Remote Desktop Service, formerly known as Terminal Services, is one of the components of Microsoft Windows (both server and client versions) (SONY VAIO VGN-FZ31E Battery) that allows a user to access applications and data on a remote computer over a network, using the Remote Desktop Protocol(RDP). Terminal Services is Microsoft's implementation of thin-client terminal server computing(Sony Vaio VGN-FZ31S battery), where Windows applications, or even the entire desktop of the computer running terminal services, are made accessible to a remote client machine(SONY VAIO VGN-FZ31z Battery). The client can either be a fully-fledged computer, running any operating system as long as the terminal services protocol is supported, or a barebone machine powerful enough to support the protocol (such as Windows FLP). With terminal services, only the user interface of an application is presented at the client(SONY VAIO VGN-FZ38M Battery). Any input to it is redirected over the network to the server, where all application execution takes place. This is in contrast toappstreaming systems, like Microsoft Application Virtualization, in which the applications, while still stored on a centralized server(SONY VAIO VGN-FZ210CE Battery), are streamed to the client on-demand and then executed on the client machine. Microsoft changed the name from Terminal Services to Remote Desktop Services with the release of Windows Server 2008 R2 in October 2009. RemoteFX is being added to Remote Desktop Services as part of Windows Server 2008 R2 SP1(SONY VAIO VGN-FZ160 Battery).
Overview
Terminal Services was first introduced in Windows NT 4.0 Terminal Server Edition. It was significantly improved for Windows 2000and Windows Server 2003. All versions of Windows XP, except Home edition, also include a Remote Desktop server(SONY VAIO VGN-FZ21 Battery). Both the underlying protocol as well as the service was again overhauled for Windows Vista and Windows Server 2008. Windows includes two client applications which utilize terminal services(SONY VAIO VGN-FZ410 Battery): the first, Remote Assistance is available in all versions of Windows XP and successors and allows one user to assist another user. The second, Remote Desktop, allows a user to log in to a remote system and access the desktop(SONY VAIO VGN-FZ21m Battery), applications and data on the system as well as control it remotely. However, this is only available in certain Windows editions. These are Windows NT Terminal Server; subsequent Windows server editions, Windows XP Professional(SONY VAIO VGN-FZ18m Battery), and Windows Vista Business, Enterprise and Ultimate. In the client versions of Windows, Terminal Services supports only one logged in user at a time, whereas in the server operating systems, concurrent remote sessions are allowed(SONY VAIO VGN-FZ11m Battery).
Microsoft provides the client software Remote Desktop Connection (formerly called Terminal Services Client), available for most 32-bitversions of Windows, including Windows Mobile, and Apple's Mac OS X, that allows a user to connect to a server running Terminal Services(SONY VAIO VGN-FZ11z Battery). On Windows, both Terminal Services client and Remote Desktop Protocol (RDP) use TCP port 3389 by default, which is editable[4] in theWindows registry. It also includes an ActiveX control to embed the functionality in other applications or even a web page(SONY VAIO VGN-FZ11l Battery). A Windows CE version of the client software is also available. Server versions of Windows OSs also include the Remote Desktop for Administration client (a special mode of the Remote Desktop Connection client), which allows remote connection to the traditional session 0 console of the server(SONY VAIO VGN-FZ140E Battery). In Windows Vista and later this session is reserved for services, and users always log onto session >0. The server functionality is provided by the Terminal Servercomponent, which is able to handle Remote Assistance(SONY VAIO VGN-FZ260E Battery), Remote Desktop as well as the Remote Administration clients. Third-party developers have created client software for other platforms, including the open source rdesktop client for common Unixplatforms(SONY VAIO VGN-FZ150E Battery).
