Like many features of Windows Server, the TS Session Broker is a "platform" feature that provides basic functionality, but Microsoft wrote it in such a way that it's highly extensible. To that end, the Microsoft Terminal Server team has started blogging about the various ways that the Session Broker can be extended. For example, Christa Anderson (she's at Microsoft now) wrote about how you can use the Session Broker's APIs to remove the built-in load balancing mechansim (that only allows connections to Terminal Servers) and replace it with your own code that does whatever you want, including brokering connections to desktops for VDI scenarios.

Following up on Christa's post, Roman Porter just posted the first entry in a series that will walk you through creating your own load-balancing logic to override the basic stuff from Microsoft. (The other biggest complaint of the TS Session Broker is that its load-balancing logic is too simplistic.) I'm not a programmer, so I don't know how hard this would be to do, but how cool would it be to make a free plug-in / extenstion to the built-in load-balancer that would extend it so it could use any perfmon counter you wanted? I would imagine you could even build a little list of counters, specify your maximum and minimums, and off you go!

If this were the case, I'd personally make some load-balancing rules that primarily looked at the total users on a server, but I'd also want to take into consideration things like processor queue lenght, memory pages input per second, disk queue length, and network queue length. (Unfortunately, none of these counters are exposed in XenApp.) This would also be cool because if you were using something like RTO PinPoint which creates its own "logon speed" perfmon counters, you could factor that into your load-balancing decision as well.

Read More on Brian Madden

Since they've been gaining more popularity, I started keeping my eyes open for anything from the Mac world that would fit into our niche. For the past few years, that's only mean VMware Fusion and Parallels, but today an announcement graced my inbox from a company called Aqua Connect, who sells a product called "Aqua Connect Terminal Server." Aqua Connect Terminal Server (which I'm calling ACTS from now on) installs on top of OS X server and the latest version, 3.0, runs on Mac OS 10.5 Leopard Server.

Prior releases provided a remote desktop via the X11 and VNC protocols, which is a real holdup for people that actually try to use ACTS from a remote location. The protocols are bursty and not optimized for slower connections. With version 2.0, ACTS provided session shadowing and reconnection, as well as centralized user control.

Yesterday, version 3.0 was announced, which most notably introduces RDP protocol support. Other new features include LDAP , Open, and Active Directory integration; user, session and CPU prioritization; user auditing; and terminal options.

Not that I expect everyone to get excited about providing Mac desktops to their users, but it is pretty cool to see the technology that we're so accustomed to branching out to other platforms. It'll be interesting to see what happens with SPICE now that Red Hat owns Qumranet (I'm not forgetting ICA, I just don't think it'll ever happen). We're not too far away from being able to provide any application on any platform via any connection to any device. Any Any Any? Try Any Any Any Any!

I haven't actually seen ACTS 3.0 yet, but I'm hoping to get my hands on it soon. A trial is available, and once I get a copy of Leopard Server, I'll throw it up and check it out.

Read More on Gabe Knuth

• Thursday, 10:30 AM (Room: Venetian Ballroom D)
• Thursday, 3:30 PM (Room: Murano 3202)
  

Abstract: Companies have been delivering desktops via Terminal Services for over a decade. When Microsoft added the remote desktop capability to Windows XP seven years ago, people said “Hey, now we can connect to remote Windows XP single user sessions instead of Terminal Server.” And just like that, VDI was born. VDI and Terminal Server share a lot of common traits—both are classified as server-based computing solutions, and both have very, um, “passionate” supporters. So what’s the deal today? Is the world about VDI “versus” Terminal Server? Is it VDI “and” Terminal Server? In this session, Brian Madden will take a no-nonsense look at VDI and Terminal Server technologies. He’ll discuss what’s real and not real today, and he’ll explore where each technology is appropriate. Most importantly, he’ll look ahead to the Windows 7 timeframe. Will Terminal Server desktops still dominate? Will Windows 7 be a VDI world? Find out here!

Length: 1 Hour
Level: Intermediate

Read More on Brian Madden

The “Application and Desktop Delivery solutions” diagram has been developed in order to be able to provide a complete overview of the various applications and desktop delivery solutions. This article was written by Ruben Spruijt in order to introduce the highlights of the delivery solutions in 30 minutes.  There are so many delivery solutions that the functionalities can be confused through incomplete knowledge. The point of this article is not to describe all of the application scenarios or the technical advantages or disadvantages, but purely as a high level, vendor dependent overview of the start of technology in the applications and desktop delivery segment. Hopefully this overview will be helpful!

Workplace scenarios

Trusted and Untrusted workplace scenarios . Trusted workplaces are devices that have a network connection to existing IT backed infrastructure via the LAN  or WAN.

Untrusted workplaces are devices that have no secure LAN or WAN connection with the existing IT backed infrastructure. Examples are devices that are active at home, at a stage work station or in connection with security in a separate network segment.

Each organization has various work station and application delivery scenarios.  It is important for the IT department to have insight into the different workstation and delivery scenarios.

This reflects how the users are working with or would want to work with the applications.

Secure Access

Secure Access solutions assure secure access of untrusted devices to corporate IT. The symbol consists of two parts, the shield stands for secure and the stoplight stands for access. The access can also be close linked depending on the chosen secure access solution. Solutions that realize secure access scenarios are, for example, Cisco ASA, Citrix Access Gateway and Juniper SSL VPN.

Web Application Acceleration

Web Application Acceleration solutions assure acceleration and security of web based applications.  Today we all make use of these solutions.  The largest number of the internet applications that we all use, such as Google, MSN, eBay or marketplace, make use of these applications.  Web application acceleration solutions are not only for the large internet organizations, but also for your web applications. Solutions that make web application acceleration and security possible are, for example, Citrix Netscaler and F5.

Desktop broker

The desktop of connection broker determines which remote desktop will be made available to the client. With this it is possible to make available a dedicated or a pool of remote desktops. The automatic turn on, deletion or pausing of remote desktops is a functionality that can be provided by a desktop broker. There are various suppliers of connection brokers. Citrix with XenDesktop, Provision Networks VAS and VMware with VDM are the most well known solutions.  Depending upon the supplier, the connection broker can have additional functions. Functionality such as a web interface that assures secure (SSL) and easy access to the remote desktops, Active Directory integration, USB port redirection and integration with Terminal Services in order to provide access to a Terminal Server or a personal Remote Desktop through rules set by IT.

Application Streaming and Virtualization

With the aid of application streaming and virtualization, windows applications can be used without any changes to the local operating system, let alone that application software is installed on a workstation.  In other words: the application is implemented, saves data and prints as if it is locally present, without anything being changed on the local client.  Sources such as CPU, memory, hard disks and network cards are used for the execution  of this application. Application Streaming and Virtualization assure the availability of applications on desktops, laptops, VDI and Server Based Computing platforms whereby the application is executed on the “client” platform.  No changes are made to the platform.

A number of advantages for Application Virtualization are:  installation, upgrade, roll back and the ease of application support.  Installations of applications is now in the past; conflicts are not longer possible.  It creates a dynamic application delivery infrastructure.

Solutions for Application Streaming and Virtualization are: Microsoft Application Virtualization (App-V), Altiris SVS, VMware ThinApp, InstallFree and Citrix XenApp client side virtualization.

OS Streaming

OS streaming makes it possible that VDI, SBC and desktops start up and work from an image file saved on the network.  A single image can be used by multiple workstations simultaneously.  The advantage is that complete operating systems, including applications and clients can be made available quickly and securely.  The availability of a single image on multiple VDI, SBC and desktops is possible without conflict. Through this, an upgrade or roll back of an OS is possible quickly, easily and without great risks. When virtual desktops make use of OS streaming in a VDI environment, this solution also saves valuable storage and the administration of the virtual desktops is simplified.  Virtual or physical machines that make us of OS streaming thus become “stateless devices”. Citrix Provisioning Server is a solution that makes OS streaming possible.

