The fundamental flaws of thin clients

Sorry, I have to get this of my chest. As you might suspect after reading the not-so-subtle title, there is something fundamentally wrong with thin clients.

Sorry, I have to get this of my chest. As you might suspect after reading the not-so-subtle title, there is something fundamentally wrong with thin clients.

Let me be specific here: I am NOT talking about good old trusty SBC (Terminal Server/XenApp) or the hot and sexy VDI as a concept. I'm talking about the actual "desktop appliance" or "access point" or "thin client" itself.

This discussion is not , but now that VDI has made hosted desktops an attractive option again, there's a sort of revival of thin clients in our market space.

Thin clients can be discussed from two angles:

  • , there is the typical Citrix user who's been doing SBC for years already and has been pretty successful with it.
  • Second, there are the organizations venturing into the VDI space who are interested in the power, manageability, and cost advantages of thin clients.

From either perspective (both SBC and VDI), that the only logical choice for the thin clients is not to use typical thin client solutions, whether Linux, Windows CE or Windows XP embedded.

To understand that logic, let's look at the constants we need to deal with in the context of thin-clients:

1. Organizations are required to build a mature and fully automated management infrastructure for PCs and laptops, even when 90% of the clients are “thin.”

The majority of distributed organizations with 1000 desktops or more are often required to support conventional PCs (for rich media editing, 2D/3D design, etc...) and laptops (mobility). This is today’s reality of Enterprise IT. Deploying 100% thin clients is still not feasible in the typical heterogeneous IT environment, even if you're considering all innovations we currently see in remoting protocols from all major vendors.

The problem is that it's not economic to neglect the management aspect of the remaining 10% (or whatever) of devices that are laptops or PCs. You can't ignore patching them just because they're the minority. And manual configuration of PCs and laptops is just too costly in distributed environments, even if you perform only one change every year. So this means that unless you can go 100% thin clients (which I don't think you can), then you have to build a management system for your non-thin clients.

The good news is PC management has matured considerably over the past few years. Building an effective management solution for laptops and PCs is not rocket science anymore.

And by the way, BYOL (Bring your own laptop) doesn't this fix this problem. BYOL is a cool concept, but the majority of organizations still require full management of the desktop/laptop for practical, legal, or security reasons. In most cases BYOL is not an option.

2. When it comes to the support of innovation and new features within remoting protocols such as RDP and ICA (HDX), traditional Windows (XP+) is, by a big margin, the best platform to choose.

All the cool features, especially those which require client-side rendering, are developed for Windows. Quite often such innovations demand the availability of CODECs, the .NET framework, WPF, the Windows USB or printer driver architecture, and more.

The fact is that Linux or Windows CE as a thin client OS seriously lacks the rich media and user experience optimization support we see being developed for the Windows client. This is relevant because any user experience- and performance-related innovations are very important to our end users and ultimately, the acceptance of any SBC and VDI solution.

3. A thin client is not a “fire and forget” solution. Thin clients require a mature deployment and management infrastructure.

Don’t believe me? Talk to all the IT admins who've been supporting thin client for years. They'll tell you from experience that a management infrastructure is required to deploy security fixes, client/application upgrades, root certificates, firmware updates, and configuration changes. Those who don’t probably have a very static IT environment.

In comparison to conventional fat clients, the rate of changes and updates on thin clients is considerably lower. However, one single update already justifies the investment in a management infrastructure, as manual configuration of all your thin-clients is extremely expensive.

The reality of thin devices, regardless of protocol, and even hardware embedded solutions (e.g. “PC-over-IP” devices), is that you need to be able to centrally manage and update them. The minute a bug is discovered, a security fix is required or a configuration change is needed--you need a management infrastructure where you can automate such changes.

4. Windows XP Embedded is not a thin OS at all...

Windows XP Embedded is surely more light weight than conventional Windows, but it's far from thin. Even when the OS is stored on a read-only flash disk, you still need to apply the monthly security updates and virus scanner/firewall updates to ensure the client doesn't become a broadcast station for worms within your network. In practice there are just too many examples of unmanaged XPe devices being the “source of all evil.” Remember Blaster and Sasser?

You could argue that there are a far fewer security updates required for XP Embedded. Unfortunately it's fairly common to use Internet Explorer to provide a web portal front-end to authenticate and access the SBC or VDI desktop. This means that, many of the monthly security updates are also valid and important for Windows XP embedded clients. 

Finally, the reality of XP Embedded management solutions that they're very similar to the management infrastructure for PCs and laptops. These XP embedded management solutions have a lot of the same functionality and share the same complexity.

