Thin end of the wedge

Thin-client solutions may be the answer your customers have been looking for as they strive to squeeze more out of their existing networking and PC infrastructures without paying a fortune to do soby Ian Yates, Jeff Symoens and Andre KvitkaAlthough the network computer has been hyped as the answer to everyone's prayers and the end to Microsoft's domination of the IT universe, the reality is that most users are already wedded to the Microsoft solution whether they like it or not.

Citrix Systems started out with an alternative to PCs everywhere, by installing multiple PCs-on-a-card in their dedicated servers. These were primarily designed to give remote users a better deal over dial-up lines. As the power of PCs accelerated with Pentium technology, and the power of the operating system moved up with the release of Windows NT 3.5, Citrix moved to a new model, not unlike the mini-computers of previous computing generations.

The idea this time was to make an NT server run programs for other users, rather than just handle file and printing duties. The "other users" were still intended to be remote dial-in types who couldn't get applications to run properly over slow modems.

Rather than having their own PC that they remotely control, they all share a slice of the action on an NT server that has gobs of RAM added. Why is this any better than the old time-sliced applications running on a mini-computer? Well, it's not really. The appeal is that you can run Windows applications, of which there are untold thousands available, rather than the old dumb terminal VT-100 applications of the past. You get your cake and eat it too.

Since most users want to run Windows-based stuff most of the time, it's obvious these solutions will have widespread appeal until the genuine Java-based NC arrives with an adequate number of useful applications.

The first users likely to be attracted to a Windows-based solution are remote users who want what they have in the office, while they're on the road or working from home. The second point of appeal is likely to be among users who have decent PCs but occasionally want some serious grunt to crunch a new model, be it financial, geographical or CAD-based. It should be theoretically cheaper to install one monster server than to upgrade all the PCs, when the requirement for more grunt is sporadic.

The final point of user appeal is to all those cheapskates who can't understand why the 286 they paid $8000 for is no longer able to run the programs they need. This last group will be convinced to buy a high specification server rather than upgrade their users' PCs, but they will also be the ones who get the least from the solution. There is a limit to how much any Windows NT server can share itself among users, and if you take this approach to its logical conclusion you might as well go and buy a Unix machine to begin with.

However, the state of play is changing rapidly. People want Windows on their desktops, no matter how crappy or remote that desktop might be, and Citrix and Microsoft are working hard to deliver just that. It seems that an open platform is now one that runs Windows software even if it doesn't boot Windows itself.

Citrix Systems WinFrame 1.7

WinFrame is Citrix's thin-client/server software that provides access to virtually any Windows application across any type of network connection to any type of client.

WinFrame provides centralised management, universal access, and improved performance and security for all business-critical applications and data. Currently WinFrame runs on NT 3.51. You need to look at Microsoft's Hydra if you have to have NT 4.0 support. The new version 1.7 has added quite a few features that users have been clamouring for.

The new WinFrame Application Manager provides support for single-point "application publishing", allowing secure, one-step application access for WinFrame users. Administrators simply click to assign applications to servers and to publish applications to users over LAN, WAN and dial-up connections.

WinFrame 1.7 provides features for improving file, system and application security. Now administrators can "lockdown" specific files, directories and system areas as well as the entire systems to improve the security of WinFrame servers on a corporate LAN/WAN, intranet or the Internet.

A plug-in for Netscape Navigator and an ActiveX control for Microsoft Internet Explorer allows Windows-based applications to be launched from or embedded in HTML Web pages. The application looks, feels and performs as if it were running locally, but it is actually executing at the server. Customers can provide online access to any existing application, such as order entry, catalogues, groupware or client databases, over intranets or the Internet without rewriting a single line of code.

In order to provide the greatest level of flexibility, WinFrame 1.7 supports two types of access to a WinFrame server in a Web environment. These access types define how users access WinFrame servers. Registered user types are challenged with IDs and passwords to ensure identification to the administrator. In order to deal with the Internet's public nature, anonymous user types are available that are not challenged with IDs and passwords. They share a guest security level.

Webmasters have complete control over the application's execution properties and "on-screen" Web page presentation with features such as a server-based application configuration utility, ICA file editor, and application presentation.

Secure operation in a Web environment can be conducted thanks to enhancements such as a restricted application list that works with a secure kernel to shut down any back doors that may exist in your applications, pre-and post-application execution scripts (that can set up and clean up user environments), and a new government C2 security utility that triples the standard security levels provided by Microsoft in Windows NT.

To improve application performance and to reduce network traffic, graphics are sent to the client once and stored locally between application sessions. This allows application splash screens and toolbars, for example, to be transmitted once rather than downloaded to the client each time.