Virtual Desktop Infrastructure

VDI, Virtual Desktop infrastructure = “Dedicated Virtual Remote Desktop”

Virtual Desktop Infrastructure (VDI) is a solution for remote access to Windows XP/Vista or Linux desktops that are implemented on a virtual machine in the data center.  VDI can be a server hosted solution (online computing) or a client side solution (offline computing). This overview describes VDI from the server hosted solution. With this, access to the desktop is not bound to one location or end user device. Each user possesses a unique personal desktop environment. Program execution, data processing and data storage take place centrally on a personal desktop.  The information appears on the client screen via RDP/ICA/VNC/RGS or SPICE. The protocol for the reproduction of the correct information dependant on operating system, bandwidth, application properties and technical or company requirements.  Just as other solutions for desktop delivery, VDI consists of various infrastructure components that assure administration, load balancing, session control and secure access to virtual work stations. Suppliers of complete VDI solutions are VMware and Citrix. Suppliers of Virtual Infrastructure solutions are VMware, Citrix, Parallels and Microsoft.

Bladed workstations

Bladed workstation = “Dedicated  Physical Remote Desktop”

BladePC, a physical professional workstation in a blade enclosure, offers many of the advantages offered by VDI. A BladePC solution consists of hardware as well as software. The hardware consists of a physical professional workstation; the software assures that access to the physical workstation is possible.  The software consists of a minimum of two components: a transmitter and a receiver. The transmitter is installed on the BladePC and the receiver on the client desktop, laptop or ThinClient. The BladePC solution offers, in addition to the VDI advantages, even extra advantages such as:

Access to graphic intensive applications: In combination with HP Remote Graphics Software, this solution provides graphic intensive applications just as fast as the end user would expect.  2D, 3D and multimedia applications are executed centrally on the physical BladePC and reproduced locally on the client workstation via the RGS protocol.

Use of resource intensive applications: Resource intensive applications make full use of the resources present on the physical machine. It is a workstation-class centralized workstation. Performance is maximized through this.

Server Based Computing

Server Based Computing (SBC) = “Shared Remote Desktop”

SBC is a solution for access to desktops or loose applications on terminal servers in a data center. Access to the desktop or application is not bound to a location or end user device and program execution and data processing occur centrally on the terminal servers. The data are saved on a fileserver.  The information appears on the client screen via RDP or ICA. SBC consists of various infrastructure components for administration, load balancing, session control and support.  Some advantages of SBC are the rapid and secure availability of applications, low TCO, location and workstation independent application access.  Suppliers of SBC solutions are, for example, Microsoft, Citrix and Provision Networks.

Client Management

Each professional IT organization will make use of a Client Management solution. Client Management provides, for example, OS deployment, patch management, application and client deployment, asset management, integration with service desk and remote control.  Client management solutions are, for example, Microsoft System Center Configuration Manager (SCCM), RES Wisdom, Altiris Deployment Solution, LANdesk Client Management and Novel ZENworks.

In conclusion

The solutions that are reproduced in the solutions diagram assure that applications and desktops can be offered in various manners and in an effective and dynamic ways.

What is THE best solution? There are various business needs and technical requirements that together determine which solution is the best one for you.

In order to make the correct choice, it is important to know the pros and cons of the various solutions. Workshops are often held for this purpose. In addition to this form of information provision, there are various technical in depth articles written by Ruben Spruijt.

Read More on Ruben Spruijt

For me this was easy, because I think there's one super simple thing that's better than any other advice I've ever received about locking down a Terminal Server. That tip? Remove the "execute" NTFS permission from everywhere except the folders where it's absolutely needed (which is probably only the Windows and Program Files folder). But folders like temp, temporary Internet files, the Outlook saved attachments folder, and the home drives--there is no reason that a user should ever have to execute anything from these folders. And honestly, if you just pull the execute permissions, you almost don't have to worry about anything else. How could users possibly install rogue software if they can't run anything from those locations? (Well, depending on your client drive mapping rules I guess.) How can users even infect a server if they can't execute anything from these locations?

Implementing this is pretty straightforward. The easiest way is to create a path rule with software restriction policies (part of Group Policy in Windows 2003 / 2008). You could also do this via good old-fashioned NTFS permissions, although you have to be careful that users don't have enough permissions in a folder to grant themselves execute permissions if you just remove it.

Besides this, what else do you do to lock down a Terminal Server? Microsoft actually has a great KB article detailing all of the Group Policy settings you can make to lock down Terminal Servers. They also published a fairly decent white paper on this topic a few years back. What other tips and tricks do you have?

Read More on Brian Madden

Gabe,
 
I am a big user of brianmadden.com and wanted to share this with you guys.  You may already know this but I had to spend some time researching the problem because I installed XP SP3 and noticed the issue.
 
If you install SP3 for Windows XP or SP1 for Vista, the switch for connecting to a console via a RDP session apparently changes from /console to /admin.  This means that if you use the /console switch it, it will be ignored and you will only have a regular RDP session.  This also means that the current version of Remote Desktops from the 2003AdminPak and VisionApp v1.5 will no longer allow you to connect to the console even though you check the connect to console check box because they are using the old /console switch behind the scenes.
 
Scenarios for after XP SP3 or Vista SP1 install
 
If you are using….
 
mstsc /console  then start using mstsc /admin
 
Remote Desktops … evidently Server 2008 AdminPak fixes the console check box but I have not tested it yet
 
VisionApp… no fix that I have seen as of yet.

Thanks for the heads up, Brad.  I assume this problem also exists with iShadow and some of the other TS client vendors, but I'm not certain.  Maybe if some of those vendors read this, they can let us know if there's a fix in the works.  We'll talk to visionapp at BriForum next week, for sure.

Also, if anyone knows exactly why Microsoft made this change, I'd love to know.  If nobody knows, I'll ask them at BriForum, too, then report back.

Read More on Gabe Knuth

From the session description:

As more and more users rely on Citrix/Terminal Services for application delivery, extremely fast login times have become more and more of a necessity. Not only does it enhance the user experience it also creates less resistance for porting applications. Between profile creation, policy processing, folder redirection, antivirus software, and “roaming profiles” login times seem to be increasing! Users expect consistent, reliable, and fast login times regardless of server user load.

Attendees will learn:

• Detailed overview of the user login process.
• Various system settings which dramatically decrease login time.
• How to enable User Environment Debugging to trace user login experience to determine bottlenecks.
• Streamline GPO policy processing time.
• Proper antivirus software configuration and other various filter driver tweaks.
• Various redirector and workstation service settings which enhance performance.
• Understanding of how various disk/profile layouts affect login time.
• How to reduce user profile size.
• Demonstrate efficient methods for creating “roaming” user profiles/settings.
• Recommended methods and techniques for folder redirection including Favorites, My Documents, IE history, cookies, and others.
• Monitoring/Reporting on user login/application experience.

Michael will be updating his session once again for this year's BriForum in Chicago to include multi-threaded logons.  Be sure to check out the session description.

To watch the session click here or on the screen shot below.  You can download the PPT that accompanies the presentation here .

Read More on Gabe Knuth

What is sepagoPROFILE?  Simply put, it's a great user profile management tool.  We all know that corrupt profiles are the most common thing in TS and Citrix environments.  With this great utility the problem of user profile corruption is greatly diminished if not resolved altogether.

How does this play into XenApp, XenDesktop, etc.  We will have to wait and see.  Stay tuned for more information coming this week.