5. And all these other “little things” that we tend to forget or overlook: 

  • What about the standard vendor lock-in when using thin clients? Or do you want to support five different thin client devices with three different management tools from two different vendors after five years? You have no choice: in contrast with PC hardware, thin client management tools are vendor-dependent.
  • Does the thin client vendor still provide updates for that five year “old” thin-client?
  • How quick is the thin client vendor with making client bug fixes available for your client device when Citrix/Microsoft/VMware releases a version of their client software?
  • Cheap thin clients are clearly much slower when displaying remoting protocols: just compare the protocol display speed performance of Internet Explorer, PowerPoint, PDF and Excel to the protocol display speed performance on entry level PC hardware.
  • Do you need the Full Monty when it comes to remoting protocol and user experience? The high-end thin client will be anything but “cheap”.
  • Are doing VDI and using a non-Windows thin client? A VECD license is your only option. This will cost you $110 (The list price, per year, per “access point.”)

Considering these constants, are we truly aware of what the long term impact of a thin client is? Surely, traditional thin clients can be a very successful when the requirements are low, but when the latest and greatest is required, you have another option.

The solution: a thin PC

A smart client, slim client or thin PC--it's just a name--but this is basically a PC with OEM Windows Professional (XP to 7) configured as a thin client. This thin PC can be easily built on the same image and same deployment infrastructure used for PCs (and laptops). However, in “thin mode” this desktop is automatically logged on with a local generic account which is completely locked-down. In this mode only IE and the client software can be started to authenticate the user and provide access to the SBC/VDI environment. Functionally it's identical to Windows XPe.

Just secure the thin PC the same way we learned with XenApp / Terminal Server and configure software restriction policies (or now applocker with Windows 7) to lock down the machine even further. Additionally, use the free Steady State tool from Microsoft with is specially created for a read-only kiosk mode:

Consider this:

  • Chances are high you already have a deployment and management infrastructure for your PCs and laptops. What is the extra effort is required to also use this infrastructure for thin PCs? Let me rephrase this: if you already (properly) automated desktop deployment/management, how much effort would it cost you to upscale PC management from 100 to 1000 desktops?
  • If you were to switch PC vendors, or when your current vendor introduces a model, you can just continue managing the devices using your existing deployment infrastructure.
  • How expensive is a basic, entry level, slim-line, Windows Professional PC including 3 years support (or even netbooks and Atom-based devices when green IT is important)? Is it more expensive than a high-end XP Embedded client? Isn't it not much faster and far more functional than a high-end Windows XP embedded device? 
  • How good would a 3 year “old” PC perform as a thin PC?
  • Would you use the option to install local client applications such as VoIP?
  • Want to provide all the latest and greatest multimedia and user experience innovations, the latest protocols, and newest client software/codecs/drivers to your end users? How difficult would this be of you can manage the PC the way you want?
  • SA on Windows ($50) and VECD for SA ($23) will total $73 per year if you get SA within 90 days of purchase of a PC with OEM Windows Professional. How does this compare to the going rate for standard VECD license of $110/year for non-Windows clients?

Is the thin PC the only way to go? No, but in many cases it seems the only logical long-term solution, especially when you need to support a heterogonous desktop environment which includes PCs and laptops.

Sure. there are plenty of scenarios and reasons--especially in organizations with no diverse desktop requirements--to go the traditional thin client route. But organizations considering thin clients should at least be aware of the choices now possible. And in many cases the most logical thin client option is actually quite fat.

PS: I got the VECD pricing from this article, feel free improve this information when needed.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Jeroen - You've aggregated many of my thoughts (and sometimes comments) about this topic over the years.  Excellent job putting all of this in such a good form.  I agree with many (if not all) of the things that you've highlighted here.

Great work!



Great article... I echo Shawn's sentiments.  This is why PVS is a better XenDesktop than XenDesktop.  Forget the hosted model, just stream the OS to a local machine.  Leverage the local Hardware for what it's worth and you can still complement it with a XenApp solution.



And I'll ditto that as well.  Looking at the cost of XPe thin clients, I know we can buy full-featured tiny PCs for the same or less money.  And if we stream the OS to them, we don't have to worry about VECD either.


What u talk about is something a lot of Universities have been doing in their computer labs. In my case, we've set up a very basic XP image along with DeepFreeze (similiar to steadystate) and the Softgrid client.

Right now i'm trying to implement that model on Staff machines, but that gets a bit trickier.


Nice Job Jeroen!!

