I know this has been done to death over the past few years, but since Citrix are due to release Citrix XenApp 5.0 on Terminal Services 2008 soon I thought it may be worth while posting an article on the key infrastructure benefits that Citrix XenApp has to offer.  If you are new to the application delivery market place and want to learn a little more about how these 2 products differ then this article may assist you in your future decision making.

Currently, this article analyses the key infrastructure differences between the latest application delivery platform from Citrix (XenApp 4.5 - was renamed recently from Presentation Server 4.5) and Microsoft Terminal Services 2008.  Later this year this article will be updated to include the new features of Citrix XenApp 5.0.  I have published this article before, but forgot we were now using the ‘XenApp’ name… whoops.  A quick google search will return all the history you need to know about the renaming history of this product, or you can check out Brian Madden’s site which provide you with an absolute bible of information, news and sometimes controversial opinions on everything you need to know about the application delivery and virtual infrastructure market place.

 

Introduction

Since the announcement that Microsoft will support many features that customers have previously paid for with Citrix it has left many confused at the what the reality of the situation is, what does Terminal Services 2008 have to offer and does it really mean that in the future you can slowly migrate away from the extra cost associated with Citrix licences?  

 

This document is not intended for a purely technical audience, most of the detail is at high level and thus does not cover detailed technical information.  It is not an attack on Microsoft Terminal Services 2008, we cannot pick it apart as a true side by side comparison.  Microsoft have added some basic features to Terminal Services to assist customers at an entry level deployment, the product does not compare and is not intended to be an alternative to a Citrix solution.

 

A quick thank you to the guys at Point to Point Ltd in the UK - http://www.ptop.co.uk for allowing me to publish this article on my personal blog (I wrote it for them last year).  Point to Point are one of the UK’s leading application delivery and virtual infrastructure solution providers, oh.. and they are a fantastic group of people to work with, flexible, creative, innovative and damn good at what they do! cheers guys.

 

1. The basics - An Infrastructure Comparison.

A common oversight - how does it all glue together?  Is it scalable?  What happens if a key component of the infrastructure fails?  Customers need to be aware of the massive differences in technology where the terminology is the same, ‘application publishing’ is a prime example as is ‘servers farms’  and ‘web interface’.  Yes Terminal Services comes with this now, but the only thing that is the same is the name, the actual technology is years apart.

Lets take a look at some of the key components which has made Citrix a robust and scalable solution and see how Terminal Services in 2008 compares.

 

Firstly, let me take you back a few years…. Remember when Citrix introduced a product to market called ‘Citrix Metaframe’ which (as it had done in the past with Citrix Winframe) added much needed functionality to a standard Terminal Server, like seamless application publishing and application load balancing for instance.  With Terminal Services at the time, if you had a remote desktop client installed on your PC, then you could establish a desktop session but nothing more than that.  Citrix also introduced a number of other things like local drive mappings, printing mappings etc etc.  There was a major design flaw though.. no centralised database for all configurations and no centralised management console for all the servers, which may have been dotted all over the place.  

Although Citrix Metaframe worked well in small to medium environments it struggled when a corporation took a stance and said “we want to go ‘thin client’ and deliver all our applications and desktops this way” then overall administration of the environment wasn’t easy and stability was sometimes a huge problem.  One of the Citrix servers in the farm was a ‘master ICA browser’ and was responsible for keeping all the other servers up-to date with any changes that an administrator had made by blasting the information through a network broadcast and if it wasn’t picked up then it didn’t work and if a Citrix server was on a different site it was very challenging indeed!

Fast forward a few years, Citrix brings an updated version of Citrix Metaframe to market which is called ‘Citrix Metaframe XP’.  I remember being at the launch when finally Citrix annouced that they are introducing a Citrix ‘datastore’ which can be hosted on either SQL, a local MS Access database or Oracle and from this day forward all static configuration will be stored centrally and each Citrix server will contact the Citrix datastore individually to receive updates, Citrix administrators will now administer the environment via the datastore.  The datastore could be easily backed up and restored when needed which introduced a level of disaster recovery which was totally un-available at the time.  The datastore meant there was no single point of failure in any Citrix environment and also offered (finally) a single point of management.  I believe that this simple infrastructure change helped evolved Citrix Metaframe XP into the successful product it is today (Presentation Server).