Cheers

Read More on Michael Keen

Ever since the RDP 6 / Bear Paw rumors came out five years ago, I've gone back-and-forth as to whether the increased features in Terminal Server will impact Citrix's Presentation Server business. I originally thought Citrix was screwed. Then I didn't. Then I did. Then I wasn't sure. But now that Windows Server 2008 has been released, and now that its Terminal Services capabilities have been used in the field, I feel confident saying that Citrix has nothing to worry about. In other words, I do not feel that the native capabilities of Terminal Services on Windows Server 2008 are a threat to Citrix at all.

I know that several other folks have written about this before (and some of this has even been captured in our automated industry news bot), but I'd like to officially go on record as to specifically why I think Citrix has nothing to worry about.

Terminal Server 2008's interesting features

Citrix and Microsoft have always been in a quasi-competition in this space ever since Microsoft announced the first version of Terminal Server in 1997. Since then each release of Terminal Server has created a new round of fears. And each time Citrix has been able to address those fears and MetaFrame / Presentation Server / XenApp has gotten stronger and stronger.

So when the rumors of RDP 6 started five years ago, Citrix's response was "What's the big deal? This is the same battle that we've been fighting since the beginning of Terminal Server."

But I wasn't so sure about that. Sure, I agreed with Citrix in the past. But if you look at the features that were rumored to be in the Terminal Server plans, they looked scary to Citrix. They certainly looked like they could take away a significant portion of Citrix's low-end market.

There are charts floating around on the Internet that show a very detailed list of every feature that Terminal Server 2008 (and Citrix, for that matter) have. But if you boil away the marketing fat, Terminal Server on Windows Server 2008 has six primary features that could be scary to Citrix:

• TS RemoteApp (a kind of seamless windows / application publishing)
• TS Web Access (a web front end for TS RemoteApps)
• TS Session Broker (a load balancer for incoming RDP sessions)
• TS Gateway (an SSL gateway for RDP)
• TS Easy Print (An XPS-based printing solution)
• Windows System Resource Manager (Performance Management)

This is certainly an impressive list--if you don't take the time to learn about how each of these features actually works. (In other words, according to this list, Citrix is screwed! But according to anyone who's actually used the product, Citrix has nothing to worry about!)

Let's look at each of these six major new features and compare them to what you get with Citrix Presentation Server.

TS RemoteApp

On the surface, TS RemoteApp sounds like Citrix's application publishing. True, they both let you connect to a single application window instead of a full remote desktop. But that's pretty much where the similarities end. With Citrix, you "publish" applications by configuring groups of users who are allowed to access individual apps on the server (or a group of servers), and then the Citrix infrastructure makes sure that the users get access to the shortcuts to start their applications (either via a desktop-integrated solution or a Web Interface).

In pure Terminal Server, you don't "publish" a RemoteApp per se. Instead, you use the RemoteApp wizard to create a custom RDP file for a specific application on a specific Terminal Server. Users can then double-click this RDP file to launch the RemoteApp.

You also have the option to "wrap" that RDP file into an MSI installer package. This installer package doesn't contain the actual app--it just contains the RDP file, the icon, and any file type associations. Users can then "install" the MSI (which is small, typically under 100k) to their Windows desktops. The RemoteApp version of the app shows up in their Add / Remove Programs and on the start menu. Clicking the icon launches the remote seamless instance of the app.

So while the RemoteApp "installation" is cool, it's philosophically different than what Citrix is doing. TS RemoteApp is a method for installing applications locally to workstations, but there's absolutely no management built in. There's no capability in the TS product to deploy these MSI files to users or to decide which users get access to which apps. That's something you'll have to handle externally, like with System Center Configuration Manager (the new name for SMS) or AD Intellimirror or something.

TS Web Access

In saying that TS RemoteApp has no management or deployment built-in, some people suggest, "Sure it does. Just use TS Web Access!" But that's not quite it either. TS Web Access (TWSA) is a very, very basic IIS web site that can provide links to the TS RemoteApp packages on a single server via a web page.

So yes, TSWA is easier than figuring out how to install RemoteApp MSIs on your users workstations. And TSWA is nice because if you add a new RemoteApp to a Terminal Server, it will automatically be available via the web page.

But there are some big drawbacks. The first is that TSWA does not have any kind of user authentication or differentiation. The single TSWA site shows all RemoteApps on a server--you can't show different apps to different users or groups. (Although TSFactory does provide a free tool called TS RemoteApp Filter that lets you specify which users and groups can see which RemoteApps via a TSWA site.)

The other main drawback of TSWA is that Terminal Server on Windows 2008 doesn't have a "farm" concept. When you configure a TSWA site (whether running on IIS on a Terminal Server or on a standalone web server), your RemoteApps all connect back to a single IP address. So if you want to have multiple Terminal Servers supporting connections, you need to configure them in a load balancing group so that they're all available via the same virtual shared IP address. This might not be that big of a deal, but it also means that all your Terminal Servers need to have the same RemoteApps installed and should 100% identical.

TS Session Broker

TS Session Broker is the "load balancer" capability of Windows Server 2008 Terminal Services. It's basically the Session Directory feature of Windows Server 2003 Terminal Services that's been extended to also work when users connect to new sessions. To use the session broker, you install the service and configure all of your servers to be part of the same "farm." (Although Microsoft uses the term "farm" liberally in this case.) Then when an incoming RDP connection is made, the user authenticates to one of the Terminal Servers, and that server then contacts the server running the session broker service to see if that user should be redirected to a different Terminal Server (either because another server has lower load or because the user has an existing session on another server).

Of course this can be a single-point of failure in your environment, so again, you need to build two session brokers and then use Windows Network Load Balancing to create a shared virtual IP address.

The TS Session Broker works well enough, although configuring it is pretty complex. It also has a drawback in that it only balances new connections based on session count, rather than being able to use any other perfmon counters.

TS Gateway

One of the challenges of Terminal Server environments has been ensuring that remote RDP connections are made securely. Windows 2003 Service Pack 1 introduced the capability for RDP sessions to be encrypted with SSL, but unfortunately that was done on a server-by-server basis. This meant that each Terminal Server still needed to be directly accessible from outside the firewall via an FQDN, and each server needed it's own SSL certificate. Citrix solved this problem years ago with their Citrix Secure Gateway (CSG) software-based ICA-over-SSL VPN product. In Windows Server 2008, Microsoft introduced a similar product called TS Gateway.

TS Gateway works well. It's similar to the IIS-based RPC-over-HTTPS technology from Windows 2003 for external Exchange users, except of course TS Gateway is "RDP-over-HTTPS." One of the really cool things about TS Gateway is that it can use Network Access Protection (NAP), a technology from Microsoft that can allow or deny network access based on the health of the client device. (This is similar to Citrix's Smart Access.)

TS Gateway is a nice feature!

TS Easy Print

As anyone who's been in this business more than a week knows, printing in server-based computing environments is a major pain. Microsoft added "fallback" driver support in Windows 2003, allowing users to print to their own local printers without having the model-specific drivers installed on the Terminal Servers. TS Easy Print takes that to the next level, leveraging Microsoft's new XPS printing format. While Easy Print is still based on the single-threaded print spooler and rendering engine on the server (so it more compares with UPD I and II from the older versions of Citrix), it does work well (as long as your client device is running Vista or the soon-to-be-released Windows XP SP3). But this is also a nice feature!

Windows System Resource Manager

Rounding out the list of "big six" new features in Terminal Server on Windows 2008 is the Windows System Resource Manager (WSRM), which is technically not new for Windows Server 2008 (although there are new resource-allocation policies in 2008 for TS sessions). WSRM lets you configure policies that define how many system resources specific processes (and now user sessions) are able to consume. WSRM is not a Terminal Server-specific feature, although if you know what you're doing you can get a lot out of it. (That's an article for another day though.)

Conclusion

Six big new features. TS Gateway and TS Easy Print are pretty cool. Web Access, the Session Broker, and RemoteApp are pretty limited and/or require some serious smarts to make work. And WSRM can be cool but is certainly not for part-time admins. And all of this is for single-server environments only, so as soon as you add a second server to your environment, you need to manually configure everything separately on each server.

