Thin Clients & Server Based Computing

Exclusive Solution For Innovative Minds

Thin Clients for Thin Budgets CITRUS THIN CLIENT White Paper Thin budgets within Organization/Education have curtailed new technology purchases. Many educational institutions have been forced to get another two or three years of service from their aging fleet of PCs. Using far less expensive Thin Clients, students can learn using the latest applications designed for Windows 2003 Server, while institutions can enjoy the security and manageability standards featured in Microsoft Windows Server 2003. Properly configured and managed, Windows Server 2003 can help significantly reduce your network operating costs while boosting security. With thin clients, odds are, you will only need to replace the server in 3-4 years while the Thin Clients will continue to be functional terminals, resulting in lower initial cost, lower cost of ownership, and longer service life. Why Thin Clients are replacing more PCs in Organization/Education. Thin Clients under Windows 2003 Server can competently do more than they could under Windows 2000 or Windows NT. Previously; Thin Clients had been limited primarily to office Productivity applications. Newer multi-media enabled Thin Clients teamed with the release of Win2003 Server OS mean that a larger percentage of instructional network users can now do everything they need with the far less-costly-to-own Thin Clients. Microsoft Windows 2003 Server is notable for its improved support for Thin Clients. If you havent examined the benefits of Thin Clients recently, times have changed. Its a good time to take a closer look. Greater Security. Security is greatly simplified, configured at the server, and has improved with Windows 2003 Server reducing time spent on Security Problems. Improved application support. Thin Clients can, for the first time, function as basic multimedia workstations providing audio support and 24-bit color. Vector graphics such as Macromedia Flash is supported. Streaming video at full frame rate is not supported. Reduced Support costs. Thin Client stations are easy to install /maintain and cost much less to support. Easier Software Setup. Software and upgrades are installed only once, at the server Easier Installation. Installation, relocation, and replacement of a Thin Client system is as easy as plugging and unplugging Great budget-friendly Use for Older PCs. New Thin Clients, legacy PCs can be used interchangeably as Thin Clients, providing cost effectiveness that can be matched to budget and need. Can I use my Legacy PCs as Thin Clients? In general, older PCs can be quickly converted to Thin Clients through Citrus PC to TC card and used to run Windows applications. Citrus is showing customers how to gain upto-date access to current software platforms, such as Windows 2003 using legacy PCs as Thin Client workstations on very thin budgets. Re-deploying older PCs is a most costeffective solution for migrating instructional network users to newer software platforms. When compared to acquiring new Thin Clients, PC maintenance costs will almost always be higher. Thin Clients are less expensive than typical PCs. They have fewer components and no moving parts, so hardware failure is greatly reduced. Thin Clients

cost substantially less than typical PCs. A 20-seat, Internet-ready Thin Client lab can be deployed for about the same price as a 10-seat PC network more users can access the advantages of technology. The Thin Client network helps lower the total cost of ownership from both a financial and a systems support perspective. Centralized management means that the same IT staff can support more student seats, decreasing IT costs. Citrus also offers Remote Management, a network monitoring service that provides Thin Client support and maintenance tailored to the needs of individual schools. Some of our Applications require PCs - Can I Mix Thin Thin Clients & PCs? PCs will continue to be the platform of necessity for power applications such as video editing, full motion video, and multimedia labs. Like a high performance V8 engine, a PCs higher purchase price and cost of operation are offset by the increased workload capability. For most other low performance applications where speed is not at issue Thin Client is now a viable and preferable alternative that offers economy and the ability to bring technology to more users per rupee spent. This means customers can now satisfy the needs of more users with less budget. How can Thin Clients help with the Ever-Growing Security? Threat? Network security problems continue to proliferate and pose ever-greater threats as illustrated by several rampant viruses and worms that recently cost numerous organizations days worth of productivity. There will be even more malicious attacks in the future. It was largely networked personal computers that contracted the recent malicious infections. Servers tended to be more current with updates and patches while network administrators hurriedly ran around trying to retroactively patch and repair individual PCs. With Thin Clients, a secure server means that viral agents are held in check and security issues are greatly reduced and simplified. With server-based file storage, virus scanning with latest virus definitions is simplified compared to the task of checking to insure that each PC has working virus software properly configured and updated. In addition, thin clients have no input devices, preventing the introduction of viruses onto the network via upload from a client. Does Windows 2003 Improve Thin Client functionality? A resounding YES!! Terminal Services by Windows Version The capabilities of the new Remote Desktop Connection client software depend on the Terminal Server version. High color (24-bit) -YES High resolution (1200x1600) -YES Drive redirection-YES Serial (COM) port redirection -YES Printer redirection- YES Audio redirection -YES Per-user time zone -YES Auto-reconnect -YES

