It’s now common knowledge that one of the biggest new features of Terminal Services in Windows Longhorn Server is the ability to “publish applications”. But how does publishing applications in Longhorn compare to publishing applications in Citrix Presentation Server? This article answers this question by comparing the application publishing functionality between Windows Longhorn Server (August 2006 CTP version) and Citrix Presentation Server 4.0.
To begin, it’s important to clarify the terminology. As technologists familiar with Citrix products, Citrix terminology has become the de facto industry standard. What Citrix calls a “Published Application”, Microsoft refers to as a “Remote Program”. In this sense a Remote Program from the user’s perspective is an application running remotely on a server, but it means the same thing as Published Application. This article will refer to both terms.
Moving forward, after installing Windows Longhorn Server, you’ll naturally need to install Terminal Services. In Windows 2003 this is done via Add/Remove Windows Components, whereas in Windows Longhorn, Terminal Services is added as a “Role”. This is done by simply running the Add Roles Wizard in Server Manager. (Note that the Server Manager of Windows Longhorn is totally different from the Server Manager of the NT 4.0 days.)
When it comes time to “published applications” in Longhorn, Server Manager can also handle this functionality or you can use the Terminal Services Remote Programs (TSRP) MMC snap-in. When compared to Citrix’s Presentation Sever Java Console, Longhorn’s Server Manager provides a similar look and feel, however, when solely administering remote programs you may opt for the TSRP console.
Terminal Server Remote Programs MMC Snap-in
Creating a Remote Program
To create remote program (or “published application”) in Longhorn Server, you can use either the Server Manager or the TSRP MMC to launch the Remote Programs Wizard. This wizard is similar to Citrix’s Application Publishing Wizard. In short, the Remote Programs Wizard is made up of three easy windows: a welcome screen, a list of preconfigured remote programs to choose from or the option to browse to an executable, and a confirmation screen. The second window is pictured below.
Creating a Remote Program adds the program to what Microsoft calls the “Allow List”. You can view all of the available Remote Programs in the Allow List on a given Terminal Server through Server Manager or the TSRP MMC. Unlike Citrix Presentation Server where you can assign individual Published Applications to specific servers, an Allow List of Remote Programs must be created for each Terminal Server. If you have multiple Terminal Servers that require the same Remote Programs, you have the option of exporting and importing Allow Lists from server to server. Again, this can be done via Server Manager or the TSRP MMC. Another distinct difference worth mentioning is that when creating a Published Application in Citrix Presentation Server, a farm is automatically available as part of the Presentation Server’s “out-of-the-box” functionality (even if it’s a farm of one server). When publishing applications, this allows you to simply choose which server you would like to publish your application on. With Longhorn Server, a Terminal Server farm must be configured separately either using a 3rd party load balancer or using Windows NLB. (To have the ability to reconnect to a disconnected session and share a session when launching more than one application on a Terminal Server, Session Directory, which is somewhat like Citrix’s Data Collector, must be in place. Session Directory will be discussed further in a future article.) The bottom line is without manually configuring a Terminal Server farm when creating a Remote Program, you only have the option of “publishing” or allowing that program on each specific Terminal Server.
Permissions to Remote Programs
For a user to have permission to access a Remote Program, the given Remote Program must exist in the Terminal Server’s Allow List, Remote Desktop connections must be allowed, and the user must be a member of the Remote Desktop Users local group. Adding the Terminal Services role to a server automatically changes the System Properties - Remote Desktop settings from, “Don’t allow connections to this computer” to “Allow connections from computers running any version of Remote Desktop”. The former can also be configured through Local or Group policy. The final step in regards to permission is to ensure the user is a member of the Remote Desktop Users group.
You lose some granularity in controlling who has permission to Remote Programs in comparison to how Citrix Presentation Server handles who has permissions to Published Applications. With Presentation Server you can control access by the application, whereas Longhorn Server gives access to all applications in the Allow List on a given server. With Longhorn you can restrict who has access by the server, using policy etc., however, it’s not on a per-application basis. Naturally you can also leverage security groups, however, this still does not allow you to restrict access per application with the same ease as in Presentation Server’s published applications.