This leads to the ultimate question of "When can I use pure Terminal Server, and when do I need a third-party add-on like Citrix?"

Microsoft has specified that pure Terminal Services can be used for "low complexity" environments, and that third-party add-on tools should be used for higher-complexity environments. In some ways this makes sense, and in other ways it's crazy. The low complexity thing makes sense because native Terminal Server 2008 is designed for environments where all your servers are the same, all users have access to all applications, and you load balance based purely on user session counts. And in reality, that probably defines 20 or 30% of all existing Citrix Presentation Server deployments.

But that doesn't mean that Citrix's Presentation Server business is going to instantly drop by 20 or 30%, because in a lot of ways, Terminal Server 2008 is so simple that deploying it in the real world is more complex than deploying Citrix! You want load balancing? Fine, but you have to configure a Session Broker then add Terminal Servers to the group then install NLB then configure a virtual IP address then configure your RemoteApps to point to it then.... Compare that to Citrix where you just install a second server, point it to your existing data store, and your done! (And the same example could be used for RemoteApps or Web Access or Gateway.)

I typically think of "low complexity" scenarios as environments that only have part-time TS admins. (Not that the IT admin is part-time, but that he or she has other IT admin duties and is not dedicated to TS.) And so in this case, I would think these admins need a server-based computing product that is as easy as possible to use, and pure Terminal Server on Windows 2008 sure isn't that! (This is what Citrix Access Essentials, or "Presentation Server Lite" is for.)

I recognize that Citrix Presentation Server is so much more than these six features. Management. ICA performance. Non-Windows clients. Load balancing. Application Publishing. Web Interface. Smart Access. WAN acceleration. I could go on. But in the context of Terminal Server on Windows Server 2008, these are the main things that people will be up against.

Finally, I'd be remiss if I didn't mention Ericom. Ericom has a product called PowerTerm WebConnect that competes against Citrix Presentation Server. Ericom has made the Windows Server 2008 version of their product available completely for free. It's too early to tell whether this will have an impact on the market(since no one is really using Windows Server 2008 Terminal Server yet.

Will Windows 2008 Terminal Server plus the free Ericom give Citrix a run for their money? Probably not in the enterprise space, but this could make things dicey for Citrix Access Essentials in the "low complexity" market.

Read More on Brian Madden

The show continues to grow, with over 4000 attendees this year, and the registration had to be closed 4 weeks early due to space issues.  The exhibit floor was well visited by the crowd.  The isles were (artificially?) small the first day with the reception and with small tables in the isles forcing the crowd to within touching range by vendors in the booths.  This seemed effective in getting attendees to stop in the booths, but it sure made it hard to get around.

In addition to Microsoft, Intel, Dell, HP,  AMD, and  Citrix were present.  Additionally there were a number of vendors for products that add into this space.  There were also a few consultants with booths.  More on some of these booths later.

There were three keynote addresses at the show, one for each of the main days.  The day before and after also had many technical sessions - and I am kicking myself for not staying the extra day at the end because they added a couple of things I would have liked to see. 

Tuesday Keynote

On Tuesday, Bob Muglia, Senior Vice President of Microsoft's Server and Tools Business  was the primary speaker.   Titled, "Dynamic IT: Transforming Management & the Datacenter", Bob once again updated us on the "Dynamic Systems Initiative" (DSI) that he has been talking about for a few years.  This initiative is how Microsoft describes their efforts to help IT manage their systems and major applications.  (See this video from last year for more info on DSI) Microsoft has been building management capabilities for several years now, and will be continuing to do so.  Bob brought out several speakers to help address specific products and run demos.

Michael Kelly, Lead Program Manager for SCCM, demonstrated SCCM 2007 SP1[CHECK].  I noticed two new (at least to me) things in this demo.  First, they are working with partner vendors to help in using SCCM to configure vendor specific settings.  In the demo, he picked a Dell extension called the (Bare Metal) Server Deployment Pack  that you would download from Dell (available "before fall")  that added options for a PowerEdge Server.  This allowed him to create a new server configuration for that hardware that set up the bios for virtualization and enabled a raid-5 array, in addition to the usual OS configuration. (I talked to HP later on to see if they had such a pack.  They do not, but they have a white paper (see www.hp.com/servers/integration/microsoft ) that explains how to make your own based on  their "SmartScript".   Second he demonstrated the Microsoft Deployment Manager, which formerly was known as BDD.  This rename reflects that we are dealing with servers and desktops.  The second new item was that the Deployment Manager now support the optional use of Multicast.  This would allow multiple machine deployments of a common configuration using less bandwidth (but of course you have to be willing to enable multicast in your routers, which a shop large enough to be interested in this feature probably will not enable).

Next up, Rakesh {?}  talked about the new version of System Center Virtual Machine Manager, and he and Bob announced the availability of the Beta today.  The existing VMM supports the older Virtual Server product, but not Hyper-v.  This means that Hyper-v based machines (Hyper-v has a release candidate out but is not yet released) must be individually managed until the new version is released.

In the demo, Microsoft highlighted the multi-vendor support built into SCVMM.  They demonstrated using SCVMM  managing both a Hyper-V  and a VMware ESX cluster.  This included visibility of state and performance parameters.  They also demonstrated  moving a hyper-v based virtual machine from one hyper-v box to another.  Note that the virtual machine was not live, and Bob explained that live migration is coming but will not be in the release.  But they did demonstrate using SCVMM to do a v-motion on the VMware cluster.  With all this talk about being the first vendor with "heterogeneous " support for virtual machine management, it was not lost on me that somehow the word Citrix never came up in this demo.  So Microsoft can manage hyper-v and VMware (but not Xen, today) making the case that you need heterogenious support.  Citrix can manage Xen and Microsoft (I think). Hmm....

Also shown in this demo was the use of powershell to do all of the work.  Rakesh claimed that all of the commands run on the hyper-v servers are viewable and editable as powershell scripts which should allow people to easily develop custom scripts to do things that Microsoft does not supply out of the box.

Also shown, but not well enough explained was a checkbox when defining a server labeled "High Availability Server".  The claim was made that checking that box would automatically do everything needed to add the server to a HA cluster.

Day 2 Keynote

Brad Anderson, General Manager, Management and Services Division, ran the day 2 keynote.  Brad dove down into DSI in a keynote titled "Managing the Dynamic Desktop".  He began with a message here was not unlike that of Citrix - young people entering the workforce have different expectations of how they do things and called it "Extreme Mobility".  But the central core of the message was that we need to think user centric, not pc centric in our thinking.  This is a message that I really resonate with.  To the user, it is all about the user experience - having their "stuff", applications and data.  And this means whatever device or location they happen to be using.

DSI was described with four  core areas: 

• User Focused: " Delivering the right resources to users the right way".
• Unified -virtualized: "Managing the full combinations of all types of virtualization and physical"
• Process-Led/Model Driven: "Capturing Best Practices & Processes though Collective Knowledge"
• Service Enabled: "Guidance on how applications should be architected".

Edwin Yuen, Sr. Product Manager System Center.  Demoed a desktop with OS delivered via SCCM and with virtual applications on Vista. One underappreciated change in Vista is "offline file and folders".  This was used to keep files associated with application use centrally , not unlike "roaming profiles".   Also shown was the same user using Terminal Server to access the same virtual app and files, and then a VDI equivalent (using Xen Desktop), all with a "consistent working experience" . 

SCCM 2007 SP1 will be in May, and the R2 Release Candidate in July.  This will include updated capabilities of the  Asset Matrix  purchase to "Assess, Deploy, and Update from the Desktop to the Datacenter & Beyond".

