Friday, August 6. 2010
Integrating Terminal Services into a Portal
At the end of 2009 I participated in a pre-sale involving a portal migration in a governmental environment. The portal had some content management, portlets and an uncommon feature: citrix. This customer worked in a quite special way, their employees usually were out of their own installations but they needed regular access to some internal applications. The problem was part of these programs were very old dos/windows desktop applications which could not be easily moved to the web (customer had upgraded some to new web technologies but a lot of them still worked following this old-fashioned way). The portal used an old version of Citrix XenApp to place these old windows applications the customer really needed inside the portal. Besides that, typical requirements in a portal developing were demanded (sso, cms, eye-candy,...). An one more thing, customer wanted to change citrix for other solution and themselves also talked about the new features of windows Terminal Services.
Remote Desktop Protocol or RDP is a proprietary protocol developed by Microsoft to provide graphical interface access from one computer to another remote one. This technology is also known as Terminal Services because of the former name of Microsoft RDP server software (now called Remote Desktop Services or RDS). Windows 2008R2 introduced the new 7.0 version of the protocol at the end of the last year but the main improvements were done in the jump between 5.2 and 6.0/6.1 versions. Let's summarize the changes:
So now RDP alone accomplishes all common client requirements. Remote Applications gives to the user a seamless desktop integration, TS Gateway moves RDP and Remote Applications to the internet, Web Access moves again RDP to the web and finally it seems there have been several bandwidth improvements to make a better experience (Microsoft published a good whitepaper about RDP bandwidth when 6.1 version was released).
Now the main problem is how to integrate RDP inside a portal. The easiest way is just using the TS Web Access inside an iframe (the same technique I used in the sudoku entry to show you the html design). Liferay for example has an IFrame portlet that lets you point the portlet region to another page (TS Web Access server in our case), integrating TS web application easily in your portal. But, in my opinion, TS Web Access is not the best option because it works using an ActiveX element which directly bans any OS different than Windows, any web browser different than internet explorer, any RDP client different than windows Remote Desktop Connection (RDC).
As always my solution is maybe more complex but I am sure it is more open and funny. Based on the fact that RDP connection settings can be saved in a RDP file (this way these files can be easily edited, copied, and distributed), my idea is developing a little portlet which shows to the user the remote applications configured and, when clicked, a generated rdp file is downloaded to be executed by local remote desktop client. This way the solution works in any system that has a RDP compatible application. Microsoft has free Remote Desktop Connection 7.0 for windows OSes and Microsoft Remote Desktop Connection 2.0.1 Client for Mac (it supports RDP 6.0). In a similar way I did with Skype, browser can be configured to open rdp files (application/x-rdp mime type) with the selected client-side application. Linux and other *nix OSes are another question and I will try to face this problem in a future post.
The solution is a simple JSF 2.0 portlet (deployed on liferay 6.0.2) that uses cassandra as repository to store the application data (remember I already commented this to you in a previous entry about cassandra database). Portlet implementation saves the complete rdp file (the same that is generated and exported from TS Remote Administration application) in the database. When you click the application link the rdp file is fetched from cassandra and downloaded to the client.
This time the video shows the following: on the right a Windows 2008 60-day evaluation version configured as TS Server; on the left my Windows XP with RDC 7.0 installed; using IE8 I access to liferay and search for Notepad application; after clicking on it the rdp file is downloaded from my portlet and the browser asks to open it; accepting the offer RDC client remotely opens Notepad; when a simple text file is saved on administrator desktop it can be shown on windows 2008 server. Take into account I could not install 2008R2 (cos Microsoft only distributes 64 bit version and my laptop is i386), so the server only supports protocol version 6.1. This version lacks new SSO features and TS client application does not ask for user and password cos I locally saved my credentials before and it is reusing them.
Clearly notepad is a useless program but integrating this kind of remote applications can be very very important in some environments (legacy applications, programs with expensive licenses, binaries with local limited access,...). RDP protocol and its new features open up a lot of new possibilities and portlet integration makes its management easier for end users.
Finally I want to point out the use of cassandra as repository and portletfaces bridge as portlet/JSF 2.0 joint. I already stated the worth of the first one in the commented cassandra entry but I had never talked about the second piece of software. Neil Griffin heads this java project to create a portlet bridge for the new JSF 2.0 specification. I used alpha 1 version in my skype/pidgin VoIP solution and alpha 3 in this TS portlet, and I have to mention the outstanding progress. Good job Neil!
Remote Desktop Protocol or RDP is a proprietary protocol developed by Microsoft to provide graphical interface access from one computer to another remote one. This technology is also known as Terminal Services because of the former name of Microsoft RDP server software (now called Remote Desktop Services or RDS). Windows 2008R2 introduced the new 7.0 version of the protocol at the end of the last year but the main improvements were done in the jump between 5.2 and 6.0/6.1 versions. Let's summarize the changes:
- Version 6.0 (November 2006 - Windows Vista):
- Terminal Services Remote Applications. Remote Programs are a feature of Windows Server Terminal Services that lets client computers connect to a remote computer and execute programs that are installed on it instead of the complete windows desktop. The experience is the same as running a program that is installed on the local computer. An administrator must first publish the programs for end-users to access them.
