Deploying Terminal Services |
Before you design your Terminal Services deployment, you must thoroughly understand your current computing environment. For more information about documenting your computing environment, see "Planning for Deployment" in this book. For information specific to Terminal Services deployment, be sure to address the considerations described as follows.
In Windows 2000 domains, the license server must be installed on a domain controller. In workgroups or Windows NT 4.0 domains, you can install the domain license server on any Windows 2000 server. However, if you are planning to migrate from a workgroup or Windows NT domain to a Windows 2000 domain, it is highly recommended you install the license server on the domain controller or on a computer that can be promoted to a domain controller.
Determine if filters have been implemented on the routers or firewalls that would prevent clients from remotely gaining access to a Terminal server. Check to make sure that the Remote Desktop Protocol (RDP) port (port 3389) is not blocked at the firewall and that access to specific corporate segments is not limited to Internet Protocol (IP) or Internetwork Packet Exchange (IPX) network addresses. If these blocks are in place and they prevent remote connections, the team must address them during deployment.
You might want to provide customers or suppliers with access to applications or data; or you might determine that the Internet is the easiest way for end users to gain access to Terminal Services. If you plan to make servers available over the Internet, consider the security implications.
If your organization uses a firewall, determine if it is a packet-level or application-level firewall. Packet-level firewalls are easier to configure for new protocols. If your organization uses an application-level firewall, check to see if the vendor has defined a filter for the RDP; if not, contact the vendor and ask them to create a filter.
Document the method the network uses to connect to the Internet. This helps you determine how much bandwidth is available to Terminal Services. Does the network have a permanent connection? Describe the number and types of lines used to make the connection, such as T1 or Integrated Services Digital Network (ISDN).
RDP supports TCP/IP connections between the Terminal Services client and server. That connection can be through Network and Dial-up Connections, natively on the local LAN, or through a wide area VPN connection. Terminal Services uses whatever IP connection you provide. It is important to consider, however, whether the type of connection you provide is appropriate to the work that is done; and whether the security it provides is appropriate to the data that is transmitted. A single user can dial in over a low bandwidth modem line and realize good performance, but it would not be appropriate to share a 28.8-kilobit line among an active office of 100 people.
Complete a fairly high-level assessment of the current environment, including Windows-based terminals, client computers, green screen terminals, Macintosh computers, UNIX workstations, UNIX X terminals, and larger handheld devices. Instead of attempting to document individual computers, it is sufficient to estimate the numbers and describe division-wide or organization-wide standards. Tasks for performing this assessment include the following:
Green screen terminals cannot be used as Terminal server clients; in some cases you might maintain them for legacy mainframe access, or you might choose to upgrade to Windows-based terminals and have Terminal Services and mainframe access.
Document the applications you intend to deploy to client computers with Terminal Services. Some applications have features that prevent them from working with Terminal Services or cause them to perform poorly. For this reason, you might want to instruct users to install these applications locally where feasible. Specifically, you need to identify the following:
In other cases, applications run but require special installation or execution scripts. Generally, these scripts compensate for issues in the program, like misuse of the registry or lack of multi-user file storage support. Check with the application developer for Terminal Services scripting. For more information about this topic, see the Terminal Services Application Information link on the Web Resources page at http://windows.microsoft.com/windows2000/reskit/webresources.
Custom applications might require modification or supporting scripts if they were not written as multi-user-aware. For more information about creating scripts, see the Terminal Services Creating Installation and Execution Scripts link on the Web Resources page at http://windows.microsoft.com/windows2000/reskit/webresources.
Note
Non-administrative users cannot use Windows Installer technology to install applications on a Terminal server.