MDOP 2008 was "announced" for Q3 release (not new news).  This includes Microsoft Application Virtualization (SoftGrid) 4.5, updates to Desktop Recovery, and other component who's name I did not catch.  They stated that MDOP 2007 was the "fastest selling version 1 product in the history of the volume licensing program".  They also stated the intent to make MDOP updates every 6 months in the future (in another session I heard "no less than once a year").

Dave Randall, Program Manager System Center performed demos around Unified-Virtualized.  Primarily highlighted integration of System Center and Intell VPro.  It is kind of like doing RDP into the NIC.  He Talked about having "15 scenarios" out of the box for out of band management.  So in these scenarios, you can manage changes to a powered off PC remotely.  They showed an example of powering off machines not being used.  They showed powering into bios only and making bios changes remotely - a remote control session without booting into the OS. They also talked to  an IDE redirection scenario where you have a bad OS and can boot the PC from another remote disk disk and access PC disk to repair.   Not necessarily new stuff, but integrated right into System Center.

For the Process-Led/Model Driven part of the keynote, the discussion was around driving operational processes based on models.  System Center uses four model types: Configuration, Health, Business Process, IT & Security Policy, Regulator Compliance, Capacity.  Individual products apply to subsets of these four model types.  These models are also extensible, such as Configuration Packs for SCCM, Management Packs and Reporting Packs for SCOM, and Solution Packs for System Center Service Manager (whenever that ships).  "Microsoft Operations Framework V4" was announced as being released to the web today.  This describes the framework in which to produce these packs.

Bill Anderson, Lead Program Manager,  System Center.  Performed NAP demos.   Protection/Quarantine, and remediation were shown.  In this demo, a PC was brought online and NAP checked it out.  The user was immediately notified of non-compliance and put into a quarantined state, then repaired and the user was notified and could access resources.  They also talked to supporting "what if" enforcement policies (i.e. apply a policy that doesn't quarantine to determine how many devices would be effected if  enforcement was turned on.

For the  Service-Enabled section,   they started with a describing of two types of services, "Finished Services" and "Attached Services".  The distinction was clearly lost on the crowd.  "Finished Services", in this sense are services offered  in the web.  Windows Update was stated as the largest existing example (600 million PCs were updated last month).  Also Asset Inventory Services.  "Attached Services" are services that the enterprise houses for lan-attached use. WSUS is the counterpart example to Windows Update;  Asset Intelligence is the other.  Maybe someone understood why this distinction was important?

Neal Myerson, Lead Program Manager System Center, gave a demo of something new.  This was a "live preview", not a product nor announcement yet, called "Attached Knowledge Services".  It is intended to be used to allow a company to ask the question, "how do my operations compare to other companies".  Basically, a company would send SCCM/SCOM data to Microsoft with identifying information stripped out.  A "Finished Service" there would process and present a scorecard to compare how you are doing in relation to other companies.  So , example, you could compare your client up-time stats to others.  You can filter who to compare against by things like industry type or company size.  You can also drill down into another company (without seeing company name) and see what hardware and what software and configuration they are using to achieve their results.    Eventually, Microsoft hopes to have a notification engine added so that Microsoft can advice/alert customers of potential problems based on their configuration when Microsoft sees and/or solves an issue for another customer.  I am sure that some will have issue with sending the data, even scrubbed, but there is potential here for a new kind of collaboration.

The keynote wound down with a display of the System Center roadmap for 2008/2009 releases.  We will have to wait for the slides to be made available, but there was probably nothing new on it that wasn't already known.

And the final teaser in the keynote was a demo was a thumb drive plugged in and giving access to virtualized apps and data.  I think it was Kidaro and SoftGrid, but they really didn't say.

Speaking of Kidaro,

I saw it for the first time here.  While Microsoft doesn't close on the purchase until sometime in May, they are moving forward quickly with plans.  Kidaro sits on top of Virtual PC to create a more seamless user experience.  It provides application shortcuts on the main PC that launches a virtual PC session in the background, runs the app there, and gives the user a seamless window like experience.  Copy/paste between sessions is supported also.  There is a bunch more as well (but also glaring gaps like not having file type associations for those apps taken care of).  Anyway, it will become part of MDOP as well.  There are some interesting licensing challenges on usage of Kidaro for some of the use cases they tout, like contractor PCs and Employee personal notebooks that Microsoft has not figured out yet.

Speaking of MDOP components…

We had an opportunity to see features of the upcoming MAV 4.5 release that have not been publicly seen yet.    In the public Beta we have seen the "Dynamic Suite Composition", which allows two virtualized apps (typically a base app and a plug-in) to be sequenced separately but run in a single virtual environment.  Here, the MSI output choice is native to the sequencer, Sequencer Gui changes try to simplify the process by moving lesser used functions out of the wizards and into editor tabs.  Also, there are some new deployment options.  In addition to RTSP and RTSPS, and MSI, we will be able to use HTTP or HTTPS streaming.  Microsoft stated in one session that initial tests were showing better performance with HTTP than RTSP (which sounds like performance bugs in RTSP to me).  Also, there is a sequencer output option to a file in addition to a sft (you get both the sft and an msi).  This would be distributed through whatever method (file share, thumb drive, etc) and would fill the cache without streaming, as is the case with the current external msi utility.  RC0 will be out "this summer" and release by the end of Q3.

Day 3 Keynote

Debra Chrapaty, Corporate Vice President of Global Foundation Services spoke today.  Her group is responsible for the strategy and delivery of the major infrastructure services within Microsoft, including things like Microsoft Live and Online Services, MSN, Hotmail, and Microsoft Update.  They have over 200 internal services with a minimum of 1000 servers each.  This was an interesting talk (especially for this crowd) about how they do IT from a company with one of the largest infrastructures in the world.  Some of the highlights…

Numbers:

Over 200 internal services that use a minimum of 1000 servers.

Microsoft Live Search: 2 billion queries /month

MSN: 559 unique users, 10 billion+ page views/month

Windows Live:  1 billion+ Authentications/day

Hot Mail:  3.4 billion spam messages/day

Messenger:  8.2 billion text messages/day

Growth  - In the last 5 years GFS has grown

Increase in #Servers 15x (10,000/month added)

Egress Bandwidth  9x

Power 15x

# Data Centers 3x

And this is expected to increase over the next 5 years.

She stated (but asked not to be quoted on this) that they estimate that they are running at an average of 19% utilization today and that by increasing that to 40% by 2011 could save Microsoft $2Billion.

She also talked openly about using Microsoft Technology.  Two years ago they couldn't use Microsoft tools to manage all this and had to roll their own.  But today they are moving to System Center and Virtualization, and will be dog-fooding the pre-beta code a unheard-of scale.  Some examples:

SCOM 2007 pilot now:

1000 production servers

Starting with SP1  RC

Migrating 39,000 MOM 2005 agents next

Expect improvements in scalability

SCCM

Migrating from home-grown tool to SCCM to collect asset info & patch compliance first

Virtualization

Moving some services to Hyper-V with goal of increasing those services to 30% utilization

Vendors

There were plenty of vendors, and if I was really a System Center kind of guy they might have been more interesting.  But here are a few highlights from my tour.

Acresso

This used to be Macrovision [EDIT: Not Marcomedia], the InstallShield guys, but was spun off.  News here is that in addition to generating MSIs they announced last year that they had an option to spit out files compatible with Citrix packages for AIE.  Now they are announcing the same capability for producing SoftGrid SFT files.  They claim it will be out "before SoftGrid 4.5 ships", which should be this summer.  Personally, I think that end-users get too interested in this sort of thing.  Ultimately, the customer has to customize the virtual application and you can't automate that away.  Still, it will be interesting to play with when we can get our hands on it.

SCCM Experts

They have a Self-Service Portal Solution to looks neat.  I asked them if they could handle self-service for SoftGrid apps (since Microsoft dropped the Softricity ZeroTouch) and it turns out that they can.  In essence, when approved they just assign the user in AD.