For an enterprise, Terminal Services allows IT departments to install applications on a central server. For example, instead of deploying database or accounting software on all desktops(SONY VAIO VGN-FZ190 Battery), the applications can simply be installed on a server and remote users can log on and use them via the Internet. This centralization makes upgrading, troubleshooting, and software management much easier. As long as employees have Remote Desktop software(SONY VAIO VGN-FZ460E Battery), they will be able to use enterprise software. Terminal Services can also integrate with Windows authentication systems to prevent unauthorized users from accessing the applications or data(SONY VAIO VGN-FZ280E Battery).
Microsoft has a long-standing agreement with Citrix to facilitate sharing of technologies and patent licensing between Microsoft Terminal Services and Citrix XenApp (formerly Citrix MetaFrame and Citrix Presentation Server) (SONY VAIO VGN-FZ440N Battery). In this arrangement, Citrix has access to key source code for the Windows platform enabling their developers to improve the security and performance of the Terminal Services platform. In late December, 2004 the two companies announced a five-year renewal of this arrangement to cover Windows Vista(SONY VAIO VGN-FZ32 Battery).
Architecture
The server component of Remote Desktop Services is Terminal Server (termdd.sys), which listens on TCP port 3389. When an RDP client connects to this port, it is tagged with a unique SessionID and associated with a freshly spawned console session (Session 0, keyboard, mouse and character mode UI only) (sony vgp-bpl9 battery). The login subsystem (winlogon.exe) and the GDI graphics subsystem is then initiated, which handles the job of authenticating the user and presenting the GUI. These executables are loaded in a new session, rather than the console session(SONY vgp-bps9 battery). When creating the new session, the graphics and keyboard/mouse device drivers are replaced with RDP-specific drivers: RdpDD.sys and RdpWD.sys(SONY VAIO VGN-FZ11S Battery). The RdpDD.sys is the device driver and it captures the UI rendering calls into a format that is transmittable over RDP.RdpWD.sys acts as keyboard and mouse driver; it receives keyboard and mouse input over the TCP connection and presents them as keyboard or mouse inputs(SONY VAIO VGN-FZ Battery). It also allows creation of virtual channels, which allow other devices, such as disc, audio, printers, and COM ports to be redirected, i.e., the channels act as replacement for these devices(SONY VGP-BPS8 battery). The channels connect to the client over the TCP connection; as the channels are accessed for data, the client is informed of the request, which is then transferred over the TCP connection to the application(Sony Vaio VGN-FZ battery). This entire procedure is done by the terminal server and the client, with the RDP protocol mediating the correct transfer, and is entirely transparent to the applications. RDP communications are encrypted using 128-bit RC4 encryption(Sony VGP-BPS8 battery). Windows Server 2003 onwards, it can use a FIPS 140 compliant encryption schemes.
Once a client initiates a connection and is informed of a successful invocation of the terminal services stack at the server, it loads up the device as well as the keyboard/mouse drivers. The UI data received over RDP is decoded and rendered as UI(Sony VGP-BPL9 battery), whereas the keyboard and mouse inputs to the Window hosting the UI is intercepted by the drivers, and transmitted over RDP to the server. It also creates the other virtual channels and sets up the redirection(Sony VGP-BPS9 battery). RDP communication can be encrypted; using either low, medium or high encryption. With low encryption, user input (outgoing data) is encrypted using a weak (40-bit RC4) cipher. With medium encryption(Sony VGP-BPL11 battery), UI packets (incoming data) are encrypted using this weak cipher as well. With high encryption, the cipher is changed to an unspecified 128-bit one.
Terminal Server
Terminal Server is the server component of Terminal services. It handles the job of authenticating clients, as well as making the applications available remotely(Sony VGP-BPL15 battery). It is also entrusted with the job of restricting the clients according to the level of access they have. The Terminal Server respects the configured software restriction policies, so as to restrict the availability of certain software to only a certain group of users(Sony VGN-FZ460E battery). The remote session information is stored in specialized directories, called Session Directory which is stored at the server. Session directories are used to store state information about a session, and can be used to resume interrupted sessions. The terminal server also has to manage these directories. Terminal Servers can be used in a cluster as well(Sony VGP-BPS11 battery).