 

2.2 Centralised Citrix configuration through a ‘Datastore’.

Your very basic topology of a Citrix Presentation Server solution looks like this: 

 

 

So why am I telling you what you probably already know?  Well think of all the limitations that Citrix Metaframe 1.8 had and your nearly there with Terminal Service 2008, infact I would say it is worse in terms of scalability.

We all know that today, Citrix Presentation Server has a centralised configuration database called the ‘Datastore’.   This is the database that hosts all the Citrix configuration for published apps, server config, connection polices, printer drivers etc etc.  So what does Terminal Services 2008 have to compare?  The answer to that is a simple one - it doesn’t have one.

 

A very basic topology diagram of a Terminal Services environment looks like this: 

 

 

All the configuration is local to each Terminal Server, there is no centralised model for administration, to publish applications on Terminal Services 2008 an administrator would connect to the server directly using the new server manager utility and run a tool called ‘TS Remote App Manager’ this would allow a user to make an application available for connection but it does not allow you to publish that application across any other Terminal Servers that you may have on your network so that means you would have to repeat the process for each server.  

But Microsoft now has the ability to load balance applications in a farm… Yes, this is covered in the following chapter.

 

 

 

3.  Centralised management through the use of ‘Farms’

 

One of the primary features that Citrix has brought to Terminal Services is the ability to group all your servers into a ‘Farm’.  Your Citrix farm is your primary point of management and logically groups Citrix servers and users across your enterprise for display/configuration/analysis within the Citrix Access Management Console.  Configurations that you make can either effect individual Citrix servers or they can be applied to the whole farm of Citrix servers.

 

A basic Citrix Presentation Server ‘farm’ typically looks like this: 

 

Microsoft have annouced that Terminal Services 2008 will also offer the ability to create Terminal Server ‘farms’.  Now, although the terminology is the same the technology couldn’t be any different.  The term ‘farm’ used in Terminal Services 2008 is a logical grouping of servers based on what applications they are hosting and nothing else.

It is not a management solution, there is no database, no configuration, no console to manage your server farm (you manage each server directly as mentioned previously).  A farm in the Terminal Server 2008 sense is a way to group servers based on their roles (or applications hosted), for instance if you only wanted Microsoft Office across certain servers then you would split this into a ‘farm’.

So why is this a problem?  Well disaster recovery is one big issue but we will cover that later… Lets take the following example, ‘Application Publishing’.  

Your customer wants to install and then publish an application to 3 out of 5 new 2008 based Terminal Servers in their new farm and  load balance that application across the 3 servers in question (but remember, they are not licensed for the application to publish it across the remaining 2 servers).  Now this is a typical example of the kind of administration and application deployment that can happen everyday in a Citrix environment, but there is a slight problem here.  They would need to split the farm containing the 5 servers in two, because a farm in the Terminal Services 2008 sense is a group of servers that are configured identically with applications and the remaining 2 servers are not.  

Let me explain further, when a user connects to a Terminal Services 2008 farm, there is no checking to see which server the application is installed on, there is no specifying which server should host application A and which server should host application B.  The Terminal Server farm assumes that the application which the user wants to launch is installed on every server in the farm.  If it isn’t then the user may get pushed onto a server where the application doesn’t exist thus receives an error. 

 

A Terminal Services 2008 farm on the same scale as the diagram above would typically looks like this:

 

 

 

With Terminal Services 2008, you would need to create a server farm for every application silo that you have (remember though that a farm is not a point of management like it is with Citrix).  This would be horrible, complex and a total nightmare to manage which is why Microsoft state this is an entry level solution for non complex environments where you have maybe 1-5 applications hosted identically on 1-5 servers.