Splunk

A European based company, they have primarily been in the Linux space but have now added Microsoft capabilities.  They provide "Search Data for IT".  Basically, this product scans things like configuration files, log files, and event manager events, and index them.  This allows an IT admin to do an efficient search against this data.  Unlike a "google" search, this search technology is "time based", meaning that it understands time relationships such as "at this time the configuration file looked like this".

AVICODE

Have a .net monitor product that monitors .net usage at the CLR level.  I like the concept except that it is monitoring for errors instead of performance and can't tell you what to do with the errors.  The CA/Wiley guys on the other side of the hall do this for .Net and Java as well.

Special Operations Software

Quite honestly, I couldn't figure these guys out.  They do something with Group Policy Expansion.

Lakeside Software

A familiar name around Citrix (and briForum) they are present here as their products fit into the landscape.  Nothing really new to report from them.

TriCerat

Another familiar name, also without a new product to show.  But an odd presence as they don't have anything that really ties into any part of System Center.  Still their booth seemed to have plenty of traffic.  When I asked them why they indicated that the Lockdown and Desktop products were of interest to the attendees.

Closing Thoughts

Microsoft has come a long way in the Management Space.  Ultimately, large enterprises using Microsoft Windows are almost forced to invest in System Center someday because otherwise they end up with a clutter of incompatible vendor products.  Not that System Center is complete or completely compatible.  I personally find SCCM and SCOM to be poorly implemented, in that they require way too many resources for the benefit provided.  This is something that can be addressed by Microsoft, but as long as customers continue to ask for more features over improved performance it will not happen.

In a way, it is interesting how Microsoft lumps all forms of virtualization under the "management" banner.  Is virtualization a product or is it just a different means to manage our stuff?  David Greshler had a good line in one session about how with virtualization we are "turning servers into data".  But we will need more than System Center to manage all that data.

Read More on Tim Mangan

This year was no different. Specifically, the Microsoft TS product team asked us "What do we need to do to Terminal Services in the next three-to-five years. How can we improve it? What do we need to focus on?" We MVPs jumped on this opportunity. We set up an email distribution list to share, shape, and discuss our ideas which lead to our presentation.

What's cool is that while a lot of the MVP conference was NDA, our presentation was not. (After all, we MVPs wrote it!) In this article, I'm going to share the elements of the presentation that we gave to Microsoft. (In other words, if the Terminal Server MVPs ran Microsoft, this is what we'd do in the next three-to-five years.)

Before we look at the specifics, I'd like to point out that even though I am the author of this article, all of the Terminal Server MVPs had a hand in shaping its content. And I'd specifically like to call out Tim Mangan and Steve Greenberg (both first-time MVPs!), as they were the two primary folks who put the presentation together.

That said, let's take a look at our world.

Microsoft Terminal Services: our five-year plan (from the Terminal Server MVPs)

We broke our presentation into two pieces:

• The "short term" 1-3 year plan (Windows Server 2008 R2?)
• The "long term" 3-5 year plan (Windows Server 2013?)

The first thing I should point out is that we just made up the terms "Server 2008 R2" and "Server 2013." We have no idea if/when/what these things will be called. We just wanted to point out that we're suggesting two types of changes--short-term tactical things and longer-term strategic stuff.

The 1-to-3 year Terminal Server plan

We feel there are three areas that Microsoft should focus on in the near-term for Terminal Services:

• Get Calista out the door!
• Clarify app / Vista licensing
• Many “little” TS Features

Short term: Calista

Microsoft bought Calista in January. Calista was not a shipping product at the time of the acquisition. But we really, really want this technology to be built into the core RDP protocol that's available from Microsoft. And we want this as soon as possible. (For those who don't know, Calista has the potential to add full multimedia support to RDP. Read the analysis of it here.)

Short term: Licensing

We feel that Microsoft has done a great job with Terminal Server licensing in Windows 2008. So no problems there. But we put "licensing" on our short-term tactical list because there are still a lot of "ecosystem" licensing challenges. Things like Office 2007 on Terminal Server--how is that licensed? And the whole super-confusing VECD thing. So even though these aren't Terminal Server licensing problems per se, they definitely affect the practical usage of Terminal Server in the real world. Maybe there's something the TS team can do to help clarify all of this?

Short Term: Little Featurettes

The last short term goal for Microsoft with regards to Terminal Server should be just to continue to make the Terminal Server features better. It's not even really worth listing everything here since they're listed ad-nauseam elsewhere on the web. (Plus the list is endless. Millions of people want millions of features!)

The 3-to-5+ year Terminal Server strategic plan

We blew through the first part of our presentation in just about five minutes because to us, the 1-to-3 year plan is just "business as usual," and really they don't need us MVPs to feed them the laundry list of "feature-level" improvements.

Instead, we asked Microsoft WHY they were trying to add all these features into the core product? If you look at Windows Server 2008, it has new features like TS RemoteApp, session brokering, TS Gateway, TS Web Access--these are all things that people initially get very excited about. But when you actually dig in to these features, you see that they're so basic that they're not really usable, and what Citrix, Quest, Ericom, and the other third-party companies offer are much, much better.

So why is Microsoft wasting time and energy developing TS features on their slow multi-year product cycle which best case are not even as good as the features that are available by third parties today? How does that help the customer?

Is this what Microsoft should be doing?

To us MVPs, we broke posed this in the form of a question that Microsoft has to answer. We called it "core versus third party." What features should Microsoft add to the core Windows product, and what features should Microsoft leave to third parties?

This question is important to us because in reality, many of the "hard" problems that we've been dealing with for years are still there, even in 2008. So why isn't Microsoft tackling these hard problems that affect 100% of their user base? Why are they wasting time building super basic featurettes that only probably 5% of their customers care about?

So what "hard problems" are we talking about? Things like application integration, user profiles, application-specific user data, application (in)compatibility, and simultaneous user sessions on multiple servers.

Because these problems remain unsolved, today's Terminal Sever-based solutions are never-ending brute force attacks on the problems. We endlessly and haphazardly cobble together solutions including:

• Layering SoftGrid application virtualization on Terminal Server
• Complex configuration for OS/server builds
• Custom scripting for application installation
• Custom scripting for application run-time
• Complex profile management

All of this affects complexity, performance, ease of management, adoption rates, and the general sanity of Terminal Server SEs.

Our Vision

So what do we MVPs think Microsoft should focus on? It's quite simple. Forget making all these lame featurettes and instead focus on the hard problems that have been at the core of our world for the past ten years. We broke the hard problems down into three "specific revolutions" that we'd like to see from Microsoft:

• Virtualization at the session level
• Inherent separation of machine, OS, application, and user data
• Universal presentation virtualization

Virtualization at the session level

When we say that we'd like virtualization at the session level, it's first important to define and understand what a "session" is. In the world of Windows, anytime a user logs onto a system in an interactive way, they have a session. A session includes a shell, a user profile, an HCKU registry hive, user security tokens, etc. Furthermore, a session always runs on a Windows OS, which has drivers, an HKLM registry, program files, etc.

When you logon to your Windows XP laptop, you're running a session. But when you connect to a seamless windows published application through Web Interface, you're running a session on that remote Terminal Server too. (Even though you don't see it, you're running a shell, you have an HKCU registry loaded on that remote system, you have a user profile, etc.)

The problem today is that a user session has too many dependencies on shared system components and configurations. It depends too much on the underlying OS. It depends too much on the applications that are installed on that OS. And it's too tightly tied to the host system, since one “greedy” session can ruin a lot of good ones

So when we say "virtualization at the session level," we'd like Microsoft to properly isolate and protect the user session, whether that's a single user logged into a Vista workstation or one of hundreds of users logged into a Terminal Server. We'd like "SystemGuard-like" behavior at the session level instead of the application level. ("SystemGuard" is the technology that SoftGrid uses to isolate and virtualize applications into their own little bubbles.) And we'd like to have session-level performance controls.