Clipboard copy and paste -YES Low-bandwidth configuration -YES When used with a farm of Terminal Servers, auto-reconnect requires the Session Directory service, available only with the Enterprise Edition of Windows Server 2003. The configuration of the RDC client can be adjusted to optimize low-bandwidth connections. For example, when youre connecting by modem, the background bitmap will not be displayed. Windows Server 2003 Terminal Services Windows Server 2003 includes an improved Remote Desktop Protocol (RDP) and easier TS administration. In addition, Microsoft is using the launch of Windows Server 2003 to implement changes to the licensing of TS. Citrix Systems offers MetaFrame, which uses the Citrix Independent Computing Architecture (ICA) protocol and client. Citrix MetaFrame offers the same capabilities as TS in Windows Server 2003, but Citrix differentiates its product on implementation improvements in some of the features, as well as scalability and management. Therefore, MetaFrame is typically used by larger organizations. Citrix and Microsoft have had a continuing partnership for years as Citrix has worked to add value and extend the capabilities of the Microsoft platform. Protocol Update Enhances Connectivity Microsoft shipped a new Remote Desktop Connection (RDC) client, version 5.1, with Windows XP Professional. (It is also available via download for Windows 2000, Windows NT 4.0, Windows 9.x, and the Apple Mac OS X, and as the Remote Desktop Web Connection browser client.) With Windows Server 2003, Microsoft has updated the RDP to version 5.2; when this protocol is used with the RDC 5.1 client to connect to Windows Server 2003, users get the following enhancements: Improved access to local resources. Users can access local resources, such as local drives, serial ports (e.g., for bar-code scanners), and printers, and send audio output to their local speakers. Users can also redirect Windows function keys (with the exception of the Ctrl-Alt-Del combination, which maintains its local security context) to the TS session. Improved connection and authentication support. Smart cards can be used for authentication (on Windows 2000), the RDC client can disable the display of the desktop background to optimize low-speed connections, and the RDC client will automatically attempt to reconnect (including to the correct session if TS is running on a server farm) if a connection is lost. Other improvements. The RDC can support both high-color (24-bit) and high-resolution (1200x1600) displays; and gives the user a choice of either the local or host machines time zone. (In the past, the RDC client had the same time zone as the host server.) RDP is also used by Windows XP Professional to facilitate its Remote Desktop feature, which allows a single user to connect remotely to a Windows XP Professional desktop, so the new RDC and RDP enhancements will be available in Windows XPs Remote Desktop. Server and Administration Improvements Windows Server 2003 TS has new features that improve the security and configuration of the server, the management of users, and the management of RDC-to-TS connections.

Secure by default. TS follow the new policy of making Windows Server 2003 secure by default. Administrators must specifically choose to install and configure TS. In addition, connections between the RDC client and TS using the RDP version 5.2 are secured by 128-bit bi-directional RC4 encryption by default. This provides additional security: Not only do the data and the application stay on the server, but the connection between the client and server is also encrypted. Remote user group. Rather than adding TS users with the TS Connection Configuration program, administrators can simply make them a member of the new Remote Desktop Users security group. Group Policy and administration. Administrators can use either Group Policy or Windows Management Instrumentation (WMI) to configure and manage TS. Although some people think of Group Policy as a mechanism to manage user desktops, an administrative template allows administrators to manage RDC and TS features, including client features, such as redirection of local resources; and server features, such as encryption and session management, including configuration of the Session Directory. TS also expose a WMI object that allows administrators to use WMI to manage TS via scripts and management tools that support WMI interfaces. For example, Systems Management Server (SMS) can be used to distribute and manage software on terminal servers, and Microsoft Operations Manager (MOM) can be used to monitor and manage them. Session Directory Improves Server Farms The new Session Directory facilitates the creation of a farm of Windows Server 2003 terminal servers, which makes it easier to manage the load on the servers and the connections to those servers. The Session Directory service, which can run on a separate server, creates its own database (it does not store the session data in the Active Directory [AD], but it needs access to the AD) of TS connections and session information. When a user invokes the RDC and initiates a connection to a server farm administered by the Session Directory, the service checks to see whether the user has a "live" disconnected session on any of the servers. If so, the service reconnects the user to his disconnected session so that he doesnt lose his work. If a disconnected session does not exist, the users session will be created on any of the servers in the farm. The Session Directory is compatible with a software-based (such as Windows Server 2003 Network Load Balancing) or hardware-based load-balancing solution. In this configuration, it provides load balancing and fail-over support for TS, and new sessions will always be created on the least loaded server in the farm. NOTE: Session Directory is only available with the Enterprise Edition of Windows Server 2003. Licensing Microsoft is using the release of Windows Server 2003 to modify TS licensing. With Windows Server 2003, Microsoft is introducing per-user TS licensing and phasing out free TS access for recent desktop operating systems (OS). Per-user licensing can reduce TS licensing costs for users who access TS from multiple devices, but TS costs will increase for many customers who do not now need to purchase TS Client Access Licenses (CALs) because they are using a current OS. Microsoft has announced a transition plan that will give many current TS customers nocost TS CALs, but future TS users will be required to purchase a TS CAL.