4. Load Balancing Applications and Servers

A new feature in Terminal Services 2008 is the ‘TS Session Broker’.  It is with this feature that Microsoft state you can now load balance your applications across your Terminal Servers as you can with Citrix which is true, you can, but again the terminology is the same but the technology used is radically different.  

The TS Session Broker installs on any 2008 based Server and communicates with each Terminal Server to determine how many sessions each one is hosting, the end result being an even spread of users across your environment.  The TS Session Broker also holds the configuration for your farms, one TS Session Broker can host multiple farms. Sounds good, and it is for very basic non enterprise, non complex environments, here is a simple overview of how it works.

Step One

First of all, as part of the set up configuration all  Terminal Servers are given the same alias in DNS (this is called round robin DNS) which means that when a user opens a client to connect to a Terminal Server session they need to type in one server name e.g ‘TS1’.

Step Two

Lets say we have 5 Terminal Servers, the above request could go to either one of them, or if one is down it will continue through the list until one responds. The one that responds will then communicate with the TS Session Broker to determine if the user already has a session to reconnect too or whether a new session should be established, the session is then established on what the TS Session Broker believes is an even load across the farm.  The client does not communicate directly with the TS Session Broker.

4.1 Load Balancing Limitations

High Availability

This is a big one, the cost of making this environment redundant would pay for the extra Citrix licences and then some. One of my immediate questions is “OK, I have all this redundancy with my 5 Terminal Servers, what happens if my TS Broker which may have 3 different farms enabled actually fails or goes offline?”.  The answer to that is a very expensive one, Windows Clustering and shared storage on a SAN or iSCSI device is needed to cluster the TS Session Broker.  Citrix has this type of fault tolerance out of the box through the use of zone data collectors.

Available Load Balancing Algorithms

The algorithm that the TS Session Broker uses is based on a distributed user load, not the overall realtime performance of the servers in question.  For example, in a Citrix environment a server can report itself as heavily loaded when memory/cpu usage is at 70% (configurable) even though user count is low however with the TS Session Broker the server would still accept incoming sessions resulting a poor experience for the user and a possible crash of the host.  

Distributed Architecture  

The TS Session Broker does not allow for load balancing across sites, if you have geographically distributed Terminal Servers then you would need to create/manage and maintain multiple TS Session Broker and multiple Farms. If you needed fault tolerance on each of these implementations then Windows Clustering and shared storage would need to be deployed. 

Mutliple Platforms

Terminal Server 2008 is the minimum requirement for loadbalancing with the TS Session Broker, you cannot load balance across multiple platforms which means all your applications will need to be certified and may/may not work which could be expensive and time consuming.

All the above limitations are available with the entry level Citrix Presentation Server solution. 

 

5. High Availability

Citrix have always included High Availability as an addition to Terminal Services.  In a Citrix Presentation Server environment there is no single point of failure, each server maintains a smaller local cached copy of the datastore incase of a datastore failure. You have spread your applications and loadbalanced them across Presentation Servers so in the event of a Presentation Server failure users are routed to the next available server by communicating with a zone data collector, if the zone data collector fails then a new one is elected and things carry on as normal. There are other components too which if fail built in redundancy allows the environment to continue.  The solution is designed to start you off small and safe and allows for enterprise class expansion to as many servers as you can host with high availability built in from the beginning, no redesign needed.

Microsoft Terminal Services 2008 however has one major flaw in my eyes and it is an expensive one - High Availability.  I always ask the same question “what load balances the load balancer?”  Out of the box, nothing does.  When using Terminal Services loadbalancing, if the backend load balancer (TS Broker Session) fails then users totally by-pass the load balancer resulting in an impending disaster.

So what’s the solution?  A ‘TS Broker Session Windows Cluster’ and shared storage which is expensive and probably twice that of rebuilding the environment quickly with Citrix and getting on with the job.