Inherent separation of machine, OS, application, and user data

Continuing the thinking that we began to outline for the previous item, we'd like Microsoft to ensure that all the various "layers" of a session are properly isolated and separated from each other. Think of it like this: Right now, you start with hardware. You install an OS which is "locked" to that hardware. (i.e. you typically can't just drop that installed OS onto a different piece of hardware without problems.) Then you install apps onto that OS, and again, they're locked there. Then users logon and get their profiles and environment set up, but that's again highly dependent on the lower layers.

Machine virtualization (hypervisors and VMMs) do a great job separating the OS install from the underlying hardware. Application virtualization (SoftGrid, Thinstall, Altiris SVS, etc.) do an OK job separating apps from the OS layer, although they don't all work all the time because some apps are too tightly tied to the OS too. (After all, why's an app asking for a reboot?)

And then when you get up to the user layer, the profile problem is just laughable. Again, a lot of this happens because the user profiles are specifically tied to the lower layers (apps and even OS), so it's all very complex.

Instead, if Microsoft was able to ensure that each of these layers was truly self-contained and separated, we could start to do some amazing things. App compatibility would be a thing of the past. We could easily "flow" between multiple sessions on multiple devices, grabbing elements of each layer from wherever we needed them. One user could have multiple instances, multiple session types, and multiple execution locations. (And in fact, something like LUFlogix becomes a reality too.)

Universal presentation virtualization

Finally, we asked Microsoft to create what we termed "universal presentation virtualization." What this means, quite simply, is that we want a consistent application experience--regardless of the app's core technology, regardless of what rendering technology the app uses, and regardless of how it's accessed.

For example, today Vista Aero glass is only available for application / user sessions that are local. You don't get it via RDP. Oh wait, ok, well yes, you can get it through RDP to a VDI solution, just not a TS solution. Well, ok, it only works with VDI solutions based on blades, not based on VMs...

The point is that the experience a user has with an application (the performance, the look and feel, the interface) today is highly dependent on how that application is being delivered. In the future, we want full visual fidelity across all use cases. We want Win32, WPF, Java, Silverlight, AIR, .NET, Gears, etc. apps all look, feel, and behave the same.

So how do we get there?

What we're asking for won't be easy. Microsoft asked us MVPs to suggest some future directions for Terminal Server, and instead we came to them and said "We think you should fundamentally change many core aspects of Windows that have been in place for fifteen years."

The biggest challenge is the fact that even though we presented this to the Terminal Server team, what we're suggesting is much bigger than "just" Terminal Services. It would be a major cross-group initiative that would have to come from much higher up within the organization. And really, it would involve so many different groups, including:

• Terminal services
• Hardware virtualization
• User session
• SoftGrid / app virtualization
• Security
• Kidaro
• Probably more that we’re forgetting here

Can Microsoft do it? Should Microsoft do it? Will Microsoft do it?

Read More on Brian Madden

From the session description:

In this session, Kevin Goodman and Michael Thomason provide an in depth exploration of Citrix Virtual Channels. Included is a comprehensive analysis of the often misunderstood wfshell.exe. As a bonus, the authors will present a fully working virtual channel that can be controlled entirely though scripting. After this session, attendees will be able to write scripts that:

• run when a user logs on or off
• when a user connects or disconnects
• transfer files between the Citrix server and the client and vice versa.
• run applications on the client or collect information on the client based upon events on the server.

To watch the video, click the image below.  To download the supporting files for this session, click here .

If you want to suggest a video for release, check our the session lists from BriForum 2007 Chicago and BriForum 2007 Amsterdam and let me know.

BriForum 2008 Chicago takes place on Navy Pier from June 16-18 and is open for registration right now.

Read More on Gabe Knuth

Application Service Providers  (ASPs) provide customers with a hosted application solution.  Although many may have thought that the ASP market died in 2001, it has managed to hang in there and is surviving if not thriving in some cases.  I have worked with three of them in the last year alone.  Often, these folks have settled on a niche for servicing smaller companies.  Their customers tend to be totally focused on a non-technical business that needs to use some computer technology.  As a result, these customers tend to have less than one full time IP person and do not want to hire one.  So the ASP makes an attractive solution to those kind of customers because they have IT professionals to ensure that the aspects of IT administration (picking the right software, applying best practices on IT administration, ensuring backups happen) are applied to their company.  Ultimately, it is the sharing of the professional IT staff that makes the ASP attractive to the customer.

ASP Today

To be cost effective these ASPs today use Citrix and/or native Terminal Services (TS) so that the hardware and operating system can also be shared. The customer uses a PC on their site and remotely accesses their hosted desktop using the RDP or ICA protocols.  The hosted site, in addition to the hosted desktop provides the applications as well as back-end file stores and databases.   Microsoft also helps enable this market with attractive pricing (Server Provider Licensing Agreement) for things like hosted Office and exchange. 

Complicating the setup is the need to ensure complete security to prevent any possible cross-customer data breech.  Active Directory (AD) is used within the hosting site, even if not in use at the customer site.  The tendency is for the ASP to build a single domain and create an  Organizational Unit for each customer. The ASP often has to add in Application Virtualization to eliminate application conflict.  These application conflicts may be due to application-TS issues (apps that are designed for the single user desktop), application interference (for example dll version conflicts between two applications), or, or Multi-tenancy issues.  

That last one, multi-tenancy, means application issues that arise when you want to host more than one company on the same terminal server.  For example, each customer might use Quick Books and each need to be able to see only their data.  The same goes for SQL or Oracle based applications.

ASP Tomorrow?

I am wondering if a Virtual Desktop Infrastructure (VDI) based approach might also emerge as a solution for this space.  A VDI based solution would use Virtual Machine technology to host a virtual windows image for each user within the customer. To keep things simple and offer the customer a best quality user experience, I imagine that these these windows instances may be personalized by the end user, however they won't be administrators on the windows instance.  The ASP is responsible for maintaining the image and applications so letting the user try to install whatever they want would be a really bad idea.

Using an approach of pooled standard images that are less customizable might be an option, but it wouldn't make much sense to me.  To start with, the ASP would need to build a custom image per customer, with that customers installed applications and configured to the customers back-end resources.  Starting with such an image and then cloning to private images per user within the customer would not be much more work, and yet would vastly improve the user experience.

I can imagine that the existing ASP could offer the customer either option.  In offering both options to the customer, they would be offering either a shared hosted desktop experience, or an individual hosted desktop experience. The VDI desktop should probably be priced at a premium by the customer when compared to a Terminal Server based desktop due to the improved (perceived?) user experience.

From the ASP perspective providing both options , VDI has mostly increased costs for VDI.  Each VDI instance needs a client OS, rather than sharing the TS OS.  Scalability per the hardware will also be lower for VDI.  I have heard other experts on this give factors for this scalability of anywhere from 2.5x1 to 10x1 (meaning that for the same hardware, or at least hardware dollars, you can host N users via Terminal Services for every one user that you could support using VDI).  Additional options like OS streaming and disk differencing might seem attractive as well, but not if they add to the infrastructure costs or make things more complicated.

On the flip side, the ASP should have a much simpler infrastructure with VDI.  For example, Application Virtualization may not be needed for these customers via VDI as all application-TS issues and multi-tenancy issues go away, and the likelihood of multi-application conflicts are greatly reduced.  Even given the extra costs involved, VDI may look very attractive to the ASP because they can implement a considerably simpler solution.  This simplification may lead to ASPs that offer only the VDI solution and dropping TS as an option.

Concluding Thoughts

A VDI based ASP solution might increase the potential customer base for ASPs, but probably not by much.  Until ASPs create a compelling case for companies with IT staff to use their services the market will remain limited.  VDI by itself probably does not make that compelling case.

