Deploying Terminal Services |
After your team is assembled, their first task is to determine what business scenarios Terminal Services will address. Review the business scenarios in this section to help you determine how you can best utilize Terminal Services in your organization. Before you begin to plan your deployment, review the requirements for each business scenario.
Terminal Services Remote Administration enables system administrators with the appropriate permissions to remotely administer each Windows 2000 server over TCP/IP connections.
In this scenario, a system administrator uses features such as Microsoft Management Console (MMC) Domain Manager and directory service administration to remotely administer servers within their own directory domain.
By enabling Terminal Services in Remote Administration mode, server management is extended across forests and into mixed mode domains where there are both Windows 2000 and Microsoft® Windows NT® computers. With Windows Clustering, server management can be extended to cluster servers. If all servers run Windows 2000, Remote Administration can be deployed on every server in an enterprise, allowing direct connection and administration.
Because enabling Terminal Services has little impact on a server, it is recommended you enable Terminal Services on all servers in a forest. In that case, if one server goes down, another server is available. For mixed environments, or where control must be contained, Remote Administration could be deployed on a limited set of servers, such as the domain controllers. Other servers could be administered across the domain using standard management tools. In either case, administration can be run from any platform supporting the Terminal Services client; it does not need to be Windows 2000.
In Remote Administration mode, Terminal Services has two built-in per-server connections that require no special installation and no special licensing.
Figure 16.3 illustrates Remote Administration enabling server management across forests and into a mixed-mode domain.
Figure 16.3 Remote Administration Extends Server Management
Remote Access extends the capabilities of Terminal Services over external TCP/IP connections. The user experience is limited by the characteristics of the weakest link in the connection.
In this scenario, users in a remote office with Terminal Services client software on their computers can access the accounting application on the Terminal server back in your central office. Essential corporate data is accessed with a Remote Access connection over a modem. Because primarily keyboard and display information is being exchanged between the client and the server, the bandwidth requirements are low, providing a great experience even for users over a slow modem link. You can add more applications without increasing the need for more bandwidth, as long as they are not graphically intensive.
Before someone in the branch office can access your network resources, they have to present their credentials and be fully authenticated. You can provide an additional layer of security when routing through a Terminal server to access network resources.
A similar paradigm could be used to allow access to infrequently used, or retired applications or applications in development.
Figure 16.4 illustrates the way employees in a remote office might connect to a corporate office using a TCP/IP connection.
Figure 16.4 Corporate and Remote Offices Linked by TCP/IP Connection
The Application Server mode of Terminal Services is ideally suited for deploying line of business applications, particularly those that are difficult to install or need to be frequently updated.
In this scenario, data entry operators access a line of business application to enter product information into a database. Because the application is on a Terminal server, the data entry operators are working on Windows-based terminals rather than client computers. If a server goes down, client devices can reconnect to another server. Maintaining the data separately from the Terminal servers supports this, and using Network Load Balancing across a group of Terminal servers provides the failover control. If a terminal goes down, it can be replaced with minimal disruption to the data entry operator.
Throughout the organization, departments are organized and security is designed to provide the appropriate access to information and network resources that are required by the tasks each user performs.
Figure 16.5 illustrates the way data entry operators might enter product information into a database using a business application that resides on a Terminal server.
Figure 16.5 Line of Business Applications on Terminal Servers
Central desktop deployment is achieved by loading desktop applications onto a Windows 2000 server with Terminal Services enabled in Application Server mode. Each client computer has a single, small application that enables the emulation of each user's Windows-based desktop. Applications are actually running on the server.
In this scenario, a global enterprise with employees all over the world provides its users with reliable access to production and legacy applications as well as office productivity tools. With Terminal Services enabled on a Windows 2000 server, clients can run a controlled, standardized set of applications even when located remotely, or using legacy hardware. The system security provides the appropriate access rights to clients.
Because the Windows desktop experience is available to all users, developers can create standard Windows-based user interfaces for proprietary applications using tools such as Microsoft® Visual Basic®.
Figure 16.6 illustrates the way an organization can provide global access to applications and tools using Terminal Services.
Figure 16.6 Central Desktop Deployment of Applications and Tools Using Terminal Services
The previous Terminal Services scenarios just presented often overlap. For example, users who access their desktop through a central desktop sometimes also do so using Remote Access over a modem. Before you deploy Terminal Services in your organization, be sure to carefully study the requirements indicated for each scenario in Table 16.1.
Table 16.1 Deployment Requirements
Remote Administration | Remote Access |
Line of Business Application | Central Desktop Deployment | |
---|---|---|---|---|
Licensing | X | X | X | |
License Server | X | X | X | |
Domain Structure | X | X | X | |
Load Balancing | X | X | X | |
Roaming Profiles | X | |||
Local Printing | X | X | X | X |
Security | X | X | X | X |