Diagram of a resilient TS Session Broker: 

 

 

My experience with Terminal Service based environments is that they start off small but become very popular thus critical very quickly, this is where customers generally move over to Citrix.  Now imagine the same scenario with Terminal Services 2008, you are allowed to grow the environment because there are more enterprise tools available (Load balancing, Application publishing, farms etc) what happens when your Terminal Server farm is now at around 20 servers and the business wants expansion across multiple sites and more application coverage?  I believe you then have 2 choices, you either spend a considerable amount of money on Windows Clustering and shared storage to make your TS Session Brokers fault tolerant or you spend the money on rebuilding the environment to Citrix Presentation Server.

6. Scalability

For all the reasons mentioned above and by Microsoft’s own admission it is not scalable above 5 servers with an identical configuration and I would never advise a customer to use it and then a year down the line advise them to install Windows Clustering to support a more resiliant environment.

7. Monitoring & Reporting

Citrix Presentation Server offers many reporting capabilities, either realtime or historical data covering performance, configuration changes, application usage, utilisation usage, uptime,  etc etc.  All the information is stored in a summary database and can be reported on at anytime and formatted for executive summary. 

Microsoft Terminal Services 2008 has no real reporting capabilities, however realtime basic performance monitoring is available as it was in Terminal Services 2003.   

8. User Experience through RDP

Lets take a look at this from the client side.  Many have compared RDP to ICA over the years in terms of bandwidth, it’s about the same these days thus nobody mentions it anymore so don’t forget what technology Citrix incorporates into ICA client to ensure the user experience is a positve one.

Flash optimisation

Progressive speed screen display

Speed screen flash acceleration

Speed screen multimedia acceleration

Speed screen image acceleration

None of the above is included in RDP 6.0 and it can make a huge difference to the user experience especially when using the Internet.

9.  Seamless Application Publishing

One of the key benefits that Citrix Presentation Server added to Terminal Server is the past was ‘Seamless Application Publishing’.  Microsoft Terminal Services 2008 now introduces a similar solution called ‘RemoteApp Manager’.

RemoteApp Manager allows users to connect to native Terminal Servers and run applications as if they are local, previously Terminal Services could only offer remote desktop access.  So how does it compare to Citrix application publishing?  Again the name suggest something similar however RemoteApp Manager is a very basic tool which is used to create and distribute ‘RDP’ files to internal users.

To use RemoteApp Manager, you connect directly to the Terminal Server that the application is on and launch it (there is no central management console), there are a few very basic options in terms of where the application is located (nothing about who is authorised to use it) before you finish publishing your application.  Once it is finished, you can distribute it as an RDP file to your clients using technologies such as SMS or you can choose to publish it in ‘TS Web Access’ (more on that later).

One of the distinct options that is lacking here is the ability to publish the application to a specific group of users, Out of the box RemoteApp Manager assumes that the user is allowed to access to the server and is a member of the local servers Remote Desktop Users group, other than that there is no granularity of user access or which servers the application should run on.  The only other option is to allow the application to appear in TS Web Access or not to appear (TS Web Access has no authentication).  RemoteApp Manager allow application publishing on a server by server basis and not on a user by user basis, if a user has access to the server via the Remote Desktop User group then they get to see and use all the published applications on that server.

 

10. TS Web Access (Web Interface for us)

Citrix comes with Web Interface, in many cases it is a primary platform used for accessing a Citrix environment, it is robust, supports dynamic client deployment for Windows, PDA’s, Mac’s and other operating systems.  It supports workspace control, multiple servers, multiple domains, multiple Citrix server farms, basically it is a well developed, resiliant front end access point which will enumerate and display published applications from different Citrix servers which may be all over the place and belong to totally different domains.

Typical example of a Web Interface deployment 

 

 

 

TS Web Access is a similar type of platform for Terminal Services 2008, it is free also but can only support Microsoft clients with only the RDP client version 6 and upwards, so no access from a Mac or PDA. The set up and configuration is very basic, it is installed and then you give it the name of one Terminal Server and that’s the configuration over.  It does not enumerate applications across different domains, different Terminal Servers or different Terminal Server farms by default.  TS Web Access is a very basic web front end to a single Terminal Server.