This echos my conclusions precisely ,and, this is exactly what I have been preaching to our clients for some time now. The only thing I might add is that there are still cases that are good for true "thin client" devices, but they are very specific environments in which the daily tasks are repetitive in nature and rich media is not important, i.e. call centers, factories, etc.  In most cases a thinned down managed PC is the better solution overall.



Hi,  what about using Sunray thin clients?  I echo the views in here and hence our strategy to support Sunray only as it is effectively remove ALL admin for the user perspective as far as patches, anti virus and management is concerned.  My biggest gripe with any thin client being XPe, CE, or whatever is that you end up with 2 windows OS's and in most cases now have 2 windows NETBIOS names on the network with possibly antivirus, patch management and device management software ontop of that of the VDI session in the data centre.  Sunray sucks as far as graphics (HDX or EOP) equivalent, USB and sound support is concerned but I guess in environments where there is no need for this it is OK.  With the new beta release of SRSS 5 it is getting better but still very far off compared to accessing rich media from a windows platform.



@Mike Stanley - Streaming to PCs does require a VECD license.  This changed back in September.  Take a look at the VECD website for details.

I enjoyed reading the post and like others have commented, this topic comes up a lot with my customers and it always ends up being a mixed deployment.  Nice job Jeroen!!



Great article!  We came to the same conslusions a couple of years ago... lock down a PC, use it as a "thin" client and access the centralized apps that way.  It has provided a significantly better end-user experience and is far more flexible should our needs change (and you can pretty much guarantee they will!).


@Matt Lesak - I've checked out the VECD website and read through both the PDFs they have there and can't find any mention of OS Streaming requiring VECD.

If it does, that stinks, and may not be clear to everybody considering I sat in a room full of Citrix consultants and engineers last week and when this subject came up the consensus was that while hosted desktops would naturally require VECD, OS Streaming, just as naturally, would not.

Do you have a direct link to that info?  I've found a couple of people commenting on it via Google but no first hand info.


This article complements what I wrote, "What is going on with Thin Clients?", When you add the price to the mix they become very hard to justify, even if the vendor tells you it is all about the management tools and end user experience. If that is indeed the case, these are very expensive justifications!

Well said Jeroen.


We call them "Thin-Workstations" and are using them in our H2O concept for a couple off years now ;-)

In combination with the RES Workspace extender you also have the option to launch localy installed (or virtual) programs within you remote session.



Nice writeup.All I can say is: Amen, brotha!


@Mike Stanley - I hear you and believe me, it's never official until you get the answer from your Microsoft rep.  Here are two links that should help clarify.



@Matt Lesak - Thanks, I appreciate you taking the time to point me in the right direction.

Still doesn't 100% make sense to me - not sure what difference it makes where the disk I'm running my OS from is, when compared with an actual "virtual machine" but mine is not to wonder why, I guess.

At least our pricing on things like VECD are significantly cheaper than retail.


Good article. I'll add that MS not providing a replacement option for WinFLP which is essentially XP stripped down without all the hassle of Embedded XP is a major problem. MS are screwing the industry by not enabling this. Instead we end yup with a heavier Win 7 option for no good reason. Why won't MS do this when XP has it? Clearly they don't understand VDI use cases, even if they want to slow it down to try to screw the world with device based licenses.  Sure people could go to Linux, but the ICA client is not as good on Linux.

100% agree thin clients lock you into hardware. Wyse and their loud mouth CEO amaze me how much traction they get spreading their BS and how so many people fall for it. The protocols tricks they pulled at VM World were a joke.

If I was going to do something thinner. I'd rather look for a real gain. Go look at DeviceVM/Splashtop or Phoenix/Hyperspace for instant on appliances. I'd also consider things like Pano Logic zero clients for no OS footprint in simple environments who are not so worried about latency.

Ultimately client side hypervisors I believe will also negate the need for thin clients. Having those hypervisors just gives you so much more flexibility. What will loud mouth CEO from Wyse do then?


Greate article spot on.


I assume you are using a thawspace, and redirecting the app v global cache here. So only the first student cops the FB1 load?


Nice articly but I wouldn't only use Windows as the Operating system of choice because of management, deployment and many other issues. Browser hijacking/malware/viruses being one example. Often Linux or/and Windows XPe are the better choice.

Over here at LISCON we share a lot of your thoughts since years.

LISCON OS is based on Ubuntu LTS, therefore drivers for new or other clients than our own as well as new software/connection brokers etc can be implemented quite fast and easily. We even offer LISCON Os for reusing PCs - e.g. if more desktop power is needed.

If Windows is needed you can use XPe with our Agent.

