Windows 2008 Terminal Services vs. Citrix Presentation Server / XenApp: No contest for Citrix

I do not feel that the native capabilities of Terminal Services on Windows Server 2008 are a threat to Citrix at all.

Flip. Flop. Flip. Flop... Flip!

Ever since the RDP 6 / Bear Paw rumors came out five years ago, I've gone back-and-forth as to whether the increased features in Terminal Server will impact Citrix's Presentation Server business. I originally thought Citrix was screwed. Then I didn't. Then I did. Then I wasn't sure. But now that Windows Server 2008 has been released, and now that its Terminal Services capabilities have been used in the field, I feel confident saying that Citrix has nothing to worry about. In other words, I do not feel that the native capabilities of Terminal Services on Windows Server 2008 are a threat to Citrix at all.

I know that several other folks have written about this before (and some of this has even been captured in our automated industry news bot), but I'd like to officially go on record as to specifically why I think Citrix has nothing to worry about.

Terminal Server 2008's interesting features

Citrix and Microsoft have always been in a quasi-competition in this space ever since Microsoft announced the first version of Terminal Server in 1997. Since then each release of Terminal Server has created a new round of fears. And each time Citrix has been able to address those fears and MetaFrame / Presentation Server / XenApp has gotten stronger and stronger.

So when the rumors of RDP 6 started five years ago, Citrix's response was "What's the big deal? This is the same battle that we've been fighting since the beginning of Terminal Server."

But I wasn't so sure about that. Sure, I agreed with Citrix in the past. But if you look at the features that were rumored to be in the Terminal Server plans, they looked scary to Citrix. They certainly looked like they could take away a significant portion of Citrix's low-end market.

There are charts floating around on the Internet that show a very detailed list of every feature that Terminal Server 2008 (and Citrix, for that matter) have. But if you boil away the marketing fat, Terminal Server on Windows Server 2008 has six primary features that could be scary to Citrix:

  • TS RemoteApp (a kind of seamless windows / application publishing)
  • TS Web Access (a web front end for TS RemoteApps)
  • TS Session Broker (a load balancer for incoming RDP sessions)
  • TS Gateway (an SSL gateway for RDP)
  • TS Easy Print (An XPS-based printing solution)
  • Windows System Resource Manager (Performance Management)

This is certainly an impressive list--if you don't take the time to learn about how each of these features actually works. (In other words, according to this list, Citrix is screwed! But according to anyone who's actually used the product, Citrix has nothing to worry about!)

Let's look at each of these six major new features and compare them to what you get with Citrix Presentation Server.

TS RemoteApp

On the surface, TS RemoteApp sounds like Citrix's application publishing. True, they both let you connect to a single application window instead of a full remote desktop. But that's pretty much where the similarities end. With Citrix, you "publish" applications by configuring groups of users who are allowed to access individual apps on the server (or a group of servers), and then the Citrix infrastructure makes sure that the users get access to the shortcuts to start their applications (either via a desktop-integrated solution or a Web Interface).

In pure Terminal Server, you don't "publish" a RemoteApp per se. Instead, you use the RemoteApp wizard to create a custom RDP file for a specific application on a specific Terminal Server. Users can then double-click this RDP file to launch the RemoteApp.

You also have the option to "wrap" that RDP file into an MSI installer package. This installer package doesn't contain the actual app--it just contains the RDP file, the icon, and any file type associations. Users can then "install" the MSI (which is small, typically under 100k) to their Windows desktops. The RemoteApp version of the app shows up in their Add / Remove Programs and on the start menu. Clicking the icon launches the remote seamless instance of the app.

So while the RemoteApp "installation" is cool, it's philosophically different than what Citrix is doing. TS RemoteApp is a method for installing applications locally to workstations, but there's absolutely no management built in. There's no capability in the TS product to deploy these MSI files to users or to decide which users get access to which apps. That's something you'll have to handle externally, like with System Center Configuration Manager (the new name for SMS) or AD Intellimirror or something.

TS Web Access

In saying that TS RemoteApp has no management or deployment built-in, some people suggest, "Sure it does. Just use TS Web Access!" But that's not quite it either. TS Web Access (TWSA) is a very, very basic IIS web site that can provide links to the TS RemoteApp packages on a single server via a web page.