In general, organizations might more easily understand when a Terminal Server CAL is needed, but most customers will need more CALs and, therefore, will pay more to use Terminal Server. Virtual Private Networking Windows Server 2003 includes an improved Internet Authentication Service (IAS), which extends Windows network-authentication capabilities and implements the Remote Authentication Dial-in User Service (RADIUS) protocol, a widely supported VPN protocol. Improvements include support for RADIUS Proxy, which routes RADIUS messages between RADIUS access servers on the edge of the network and other servers that perform user authentication; cross-forest AD authentication; and the ability to quarantine connections that do not meet a predefined configuration. Authentication Request Forwarding A Windows 2003 server running the Routing and Remote Access Service (RRAS) and IAS services can use the RADIUS protocol to forward authentication requests to another IAS server. When used as a RADIUS proxy, IAS is a central switching or routing point through which RADIUS access and accounting messages flow. This proxy redirection uses rule-based processing to provide for authentication load balancing and fail-over, including the ability to redirect authentication requests to an IAS server at another geographic location or another organization. IAS logs information about authentication requests, including information about the messages that are forwarded. Because this log can grow quite large, Windows Server 2003 IAS now supports the logging of XMLformatted RADIUS information to SQL Server, which is useful for reporting on or searching the logged RADIUS data. Cross-Forest AD Authentication In addition to using RADIUS, IAS can use AD for authentication by mapping an external identity to an AD user. With Windows Server 2003, IAS can use AD cross-forest support to authenticate a user. Organizations often create multiple forests in their AD to address unique organizational structures or to accommodate the merger of two organizations. With cross-forest support for IAS, a user can be authenticated even if she is a member of a different forest than the IAS server. Quarantine Feature The IAS Quarantine feature allows an organization to check for specific remote VPN client configurations before granting full access to a network. For example, an organization might want to ensure that all remote clients accessing its network are running a specific version of the OS and have virus-checking software enabled and updated with current virus signatures, thereby reducing the risk that the VPN can be used by unauthorized users. According to Microsofts Chief Information Officer, Microsoft itself is using this mechanism to screen its remote users. When a user initiates a VPN connection via Connection Manager, a Microsoft client dialer, the Connection Manager can describe the configuration of the client to the IAS server. The IAS servers can then allow the connection, refuse the connection, or route the connection to a "quarantined" server on a restricted subnet so that the client can be updated. Organizations can modify this process to suit their requirements or use samples in the Windows Deployment and Resource Kits. They can also customize the Connection Manager to include the features and appearance they want to present to users.

