flexibility.
 

Ted Harney wrote Load Balancing

on Fri, Mar 9 2007 9:09 AM

1) Load balance based on unique session ID, not source IP address. This would allow use of an overloaded NAT, desirable for service providers who need to deliver access to client-server applications.
2) Load balance new connections to the server with fewest connections, or lowest memory utilization, or lowest CPU utilization, etc.
 

Quintin Lette wrote TS BPA Anyone?

on Sun, Mar 11 2007 9:39 AM

Not exactly a feature of Terminal Services, but closely related... wouldn't it be great to have a Best Practices Analyzer for Terminal Services!

Peter Olson wrote How about native SSH tunneling?

on Mon, Mar 12 2007 4:22 PM

I would like to see some sort of native to windows SSH port forwarding capability. Some of our customer are using Microsoft Terminal servers for remote access sytems. A couple have installed 3rd party SSH services to allow SSH->RDP tunneling for various reasons, including the fact that RDP does not allow for proxied connections.

Which brings me to the 2nd thought, how about proxiably RDP connections?

-Peter

umeshkaul@gmail.com wrote native http proxy support

on Mon, Mar 12 2007 11:57 PM

I think native http proxy support for rdp protocol would be a useful feature to have. This can do this with the TS Gateway (similar to citrix's CSG)

Dan Shappir wrote RE: Wish list for TS

on Wed, Mar 14 2007 9:08 AM

Thanks Thomans, this is a benefit I had not considered.
I have posted to my blog an explentation of what I mean by session virtualization, and the benefits it would provide.
Dan

Dan Shappir wrote RE: Wish list for TS

on Wed, Mar 21 2007 7:36 AM

I've now [link=http: Dan

Thomas Krag wrote Missing follow up on the MVP conference

on Sat, Apr 28 2007 1:52 PM

Hi Brian.

I don't seem to remember you ever posted a follow up on this MVP conference.

Would be cool with some feedback on all the bright ideas.

 

/Thomas 

 

Guest wrote Re: SoftGrid x64

on Fri, Oct 19 2007 3:56 PM

I'm glad I'm not the only one scratching my head on this one. I don't think they understand the market out there for SoftGrid on 64-bit TS. I hope they make this a higher priority on their list, I was shocked to find it isn't out already.

Peter

(Note: You must be logged in to post a comment.)

If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.