So yes, TSWA is easier than figuring out how to install RemoteApp MSIs on your users workstations. And TSWA is nice because if you add a new RemoteApp to a Terminal Server, it will automatically be available via the web page.

But there are some big drawbacks. The first is that TSWA does not have any kind of user authentication or differentiation. The single TSWA site shows all RemoteApps on a server--you can't show different apps to different users or groups. (Although TSFactory does provide a free tool called TS RemoteApp Filter that lets you specify which users and groups can see which RemoteApps via a TSWA site.)

The other main drawback of TSWA is that Terminal Server on Windows 2008 doesn't have a "farm" concept. When you configure a TSWA site (whether running on IIS on a Terminal Server or on a standalone web server), your RemoteApps all connect back to a single IP address. So if you want to have multiple Terminal Servers supporting connections, you need to configure them in a load balancing group so that they're all available via the same virtual shared IP address. This might not be that big of a deal, but it also means that all your Terminal Servers need to have the same RemoteApps installed and should 100% identical.

TS Session Broker

TS Session Broker is the "load balancer" capability of Windows Server 2008 Terminal Services. It's basically the Session Directory feature of Windows Server 2003 Terminal Services that's been extended to also work when users connect to new sessions. To use the session broker, you install the service and configure all of your servers to be part of the same "farm." (Although Microsoft uses the term "farm" liberally in this case.) Then when an incoming RDP connection is made, the user authenticates to one of the Terminal Servers, and that server then contacts the server running the session broker service to see if that user should be redirected to a different Terminal Server (either because another server has lower load or because the user has an existing session on another server).

Of course this can be a single-point of failure in your environment, so again, you need to build two session brokers and then use Windows Network Load Balancing to create a shared virtual IP address.

The TS Session Broker works well enough, although configuring it is pretty complex. It also has a drawback in that it only balances new connections based on session count, rather than being able to use any other perfmon counters.

TS Gateway

One of the challenges of Terminal Server environments has been ensuring that remote RDP connections are made securely. Windows 2003 Service Pack 1 introduced the capability for RDP sessions to be encrypted with SSL, but unfortunately that was done on a server-by-server basis. This meant that each Terminal Server still needed to be directly accessible from outside the firewall via an FQDN, and each server needed it's own SSL certificate. Citrix solved this problem years ago with their Citrix Secure Gateway (CSG) software-based ICA-over-SSL VPN product. In Windows Server 2008, Microsoft introduced a similar product called TS Gateway.

TS Gateway works well. It's similar to the IIS-based RPC-over-HTTPS technology from Windows 2003 for external Exchange users, except of course TS Gateway is "RDP-over-HTTPS." One of the really cool things about TS Gateway is that it can use Network Access Protection (NAP), a technology from Microsoft that can allow or deny network access based on the health of the client device. (This is similar to Citrix's Smart Access.)

TS Gateway is a nice feature!

TS Easy Print

As anyone who's been in this business more than a week knows, printing in server-based computing environments is a major pain. Microsoft added "fallback" driver support in Windows 2003, allowing users to print to their own local printers without having the model-specific drivers installed on the Terminal Servers. TS Easy Print takes that to the next level, leveraging Microsoft's new XPS printing format. While Easy Print is still based on the single-threaded print spooler and rendering engine on the server (so it more compares with UPD I and II from the older versions of Citrix), it does work well (as long as your client device is running Vista or the soon-to-be-released Windows XP SP3). But this is also a nice feature!

Windows System Resource Manager

Rounding out the list of "big six" new features in Terminal Server on Windows 2008 is the Windows System Resource Manager (WSRM), which is technically not new for Windows Server 2008 (although there are new resource-allocation policies in 2008 for TS sessions). WSRM lets you configure policies that define how many system resources specific processes (and now user sessions) are able to consume. WSRM is not a Terminal Server-specific feature, although if you know what you're doing you can get a lot out of it. (That's an article for another day though.)


Six big new features. TS Gateway and TS Easy Print are pretty cool. Web Access, the Session Broker, and RemoteApp are pretty limited and/or require some serious smarts to make work. And WSRM can be cool but is certainly not for part-time admins. And all of this is for single-server environments only, so as soon as you add a second server to your environment, you need to manually configure everything separately on each server.

This leads to the ultimate question of "When can I use pure Terminal Server, and when do I need a third-party add-on like Citrix?"