In Windows Server 2008, it has been significantly overhauled. While logging in, if the user logged on to the local system using a Windows Server Domain account, the credentials from the same sign-on can be used to authenticate the remote session(SONY VAIO VGN-FZ4000 Battery). However, this requires Windows Server 2008 to be the terminal server OS, while the client OS is limited to Windows Server 2008, Windows Vista and Windows 7. In addition, the terminal server can provide access to only a single program, rather than the entire desktop, by means of a feature named RemoteApp(Sony VGP-BPS10 battery). Terminal Services Web Access (TS Web Access) makes a RemoteApp session invocable from the web browser. It includes the TS Web Access Web Part control which maintains the list of RemoteApps deployed on the server and keeps the list up to date(Sony VGP-BPS13 battery). Terminal Server can also integrate with Windows System Resource Manager to throttle resource usage of remote applications.
Terminal Server is managed by the Terminal Server Manager Microsoft Management Console snap-in(Sony VGP-BPS2 battery). It can be used to configure the sign in requirements, as well as to enforce a single instance of remote session. It can also be configured by using Group Policy or Windows Management Instrumentation. It is, however, not available in client versions of Windows OS(Sony Vaio VGN-FZ21M battery ), where the server is pre-configured to allow only one session and enforce the rights of the user account on the remote session, without any customization.
Terminal Services Gateway
The Terminal Services Gateway service component, also known as TS Gateway, can tunnel the Remote Desktop Protocol session using a HTTPS channel(Sony VGN-FZ150E battery). This increases the security of Remote Desktop Services by encapsulating the session with Transport Layer Security (TLS) This also allows the option to use Internet Explorer as the RDP client(Sony VGN-FZ15 battery).
This feature was introduced in the Windows Server 2008 and Windows Home Server products.
Important to note at the time of writing (Nov 2010), there are no Mac OS or Linux clients that support connecting through a Terminal Services Gateway(Sony VGN-FZ15L battery).
Remote Desktop Connection
Remote Desktop Connection (RDC, also called Remote Desktop, formerly known as Microsoft Terminal Service Client, or mstsc) is the client application for Remote Desktop Services. It allows a user to remotely log in to a networked computer running the terminal services server. RDC presents the desktop interface of the remote system(Sony Vaio VGN-FZ18M battery), as if it were accessed locally. With version 6.0, if the Desktop Experiencecomponent is plugged into the remote server, the chrome of the applications will resemble the local applications, rather than the remote one(Sony VGN-FZ15T battery). In this scenario, the remote applications will use the Aero theme if a Windows Vistamachine running Aero is connected to the server. Later versions of the protocol also support rendering the UI in full 24 bit color, as well as resource redirection for printers, COM ports, disk drives, mice and keyboards(Sony VGN-FZ480E battery). With resource redirection, remote applications are able to use the resources of the local computer. Audio is also redirected, so that any sounds generated by a remote application are played back at the client system(Sony VGN-FZ61B battery). In addition to regular username/password for authorizing for the remote session, RDC also supports using smart cards for authorization With RDC 6.0, the resolution of a remote session can be set independently of the settings at the remote computer(Sony VGN-FZ31E battery). In addition, a remote session can also span multiple monitors at the client system, independent of the multi-monitor settings at the server. It also prioritizes UI data as well as keyboard and mouse inputs over print jobs or file transfers so as to make the applications more responsive(Sony VGN-FZ340E battery). It also redirects plug and play devices such as cameras, portable music players, and scanners, so that input from these devices can be used by the remote applications as well. RDC can also be used to connect to WMC remote sessions; however(Sony VGN-FZ180E battery), since WMC does not stream video using Remote Desktop Protocol, only the applications can be viewed this way, not any media. RDC can also be used to connect to computers, which are exposed via Windows Home Server RDP Gateway over the Internet(Sony VGN-FZ18E battery). RDC can be used to reboot the remote computer with the CTRL-ALT-END key combination.