ICA protocol compression can be turned on or off based on available bandwidth. For low-bandwidth dial-up and WAN connections, active ICA protocol compression provides minimised bandwidth utilisation for LAN-like performance. For high-bandwidth LAN connections, deactivated compression reduces server load, offering more efficient processor utilisation on the server.

With its Windows 95-like installation and setup wizard, WinFrameEnterprise clients for Windows 3.1, Windows for Workgroups, Windows 95 and Windows NT are easy to install. The wizard guides users through all the necessary installation steps and automatically detects the PC's available modem.

Microsoft Terminal Server 1.0

In spite of Windows' popularity, the promised network computing "revolution" may some day make a profound difference in the systems you buy and support. Given this possibility, it comes as no surprise that Microsoft has a plan to keep Windows at the forefront. Its Windows-based Terminal Server (code-named Hydra) and Citrix Systems' add-on, code-named Picasso, Version 1.0, are trying to ensure that Windows will still have a place on the majority of desktops.

Currently in beta release, these two products will combine to provide what looks like a great solution to delivering 32-bit Windows applications to under-powered and unconventional desktop clients.

Based on technology from Citrix's WinFrame, Terminal Server and Picasso offer remote client access to Windows-based applications running on Terminal Server. This idea is very similar to diskless workstations running Unix-based applications on a remote host. The benefits of this approach are clear: with application processing moved to the server, the client hardware requirements needed to run common productivity applications, such as Microsoft Office, are significantly reduced.

Overall, this combination should reduce the high, ongoing cost of desktop upgrades and application deployment because an application will be installed only once at each server before simply granting users access to the required applications. One side benefit is companies will have more choices regarding client OSs, because the Picasso extension of Terminal Server helps deliver Windows applications to virtually any desktop platform.

Windows-based Terminal Server

In the resulting relationship between Microsoft and Citrix, Microsoft supports the multi-user NT kernel and the extensions required to remotely access applications running on Terminal Server from Windows-based clients. Microsoft also provides a base set of tools for managing both Terminal Server and Picasso.

We found Terminal Server provided pretty good remote-application performance overall, although we did experience some lag in application responsiveness, similar to what you would experience with a remote control product, such as Symantec's PCAnywhere. Our preliminary tests bear out Microsoft's claims for the product. On a dual-processor Pentium Pro server with 256MB of RAM, you should be able to service roughly 30 typical desktop users, or approximately 50 users who generally perform a small number of tasks. We also found the network bandwidth required was pretty minimal for this type of product.

Terminal Server has a number of nice administrative features, such as the capability to monitor user connections and processes. Also, we were able to disconnect idle users and let users disconnect from the server while leaving their application sessions active. Terminal Server can restrict access to applications, but we were disappointed that it cannot currently designate which users have access to which applications. Microsoft seems to be deferring these and other capabilities to its Zero Administration Kit for NT.

Terminal Server offers a utility that allows administrators to migrate NetWare user accounts to NT's Security Accounts Manager (SAM) database. Thus, those NetWare-based users can gain access to a Terminal Server that uses typical NT security mechanisms. However, Terminal Server supports only NetWare bindery emulation mode for this capability.

Terminal Server's utility does not have an elegant way of migrating NetWare users to an NT domain if you do not run the utility on an NT Primary Domain Controller.


Although Microsoft focuses Terminal Server on Windows clients, Citrix's Picasso add-on lets users from virtually any other platform access Windows applications running on a Terminal Server. The current beta release does not yet support connections from so-called Windows Terminals, which are graphical, diskless workstations. So we had to use Picasso to run applications from these platforms.

Picasso is an add-on to Terminal Server. The product's administrative functions plug right into Microsoft's management tools Ñ giving administrators a single place to manage both products. One bonus Picasso brings to the platform is a rudimentary load-balancing capability that automatically distributes users' log-ons across multiple servers.

Although we would like to see better-integrated control of assigning end-user access to various applications, overall we were pretty impressed with the capabilities of the Terminal Server-Picasso combination. Together, these two products make it relatively easy to deliver Windows applications to virtually any client platform, subsequently offering more choice in desktop platforms and reduced upgrade and administration costs for the platforms already owned.

Clients supported

Terminal Server and Picasso will combine to provide Windows applications to several clients, including: DOS, Macintosh, Unix (through multi-platform Java client), Windows 3.1 or later, Windows 95, Windows CE (not in this beta), Windows for Workgroups 3.11 and both Netscape and Microsoft browsers. Windows NT Terminal Server without Picasso only supports Windows client platforms.

Getting started

The Hydra/Picasso offerings are in beta so you can download them from and to try out for yourself.