Microsoft has specified that pure Terminal Services can be used for "low complexity" environments, and that third-party add-on tools should be used for higher-complexity environments. In some ways this makes sense, and in other ways it's crazy. The low complexity thing makes sense because native Terminal Server 2008 is designed for environments where all your servers are the same, all users have access to all applications, and you load balance based purely on user session counts. And in reality, that probably defines 20 or 30% of all existing Citrix Presentation Server deployments.

But that doesn't mean that Citrix's Presentation Server business is going to instantly drop by 20 or 30%, because in a lot of ways, Terminal Server 2008 is so simple that deploying it in the real world is more complex than deploying Citrix! You want load balancing? Fine, but you have to configure a Session Broker then add Terminal Servers to the group then install NLB then configure a virtual IP address then configure your RemoteApps to point to it then.... Compare that to Citrix where you just install a second server, point it to your existing data store, and your done! (And the same example could be used for RemoteApps or Web Access or Gateway.)

I typically think of "low complexity" scenarios as environments that only have part-time TS admins. (Not that the IT admin is part-time, but that he or she has other IT admin duties and is not dedicated to TS.) And so in this case, I would think these admins need a server-based computing product that is as easy as possible to use, and pure Terminal Server on Windows 2008 sure isn't that! (This is what Citrix Access Essentials, or "Presentation Server Lite" is for.)

I recognize that Citrix Presentation Server is so much more than these six features. Management. ICA performance. Non-Windows clients. Load balancing. Application Publishing. Web Interface. Smart Access. WAN acceleration. I could go on. But in the context of Terminal Server on Windows Server 2008, these are the main things that people will be up against.

Finally, I'd be remiss if I didn't mention Ericom. Ericom has a product called PowerTerm WebConnect that competes against Citrix Presentation Server. Ericom has made the Windows Server 2008 version of their product available completely for free. It's too early to tell whether this will have an impact on the market(since no one is really using Windows Server 2008 Terminal Server yet.

Will Windows 2008 Terminal Server plus the free Ericom give Citrix a run for their money? Probably not in the enterprise space, but this could make things dicey for Citrix Access Essentials in the "low complexity" market.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Very informative as always. Keep the posts coming, I have learned a great deal from your web-site and articles.Thanks



Great job on netting it out & 'boiling away the marketing fat' always.  Thanks, Brian!

I agree with you on this Brian. These new TS features are nice and probably address the requirements/requests of key MS customers for certain built-in features. Nice effort and a nice set of tools to include with the OS, but not even close to competing with PreXentation Server....

How does Ericom compete against Citrix Presentation Server if no one really uses Ericom products and solutions?  I wouldn't call that "competing", would you?

If I were to play basketball against Kobe Bryant, I'm not sure I would be much competition for Mr. Bryant.

Catch my drift? 

Giving away something for free doesn't necessarily mean you can compete either.  Even if Kobe were to spot me ten points and we were playing to eleven.  :)

Well, I think the only problem with Ericom is that they're a smaller company with a much smaller user base, and I think that is a turn off for a lot of enterprises. But in the SMB space I think that's less of a problem. Personally I've recommended them to a lot of smaller customers with maybe a handful of servers, and now that their product is free, I can't see any reason not to use them?
Looking at Ericom's press releases it appears that Ericom have won many times more vs. Citrix than you would ever win vs. Kobe Bryant

Windows Server 2008 TS is definitely a more viable platform for SMBs than prior releases.

To supplement TS RemoteApp (and for better management capabilities in general), RES Powerfuse Express can be used to provide PNAgent-like centralized management and app publishing to the Desktop and Start Menu. Free for up to 100 users.

As Brian mentioned, using Ericom's PowerTerm WebConnect (another free offering) can extend the usefulness of TS Web Access.

Windows XP SP3 was just released, so TS Easy Print can be used on more than just Vista computers now too.

So the "big 6" as outlined in this article can be made supplemented at no cost to close the gap further.

Having said all that, I can't understand why CAE 2.0 doesn't get more attention!

Why? Because CAE 2.0 is so similar to CPS for most of the functionality that SMBs are looking for at a fraction of the price.

CAE 2.0 includes load balancing, CPU and memory management, WI, CSG, TWAIN redirection, bidirectional audio, SLR, SR, application and content publishing, support for PNAgent, seamless windows, Citrix UPD v3, multi-language support, Citrix policies, load evaluators, shadowing, delegated administration, print management, connection limits, two-factor authentication...