Methods of Accessing Remote Programs
There are three different ways you can provide access to Longhorn’s remote programs: by creating an RDP package, creating an MSI package, or accessing the Remote Program through TS Web Access. These methods will be discussed in more detail in a future article, however, here is a brief summary.
- An RDP package creates an .rdp file which essentially acts the same as an ICA file and establishes a connection directly to the remote program when you double click it.
- An MSI package creates an .msi file which can be installed on the client machine. This creates a shortcut to the Remote Program either on the client’s desktop and/or in the client start menu, similar to the Citrix Program Neighborhood Agent (PNA).
- A Remote Program can be accessed via TS Web Access which is similar to Citrix’s Web Interface.
By default, access to Remote Programs in the Allow List via TS Web Access is enabled. Of course you could always establish an RDP session to a Terminal Server desktop and launch programs as if you were connected to a published desktop.
By the way, there is a default Remote Program available that essentially publishes an RDP connection called a “Remote Remote Desktop Connection” (a “double hop” from one server to another). I think it would be fun to call it a “Really Remote Desktop Connection”.
Configuration Options when creating Remote Programs
When compared to publishing applications in Citrix Presentation Server, there are very few configuration options possible at the point of creating a Remote Program through the Remote Programs Wizard. However, many options can be configured after the fact through policy. For example, with Presentation Server you have the option of defining color depth and encryption level when publishing the application. When creating a Remote Program you do not have the option to define color depth or encryption level when “publishing” (or allowing) the program, but you can configure these settings later through Local or Group Policy in Computer Configuration | Admin Templates | Windows Components | Terminal Services | Terminal Server etc.
With regards to Session Window Size, in Citrix Presentation Server this can be defined in the Application Publishing Wizard, however, the Remote Program by default will launch in a resizable window. For the Remote Programs to launch seamlessly, you must launch the program using the RDP 6.0 client. If you are using the older RDP client the program will still launch in a resizable window, but it will be displayed within an outer shell (which is also resizable). This more cumbersome and not as pretty than if you were using the newer client.
Both Published Applications in Citrix and Remote Programs in Longhorn have the option of changing the icon associated with the program as well as defining command line arguments to use with the program through their respective publishing wizards. Citrix’s Publish Application Wizard allows you to limit the number of published application instances allowed to run in a server farm and limit the number of instances of each application per user. In Longhorn, the number of connections to a server can be limited through policy, but connections to a specific application cannot be defined. (Again, you can get creative with Security Groups but it’s not as straightforward as with Citrix Published Applications.) Another feature the Publish Application Wizard allows is the ability to assign a CPU priority level as well as Access Control (if you are using Advanced Access Control with the Citrix Access Gateway) whereas no similar options exist for Longhorn Remote Programs. In addition, file type associations can be defined in the Publish Application Wizard whereas if you’d like to define file type associations or “client file extensions” for Remote Programs, you do when creating an MSI package versus at the point of allowing (“publishing”) the Remote Program.
Finally, Local Policy or Group Policy for Remote Programs and Citrix Policy for Published Applications can be used to configure multiple options such as connection level settings, device and printer settings, security, session time limits, etc.
Citrix’s Published Applications and Longhorn’s Remote Programs have some similarities, and naturally, some differences. Presentation Server’s Published Applications have more options when using the Published Application Wizard and they offer more granularity, particularly when targeting an individual application. Longhorn’s Remote Programs offer a very simplified wizard while having the option to configure additional settings using Local or Group Policy. Published Applications in general allow more flexibility and more exhaustive “out-of-the-box” options. That said, Longhorn’s Remote Programs are a huge enhancement to the Terminal Services of the past and provide a great option for those who don’t need the enhancements and expense of Citrix.
(Note: You must be logged in to post a comment.)
If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.