Read More on Tim Mangan

We got onto this topic because I mentioned that a student in our 5-day Citrix Master class in Ausralia a few weeks ago told of doing the "right" thing. He said that he had taken the time to learn PowerShell and rewrote all of his VBS Citrix login scripts in PowerShell. The result? Login times went from about 2.5 seconds to over 15 seconds per user!

This is because PowerShell requires the .NET Framework. On a Terminal Server, the .NET Framework has to load in every user session. So not only does this produce a login delay as it loads the framework in each session, it is also very inefficient.

As a quick aside, during this conversation, Tim asked, "What? Powershell requires the .NET Framework? Then how does it work on Windows 2008 Server Core? (Since Server Core doesn't support .NET.)"

Benny's response: "It doesn't."

Read More on Brian Madden

In the first session, Joe gives a beginner to intermediate presentation on how to script installs. In this session, you'll learn:

• Why every Administrator/Engineer should learn how to script
• The different types of installers
• Develop a methodology and approach
• Scripting best practices
• How to troubleshoot and pinpoint problems
• In-depth analysis of several installation scripts

In the second session, Joe dives in a little deeper and talks about how to create a flexible scripting framework to tie in all the techniques learned in Part One.

To download the materials used and mentioned in this presentation, click here.

To view the presentations, click the appropriate image below:

Read More on Gabe Knuth

Brian's video takes a deep look at CPU & DLL optimization in a video entitled "Optimizing you Application's CPU & Memory Performance." While these topics are advanced, Brian shows that you can take control of your environment at a deeper level by using Citrix CPU Utilization Managment and Memory Optimization Management.  You'll probably need a propeller hat for it -- topics covered include in-depth PerfMon analysis, DLL rebasing, and getting the most out of Process Explorer.

My video, entitled "User Environment – Profiles and Group Policy", covers best practices for group policies, folder redirection, and profiles. This video is meant to be a starting point that can be used in most environments, and outlines a framework for a scalable design using out-of-the-box methods. There are also short discussions about Group Policy Preferences (included with Vista SP1 and Windows Server 2008) and Flex Profiles.

These videos (and several others) are available at http://www.citrix.com/techvideos

Read More on Gabe Knuth

This guide leads the reader step by step through the process of planning a Windows Server 2008 Terminal Services infrastructure. The guide addresses the fundamental decisions and tasks involved in:

• Deciding what applications are to be delivered by Terminal Services, and whether or not Terminal Services is the right approach to use.
• Determining the resources needed to employ Terminal Services to serve the selected applications.
• Designing the components, layout, security, and connectivity of the Terminal Services infrastructure.

This guide addresses the following decisions and activities that need to occur in preparing for Windows Server 2008 Terminal Services. The 10 steps that follow represent the most critical elements in a well-planned Windows Server 2008 Terminal Services design:

• Step 1: Determine the scope of the presentation virtualization project.
• Step 2: Determine which applications to deliver and how they will be used.
• Step 3: Determine whether Terminal Services can deliver each application.
• Step 4: Categorize users.
• Step 5: Determine the number of terminal server farms.
• Step 6: Map applications and users to farms.
• Step 7: Design the farm.
• Step 8: Determine where to store user data
• Step 9: Size and place the role services for the farm.
• Step 10: Secure the communications.

You can download this great beta document from: http://connect.microsoft.com/default.aspx

Read More on Ruben Spruijt

These are all being recorded, so you can view them any time.

TechNet Webcast: The Significance of the Windows Server 2008 Terminal Services Release to Market (Level 200)
Thursday, November 8, 2007
8:00 A.M.–9:30 A.M. Pacific Time

TechNet Webcast: Windows Server 2008 Terminal Services Session Broker (Level 300)
Tuesday, November 13, 2007
1:00 P.M.–2:30 P.M. Pacific Time

TechNet Webcast: Deploying Remote Programs with Windows Server 2008 Terminal Services (Level 300)
Wednesday, November 14, 2007
8:00 A.M.–9:30 A.M. Pacific Time

TechNet Webcast: Remote Desktop Protocol as a Presentation Remoting Platform (Level 300)
Wednesday, November 14, 2007
1:00 P.M.–2:30 P.M. Pacific Time

TechNet Webcast: Windows Server 2008 Terminal Services RemoteApp and Web Access (Level 300)
Tuesday, November 20, 2007
1:00 P.M.–2:30 P.M. Pacific Time

TechNet Webcast: Developing for Windows Server 2008 Terminal Services (Level 300)
Monday, November 26, 2007
9:30 A.M.–11:00 A.M. Pacific Time

TechNet Webcast: Terminal Services Easy Print (Level 300)
Tuesday, November 27, 2007
11:30 A.M.–1:00 P.M. Pacific Time

TechNet Webcast: Windows Server 2008 Terminal Services Security and Authentication (Level 300)
Wednesday, November 28, 2007
9:30 A.M.–11:00 A.M. Pacific Time

Read More on Brian Madden

The most common of these is a Citrix Published Application which then keeps the user session open on the server until the Disconnect/Terminate timers step in.  The user launches a published application running on the server.  This creates a user session on the terminal server and the primary exe of the application is started.  If this exe starts a child process but does not directly manage it, when the primary exe terminates because the user is through with this application this child process will keep the session open.  This is what you might want if the child process has a visible GUI.  For example if the child process is a mshelp application - the user may have shut down the app as troubleshooting and wants this help page to remain up as (s)he restarts the application.  But many times the child has no GUI.  So the session remains open on the server until the termination timer hits (typically an hour).

With Windows 2008 and RDP published applications there will be the same problem (although with Windows 2008 and either rdp or ica sessions there will be a change that extends the life of the session for a short while anyway, hoping that the user will launch another app.  This will be more like 2 minutes.  I am hoping we can configure that time frame down in the final release).

We also see this problem in Virtualized Applicaitons, such as in SoftGrid and Citrix Streaming for sure, and I suspect Thinstall as well.  Instead of keeping a session open, it would keep the virtual environment open, which is bad enough on a desktop OS - but on a terminal server also manages to keep the user session open.  SoftGrid added a option that will terminate the child processes a couple of years after I wrote this utility to help out.  This is the unabashedly named TERMINATE_CHILDREN=TRUE tag in the OSD.  But we still have need for this app.

LaunchIt (available in the Tools section at www.tmurgent.com ) is a simple exe that takes as an argument the path/name of another exe to launch and monitor.  For example, to launch word the command line would be "LaunchIt.exe msword.exe".  In the case of the user starting a child mshelp process, when msword.exe terminates LaunchIt will terminate the child processes for you.  So you just include LaunchIt on your system (or in your virtual application package) and modify the published command line.

There is also a nice option of using "LaunchIt.exe /v msword.exe" which will detect msword ending and (if there are any child processes) prompt the user about these processes.  The dialog box lists the short name of the exes and process IDs and asks if the user wishes to terminate these as well.  Many times this is the desired approach.

Read More on Tim Mangan

These solutions are covered in this scheme:
- Trusted and Untrusted device scenarios
- Server based Computing (SBC)
- Virtual Deskto pInfrastructure (VDI)
- Bladed workstations
- Desktop / session broker
- Application Streaming and Virtualization
- Operating System (OS) Streaming
- Web Application Acceleration
- Secure Access
The A4 and A3 schemes can be downloaded from:
http://www.virtuall.nl/articles/applicationanddesktopdelivery/PQR_ApplicationAndDesktopDeliverySolutions_A4.jpg
http://www.virtuall.nl/articles/applicationanddesktopdelivery/PQR_ApplicationAndDesktopDeliverySolutions_A3.jpg

When you have comments or surgestions please let me know!

Read More on Ruben Spruijt