- Terminal Services Gateway servers. TS Gateway server is a type of gateway that enables authorized users to connect to remote computers on a corporate network. TS Gateway uses RDP together with HTTPS protocol to help create a more secure, encrypted connection. A TS Gateway server uses port 443 and transmits data through a Secure Sockets Layer (SSL) tunnel. TS Gateway opens usual RDP intranet solution up to the world wide web.
- Improved bandwidth tuning for RDP clients.
- Terminal Services Remote Applications. Remote Programs are a feature of Windows Server Terminal Services that lets client computers connect to a remote computer and execute programs that are installed on it instead of the complete windows desktop. The experience is the same as running a program that is installed on the local computer. An administrator must first publish the programs for end-users to access them.
- Version 6.1 (February 2008 - Windows Server 2008):
- Terminal Services Web Access. TS Web Access is a service that makes Windows Server programs (TS RemoteApp) available to users from a Web browser. TS Web Acces is a kind of application inside IIS that lets user start remote applications from a web browser. This feature is not a protocol improvement but a new feature of the windows server and client.
- Network level server authentication. Technology that requires the user to authenticate himself before a session is established with the server. Originally the server loaded the login screen for the remote user, this used up resources on the server, and was a potential area for denial of service attacks.
- Terminal Services Web Access. TS Web Access is a service that makes Windows Server programs (TS RemoteApp) available to users from a Web browser. TS Web Acces is a kind of application inside IIS that lets user start remote applications from a web browser. This feature is not a protocol improvement but a new feature of the windows server and client.
- Version 7.0 (October 2009 - Windows Server 2008R2 and Windows 7):
- Web Single Sign-On (SSO) and Web forms-based authentication. Web SSO makes sure that after a user is logged on, no additional passwords are required for RD Gateway, RD Web Access, RD Session Host servers and RemoteApp programs.
- Multiple improvements in bandwidth (aero glass composed desktop support, smooth fonts, audio and video redirection).
- Multiple features to Virtual Desktop Infrastructure or VDI integration (virtual desktops and pools).
- Web Single Sign-On (SSO) and Web forms-based authentication. Web SSO makes sure that after a user is logged on, no additional passwords are required for RD Gateway, RD Web Access, RD Session Host servers and RemoteApp programs.
So now RDP alone accomplishes all common client requirements. Remote Applications gives to the user a seamless desktop integration, TS Gateway moves RDP and Remote Applications to the internet, Web Access moves again RDP to the web and finally it seems there have been several bandwidth improvements to make a better experience (Microsoft published a good whitepaper about RDP bandwidth when 6.1 version was released).
Now the main problem is how to integrate RDP inside a portal. The easiest way is just using the TS Web Access inside an iframe (the same technique I used in the sudoku entry to show you the html design). Liferay for example has an IFrame portlet that lets you point the portlet region to another page (TS Web Access server in our case), integrating TS web application easily in your portal. But, in my opinion, TS Web Access is not the best option because it works using an ActiveX element which directly bans any OS different than Windows, any web browser different than internet explorer, any RDP client different than windows Remote Desktop Connection (RDC).
As always my solution is maybe more complex but I am sure it is more open and funny. Based on the fact that RDP connection settings can be saved in a RDP file (this way these files can be easily edited, copied, and distributed), my idea is developing a little portlet which shows to the user the remote applications configured and, when clicked, a generated rdp file is downloaded to be executed by local remote desktop client. This way the solution works in any system that has a RDP compatible application. Microsoft has free Remote Desktop Connection 7.0 for windows OSes and Microsoft Remote Desktop Connection 2.0.1 Client for Mac (it supports RDP 6.0). In a similar way I did with Skype, browser can be configured to open rdp files (application/x-rdp mime type) with the selected client-side application. Linux and other *nix OSes are another question and I will try to face this problem in a future post.
The solution is a simple JSF 2.0 portlet (deployed on liferay 6.0.2) that uses cassandra as repository to store the application data (remember I already commented this to you in a previous entry about cassandra database). Portlet implementation saves the complete rdp file (the same that is generated and exported from TS Remote Administration application) in the database. When you click the application link the rdp file is fetched from cassandra and downloaded to the client.
This time the video shows the following: on the right a Windows 2008 60-day evaluation version configured as TS Server; on the left my Windows XP with RDC 7.0 installed; using IE8 I access to liferay and search for Notepad application; after clicking on it the rdp file is downloaded from my portlet and the browser asks to open it; accepting the offer RDC client remotely opens Notepad; when a simple text file is saved on administrator desktop it can be shown on windows 2008 server. Take into account I could not install 2008R2 (cos Microsoft only distributes 64 bit version and my laptop is i386), so the server only supports protocol version 6.1. This version lacks new SSO features and TS client application does not ask for user and password cos I locally saved my credentials before and it is reusing them.
Clearly notepad is a useless program but integrating this kind of remote applications can be very very important in some environments (legacy applications, programs with expensive licenses, binaries with local limited access,...). RDP protocol and its new features open up a lot of new possibilities and portlet integration makes its management easier for end users.
Finally I want to point out the use of cassandra as repository and portletfaces bridge as portlet/JSF 2.0 joint. I already stated the worth of the first one in the commented cassandra entry but I had never talked about the second piece of software. Neil Griffin heads this java project to create a portlet bridge for the new JSF 2.0 specification. I used alpha 1 version in my skype/pidgin VoIP solution and alpha 3 in this TS portlet, and I have to mention the outstanding progress. Good job Neil!
Comments