RemoteApp
RemoteApp (or TS RemoteApp) is a special mode of Remote Desktop Services, available only in Remote Desktop Connection 6.1 and above (Sony VGP-BPL4 battery) (with Windows Server 2008 being the RemoteApp server), where a remote session connects to a specific application only, rather than the entire Windows desktop. The RDP 6.1 client ships with Windows XP SP3, KB952155 for Windows XP SP2 users(Sony VGN-FZ160E battery), Windows Vista SP1 and Windows Server 2008. The UI for the RemoteApp is rendered in a window over the local desktop, and is managed like any other window for local applications. The end result of this is that remote applications behave largely like local applications(Sony VGN-FZ15M battery). The task of establishing the remote session, as well as redirecting local resources to the remote application, is transparent to the end user. Multiple applications can be started in a single RemoteApp session, each with their own windows(Sony Vaio VGN-FZ18G battery).
A RemoteApp can be packaged either as a .rdp file or distributed via an .msi Windows Installer package. When packaged as an .rdp file (which contains the address of the RemoteApp server, authentication schemes to be used, and other settings) (Sony VGN-FZ345E battery), a RemoteApp can be launched by double clicking the file. It will invoke the Remote Desktop Connection client, which will connect to the server and render the UI. The RemoteApp can also be packaged in a Windows Installer database, installing which can register the RemoteApp in the Start Menu as well as create shortcuts to launch it(Sony VGP-BPS14 battery). A RemoteApp can also be registered as handler for filetypes or URIs. Opening a file registered with RemoteApp will first invoke Remote Desktop Connection, which will connect to the terminal server and then open the file. Any application, which can be accessed over Remote Desktop, can be served as a RemoteApp(Sony VGN-FZ11S battery).
Windows 7 includes built-in support for RemoteApp publishing but it has to be enabled manually in registry, since there is no RemoteApp management console in client versions of Microsoft Windows(Sony VGN-FZ17L battery).
Windows Desktop Sharing
Windows Vista onwards, Terminal Services also includes a multi-party desktop sharing capability known as Windows Desktop Sharing. Unlike Terminal Services, which creates a new user session for every RDPconnection(Sony VGN-FZ17G battery), Windows Desktop Sharing can host the remote session in the context of the currently logged in user without creating a new session, and make the Desktop, or a subset of it, available over Remote Desktop Protocol(Sony VGN-FZ17 battery). Windows Desktop Sharing can be used to share the entire desktop, a specific region, or a particular application. Windows Desktop Sharing can also be used to share multi-monitor desktops(Sony VGP-BPS18 battery). When sharing applications individually (rather than the entire desktop), the windows are managed (whether they are minimized or maximized) independently at the server and the client side(Sony VGP-BPS15 battery).
The functionality is only provided via a public API, which can be used by any application to provide screen sharing functionality. Windows Desktop Sharing API exposes two objects(Sony VGP-BPS12 battery): RDPSession for the sharing session and RDPViewer for the viewer. Multiple viewer objects can be instantiated for one Session object. A viewer can either be a passive viewer, who is just able to watch the application like a screen cast(Sony VGP-BPL12 battery), or an interactive viewer, who is able to interact in real time with the remote application. The RDPSession object contains all the shared applications, represented as Application objects, each with Window objects representing their on-screen windows(Sony VGP-BPL7 battery). Per-application filters capture the application Windows and package them as Window objects. A viewer must authenticate itself before it can connect to a sharing session. This is done by generating an Invitation using the RDPSession(Sony VGN-FZ290 battery). It contains an authentication ticket and password. The object is serialized and sent to the viewers, who need to present the Invitation when connecting.
Windows Desktop Sharing API is used by Windows Meeting Space for providing application sharing functionality among peers; however, the application does not expose all the features supported by the API. It is also used by Remote Assistance(Sony VGN-FZ29VN battery).
No comments:
Post a Comment