Here's what CAE 2.0 lacks that CPS 4.5 Advanced (the CPS version most SMBs would be looking at) includes:

- Desktop broker
- Virtual IP support
- Active Sync support
- SpeedScreen: Progressive Display, multimedia acceleration, Flash acceleration
- Workspace controls
- Conferencing manager
- Configuration logging
- Report Center

Of these, the only one that SMBs are likely to miss are Progressive Display, multimedia acceleration, and Flash acceleration. Also, CAE 2.0 is limited to a maximum of 75 users and all CPS servers must exist in a single zone. It's also limited to 32-bit Windows platforms.

Extras/Unique benefits of CAE 2.0 (not included in CPS 4.5 Advanced):

- CPU Utilization management
- Virtual memory optimization
- Single Server Integration - all components (CPS, WI, CSG, Data Store) can be run on one box
- Includes a TS User CAL with each license
- Automatic load balancing within server group
- Master server failover

Each Named User license is $250, but that includes a TS User CAL (with SA). That puts the cost of a CAE named license in the $125 range per user!

I hear CAE 3.0 is coming out in Q3 too and is rumoured to include all the SpeedScreen technologies in CPS among other things.


The only really important feature of Citrix that would be extremely useful in the SMB is the speedscreen etc. technologies, which are glaringly missing from Access Essentials. The rest of the "Citrix features" can all be provided by free or low-cost alternatives like Ericom or 2X.


Great article. Comparisons for features are from a very administrative viewpoint which is okay. It would help to see a RDP in WS08 vs. ICA type comparision too. E.g. when you say TS RemoteApp, you completely refer to the TS RemoteApp publishing experience and its complex deployment with missing functionality. How about TS RemoteApp end user experience? How does that compare to Citrix Seamless Windows end user experience?
The combination Server 2008 and PowerFuse 2008 makes the difference, in our situation there is no need for Citrix anymore.

Hi Rob,

What type and size of terminal server implementation do you have there?  i.e. numbers of users, servers, apps, locations, etc. I am looking at this type of thing myself.



I would also like to see a nice write up on the "Free" version of Ericom.  in reading thier page they discuss all the features of Microsoft TS but nothing on WS08.  So are they introducing an addiontional "Free" product that doesn't need to be there.

As for Winning vs. Citrix, I wouldn't brag to much about that, the little guy always wins once and talks about it.  if the big guy wins and talks about that makes them a bully...


I work at Ericom so obviously I cannot review our own product. However I have written a blog post which lists the product's capabilities and limitations that you may find useful. Additional information about it can also be found in this joint Microsoft / Ericom TechNet Webcast.

Also, apparently Microsoft see enough value in our offering that they have linked to it from the Windows Server Terminal Services Home Page:


Why did Dan reply twice?  Once as himself and once as guest?  Come on now, you know you did!  :)

Maybe three times? 

The links are a dead give away and style.

Dan, the marketing machine.

It's nice to see that you are such a fan of my writing that you believe that you can recognize my "distinctive style". But I'm sorry to disappoint you - I only wrote that one post under my own name.
Yeah just to confirm, looking at IP addresses, all of those came from different places.
I'm doing some VERY detailed research right now on ICA versus RDP (and also Net2Display, ALP, TCX, and RGS). This is for a session I'm giving at BriForum. After that I'll have some great data for an article.

I have found this article and the discussions very interesting and useful, but am a little unsure just how valuable the "free" options to Citrix would be for our environment.

We currently run vanilla TS2003, obviously publishing the whole desktop to 400+ users on a "farm" of 10 identical servers. I want to build a new environment of around 15 servers with the ability to publish individual apps instead of the whole desktop, restrict some "badly behaved apps" to a seperate farm and have load balancing and session re-connect capabilities. The cost of Citrix is frighteningly prohibitive and it seems that vanilla TS2008 won't cut it - so is there a solution for my scale or do I have to hand over a wad to Citrix?






How is your research on this progressing. Would be VERY interested in the results



"With Citrix, you "publish" applications by configuring groups of users who are allowed to access individual apps on the server (or a group of servers), and then the Citrix infrastructure makes sure that the users get access to the shortcuts to start their applications (either via a desktop-integrated solution or a Web Interface)."

Maybe these changes was added at a later point, but it is possible to limit access to certaint applications based on group policies.