And everything is manageable and deployable with our Management Console - these aspects solve many of the problems you mentioned.

This - our approach - is very different to companies like Wyse and Igel, because they are more based on the hardware creation field I guess.


I'm just wondering why Citrix just doesn't develop a better ICA client for Linux. You just can't get a better access operating system. Linux is inherently more secure, lightweight and cheaper.

Look at the current advances in mobile computing evolution: both Android and Maemo are fairly new operating systems which are quicky gaining momentum. But they're not just mobile OSes, they're really closing the gap between mobility and a full-fledged desktop experience - at least that where it's heading. So there's a lot of potential over there, and it's all Linux.

But why is it so easy to manage a Windows environment? Not because Windows has more or better standards, Windows IS a standard. Windows in the common denominator on all desktops and if you can manage THAT, you can manage all. But add some Mac's and you have a problem too.

Unfortunately Linux is not that uniform. There are so many different distributions and of course this affects Thin Clients too; each vendor has it's own flavor

But then again I believe more in fixing the root problem:

- Getting a universal management tool for Linux (Thin Client OS's)

- Getting better remote display clients for Linux

Jeroen's solution is ok, and what's more important it's possible to do it TODAY. But then again it's just a workaround for a pain which is solvable but might need some minds to re-align.


@Christian - The problem with Linux today as a thin client OS is that many of the feature richness things in XA/XD and other SBC/VDI technologies relies on Win32 being the client platform.  Multimedia Redirection, USB redirection, good multimonitor, universal print, etc.  They are all geared towards Win32.  If you wanted a Linux OS you might as well buy a thin client because you're going to be restricted in much the same way.



@shawn yes you're absolutely right, that's the only reason why we are having an Agent for our management console for xpe. Some things can be done well with LINUX, but of course much is only developed for xp and certain products which are working great under windows are extremely buggy with Linux. In my experience a lot of customers are not willing to pay extra windows licences for certain features, sometimes they have to ..



While I don't agree with everything in the article (just because you can't get ride of all PCs is no reason not to get rid of as many as you can) I am opposed to the complexity inherent in most "thin client" solutions.  [Warning - shameless plug]  That is exactly why our company developed ThinManager in 1999.  Our market is primarily industrial, but thin clients that recognize our software are completely thin, built on a Linux OS that is download each time the client boots.  We still support (and a number of customers are still running) thin client hardware sold in 1999, and no matter the manufacturer, if it has our BIOS boot every client is a drop in replacement for every other.  ThinManager monitors and configures all these clients along with the Terminal Servers and user network under one umbrella and will transfer the full configuration of a previous thin client to a new one.  The network boot not only takes less time than traditional CD or Embedded XP boots and it assures that all clients have an identical copy of the latest OS.


Hi Jeroen,

Good article. It's nice to see that we still share the same TC views just like when we used to share the same coffee machine ;-)

Almost two years ago I wrote an article for Brian that talks about the exact same "thin client problem" (it's here:  So, on the other hand, it is disturbing to see that nothing much has changed.

There are just two things that I would like to add as context:

1) Part of the problem is due to the fact that Windows XPe based TCs are the best choice yet require relatively more management. This is why you should take a good look at SW vendors that heavily invest in Linux Clients for this reason.

2) In an ideal world, everybody would be serviced by a premium application delivery consultancy company and as a result would have a decent desktop management system in place (this is in reply to "Organizations are required to build a mature and fully automated management infrastructure for PCs and laptops, even when 90% of the clients are “thin.”). In the real world the fact can be that customers have nothing but a mess. Introducing a TC solution with SBC/VDI would give them easy and professional deployment for that 80% of their workplaces. The management of the other 20% still sucks but the customers is still 80% better of. I am not saying this is the best solution I am just saying that this does happen and also to 1000+ seat deployments and they are often pretty happy with it.


If end users in the IT industry would grow a backbone, maybe the Linux solutions wouldn't be second-class citizens.  We all need to _push_ our vendors for alternative solutions.

If we think in the abstract, Linux is a better solution for all the reasons mentioned.  Jeroen is a professional and his article has many good points, but his empoyer is a Windows only solutions provider, so the mindset is obvious.

Linux does need improved support from some protocol vendors. Quest vWorkspace has made significant strides in this area.  It's client software is approaching feature equivalency between Windows and Linux.  I'm sure a few other vendors have done similarly.

If your protocol vendor doesn't provide equivalent support for alternative solutions like Linux, it's most likely your fault.  After all, your the consumer and make the purchasing decisions.