Typical example of a TS Web Access deployment using Terminal Services as a data source: 

 

 

 

There is a method to configure TS Web Access to enumerate applications from more than one Terminal Server or indeed more than one Terminal Server farm but again it is complex and clunky.  It involves exporting the individual applications from TS Remote App into a file share and then configuring access using Microsoft Active Directory Group Policies which over complicates the environment somewhat.  

Typical example of a TS Web Access deployment using Active Directory as a data source 

 

 

11. TS Gateway (CAG or Citrix Secure Gateway)

One of the big advantages of the Citrix Access Gateway appliance was the fact the it was not Windows based, on numerous occasions this would be brought up when selling Citrix Secure Gateway as a DMZ based public facing service.  

Citrix Secure Gateway was easy to setup, and worked well with Citrix Presentation Server.  TS Gateway from Microsoft is pretty much the same as Citrix Secure Gateway, it allows access to your internal Terminal Servers from external non trusted devices out on the internet through SSL, but nothing else.

The technology is old hat, Citrix Secure Gateway has evolved into the Citrix Access Gateway solutions.  TS Gateway is very basic and only supports the full Microsoft RDP 6.0 and above for client access on Vista and XP SP3, where obviously the Java client has been supported with Citrix from the beginning allowing external access to a much broader rang of devices.  Also, Citrix have always provided a small ICA ‘web’ client that can be easily deployed in no time to a client.

There is absolutely no comparison between the two technologies today.  Citrix Access Gateway out of the box provides more secure access to Citrix Presentations servers and full VPN access from the same hardened linux appliance, it can be clustered and used in the Citrix Access Gateway solutions for delivery of many other internal resources without the nee

12. Summary

Microsoft have introduced new functionality to Terminal Services in their latest release of ‘Windows Server 2008’ that some say blurs the lines in terms of the add on features and functionality that Citrix Presentation Server offers over and above what is essentially a standard basic Terminal Server offering.  This has many customers thinking do we need the added cost of Citrix licences if Microsoft are now offering application publishing, server loadbalancing, web access and external gateway solutions out of the box?  Well the simple answer to that question is yes, absolutely! 

Comparing a Citrix Presentation Server solution with a native Terminal Server 2008 solution is like comparing Citrix Metaframe 1.8 with Citrix Presentation Server 4.5, for those of you who are unfamiliar with Citrix Metframe it is a much early product from Citrix, infact it is about 10 years old.  Citrix Metaframe had no central SQL or Oracle database to store configuration in nor did it have advanced loadbalancing capabilities, the ability to centrally/manage all Citrix servers, permissions for Citrix administrators, connection polices for users etc etc.  In essence, at the time it just wasn’t a solid, scalable enterprise based solution it was ‘ok’ if you had about 2-5 servers but you certainly would have issues if your server farm began to grow rapidly, especially across different locations.  

Terminal Server 2008 is very much like what was on offer from Citrix about 10 years ago, obviously it is built on a much better platform than NT4 however it lacks the genius, vision and  years of experience of application delivery that Citrix has to offer.

After reviewing a number of documents and listening to podcasts you get the message that Microsoft are not trying to compete with Citrix with the introduction of Terminal Services 2008, their target market is newcomers to the technology with very basic and small time configurations (1-5 identical non-critical servers). 

I am not a Terminal Services consultant, I obviously know it is the foundation that Citrix Presentation Server installs upon but I rarely get to grips with trying to deploy it as a mechanism for application delivery, if customers are serious about the technology and it is a critical part of the infrastructure then Citrix Presentation Server is always used.  After reviewing Terminal Services 2008 I feel a little different, because of the new features available I feel there that there are opportunities for deploying it without the need for additional Citrix licence costs. Although Microsoft offer it as an out of the box solution, you really need to know your stuff to deploy it.  However, after discovering the real limitations in terms of its scalability, redundancy and management I would advise customers to invest upfront in Citrix Presentation Server rather than deploying it retrospectively.

 

Regards,

Lee Wynne 

 

Feel free to join me on linkedin