Terminal Services Terms Terminal Services is a family of related technologies, including Remote Desktop Connection (RDC), Remote Desktop Protocol (RDP), Terminal Server, Remote Assistance, and Remote Desktop for Administration. Terminal Server is the name of the Windows Server 2003 component that enables multi-user access to applications running on Windows Server. Clients accessing this component must have a separate Terminal Server Client Access License (CAL), which is separate from the CAL required to access Windows Server 2003. Terminal Server Mode, formerly Terminal Server Application Server Mode, describes the remote execution of applications for multiple users. Remote Desktop for Administration was formerly named Terminal Services Remote Administration Mode. It allows administrators to run as many as one console and two remote virtual sessions for the purpose of administering a server. Remote Desktop for Administration is similar to Windows XP Professional's Remote Desktop feature and requires no CAL. Remote Assistance, or Remote Administration Collaboration, is similar to Remote Assistance on Windows XP, but in this scenario the administrator of one Windows Server 2003 could request assistance from another administrator. Like Remote Desktop for Administration, Remote Assistance does not require a CAL. SUPPORT FOR WIRELESS OR HARD-WIRED NETWORKS The network connecting the clients with the server utilizes the TCP/IP protocol over Cat 5 cables or wireless LAN. Most organization will likely have the appropriate cabling or wireless access points already installed, so it will be a simple process to connect. The connection speed is 10/100 Base- T with Wake-On-LAN. NOTE: TCP/IP is the protocol used by most computers to communicate with one another. Cat 5 is short for Category 5; this is the standard type of cabling used to connect a Network Interface Card (NIC) to the wall outlet. Do Thin Client Networks Support PCs? Clients on the network can be Thin Clients, PCs, or Macs. Thin Client networks support virtually all popular platforms and operating systems. Many customers are deploying their legacy PCs and Macs in a Thin Client network to access the latest applications. This has helped save these customers the cost of acquiring new thin clients. SYSTEM MANAGEMENT Ease of centralized system management is one of the key benefits of the Thin Client environment. Software installations and upgrades are handled at the server rather than at many PCs. The clients can be easily installed or moved simply by plugging or unplugging. Existing legacy computers, IBM-compatible and Macintosh (in a Citrix environment), can be included in the Thin Client network, thereby extending the lifetime of those systems. Thin Clients have fewer components than a PC and can last up to twice as long. Citrus can remotely manage your Thin Client system thereby reducing IT overhead or the need for staff specialists. See Remote Management Services.

Installation Services Factory configuration of the server. Configuration of Microsoft Windows 2003 Server/Enterprise Server operating system. Setup and Configuration of the Active Directory, user profiles and group policies. Desktop profile design, standardization and integration. System-wide security design, user authentication, and integration. Setup of the server including connection to the customers TCP/IP network. Setup and configuration of all Thin Clients, connection to the server, and testing of clients by successful login to the server. Setup and testing of the network printers. Training two-hour system familiarization training with Web-based material. Remote Management Services (RMS) RMS for Thin Client networks includes servers &Thin Client Products Citrus offers RMS to help insure that your organization gets the maximum benefits from your investment in a Thin Client network. Contracts are available in one, two, and threeyear packages and include full access to our Help Desk/Remote User Support Services for Thin Client systems & Diskless PC Card. Help Desk / Remote User Support. E-mail support with a 4-hour response (non-critical). 1-hour possible on mission critical calls and e-mails. 9:00AM - 9:00PM telephonic user help for the normal 6-days. Web-based self-support at [Link]. User Desktop Remote Management As a part of our rapid response support process, Citrus will provide the facility to remotely report on individual user desktops. This will be an integral element of the User Help facility and allow us to respond in real time to individual problems and enable Citrus to notify you of changes in the desktop to help correct routine user problems. (Available only for Thin Clients). Critical System Parameter Tracking Software / hardware agents on all servers establish and report on acceptable thresholds and track critical system variables including but not limited to; CPU utilization, memory utilization, available hard disk space, available terminal services capacity. Plus: Citrus will evaluate operating system, application and Internet Explorer patches, fixes, and updates in our lab environment and, if necessary, deploy to the field as needed. (Available only to Thin Client systems). Why Citrus? Buying from Citrus Solutions Pvt. Ltd is SAFE. Why? We ask all of our customers, before they buy a new product from us, to try it out for FREE. Use the solution in your own environment, free, and feel comfortable that this product is totally compatible with your software and meets your total requirements. Once you are satisfied, then, and only then, place your order with us.

Citrus is intent on continuing to bring innovative technology products and services to Education. Citrus has been one of the early companies to recognize the potential that the Thin Client solution offers. The company has installed this cost-effective solution in real-life operations in many educational institutions and offices. We offer the service and support that customers need to successfully integrate the advantages of technology into the curriculum, and provide remote management and technical support, as well as training for the customers. Call us with your requirements and we will help you sort out the confusing world of Thin Client terminals. The technology seems to be changing almost daily and it is our job, as terminal specialists, to keep up with the new terminal technology. For More information Product specifications, including base offering and upgrade options are available. Ask your Citrus account representative for studies of existing Citrus Thin Client networks. For immediate attention, please contact Citrus Sales at 98694 36792. You can also find more information at [Link]