Rodd Ahrenstorff


"Jeroen is a professional and his article has many good points, but his empoyer is a Windows only solutions provider, so the mindset is obvious."

@ Rodd: the article is based on the 10 years of personal experience with thin clients. My company Login Consultants has been specialized in SBC with thin clients since the beginning. We do not sell soft- or hardware. All I can say is: my mindset is the opposite of the obvious. ;-)


Hi Jeroen,

My comments on your article don't seem to have been posted.  Do I need to resubmit them?


David from Wyse


David, I am just a "user" of this blog, I do not control or moderate comments. I assume something went wrong. But your opninion is more than welcome, so please post your comments again. I think it is good for the discussion, there are now to many people agreeing in here :-).



A good article in that you've highlighted a lot of the issues, but I have to disagree with a lot of your comments and your recommended approach.  You might expect this as I work for Wyse, but working for Wyse gives direct access to thousands of customers and its their input that is driving our development and solutions.

In answer to your points:

1) Until a good offline solution is available, I don't see any organisations getting to 100% virtualized/thin; but many are not far away.  As you say, this will leave some PCs, but haven't you already got a management tool for those?  Removing the support overhead (and management software licence costs) for 80% or more of your desktops has a big impact - on IT's ability to respond fast to the business, and on cost.

BYOL - I'm with you on this - nice concept but it brings support issues that you wouldn't want to have.

2) XP+ to support the cool features?  Wyse introduced client-side rendering 2 years ago, and that was on our ultra-thin, management-free Thin OS.  Since then we've added real-time USB devices, virtualized VOIP and more , but all still available on thin OS.  Your comment on user-experience is right, but this doesn't mean it has to be XP.

3) Sometimes there are good reasons why you would need CE, Linux or XPe; and these will require some managing, but our most popular thin client OS is Thin OS, which doesn't; instead it picks up its configuration and OS updates from a central directory.  So you will save on management software for most devices, but maybe not all.

4) XPe is not that thin - agreed, but its still far more secure and easier to manage than a PC. There are times when you need it, but at the risk of repeating myself - many when you do not.

5) I don't want to turn this into War & Peace, so I'll be quick on these:

- Do your homework so you are not jumping from vendor to vendor - it just doesn't make sense.  Of course you could stick with PC management software - but aren't you trying to simplify the infrastructure?

- Good thin client vendors are used to having products in the field for 5-10 years, and reflect that in support

- As before - do your homework - check the client software is kept up to date

- Thin clients don't have to be slow. Good hardware and the right OS will out perform a PC when running the display protocol

- Agreed, not everyone needs the Full Monty, so deploy the right thin client to the right user group - one size doesn't have to fit all

- Even with VECD included, the cost saving makes sense and delivers a fast ROI.

Thin PCs - Agreed that there are times when it makes sense to lock down a PC, but not as a long term strategy. Along with your PC hardware, you will keep:

- ongoing PC management software licences

- 10x the power consumption of a thin client

- reliability that's linked to disks and fans

- desktop devices that need building, rather than thin clients than can just be plugged-in and will self-configure.

...and the user experience won't be any better either.


Great article Jeroen!

You articulated my experience with thin clients as well.  I have read this article several times and each time I try to look at each flaw from a different perspective.

One key statement that jumped out at me recently was this:

"Surely, traditional thin clients can be a very successful when the requirements are low"

Successful when the requirements are low… Last year I performed some work for a client who had a mixture of Wyse, Neoware & HP thin clients and of course the traditional PCs. No mgmt solution for any of them (75 users).  During the initial discovery I realized that 70% of the gen pop fit in this “low requirement” use case. The other 30% had varied degrees of requirement complexity that I handled later on.  Long story short, thin clients have been very successful. A homogenous TC environment with one mgmt console, one protocol, one OS, and one connection point (Citrix).  

This is not the real world though, especially when dealing with the Enterprise.

I am still thinking about the thin PC. I have done a variation of this concept for shared environments using steady state and DeepFreeze. I haven’t made up my mind yet.. more to follow : - )


@Brian & Gabe

May we have a better post editor please? ;-)


Unfortunately, Microsoft did not implement support for SteadyState in Windows 7 and from what I can tell, they have no plans to do so at this time. Perhaps it's best to wait for Windows 7 embedded, expected in second half of 2010...


It sounds like a number of these issues could be resolved using a client hypervisor.  The PC management issue is definitely taken care of, deployment, image management, patching and security are all set.  Hardware becomes a non issue.  With a dual boot option from a client hypervisor the BYOPC initiative can become a reality for companies booting the corporate OS as a VM