Remote-Display Servers

Server-based computing has evolved into an intelligent way to save time, money and aggravation. Out of five remote-display servers, find out which provided the best management, features and performance for

January 28, 2005

19 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Fetching Setups

In an SBC environment, a client computer interacts with remote-displayed applications through keyboard and mouse events that are sent back to the server running the program. Changes in the appearance of the application as a result of those events are, in turn, sent to the client. This offers several advantages. First, because applications are installed on the server rather than the client, incompatibility problems are eliminated. Application-version consistency is assured, and users can access their apps from any location. Although we wouldn't recommend SBC as a long-term solution for dial-up users, cable or DSL links, it's viable.

Furthermore, because Windows applications can be accessed from non-Windows clients and vice versa, SBC can extend application compatibility to just about any platform. Applications also can be secured and updated more efficiently because they need to be patched only once, on the servers. Finally, access to applications can be centrally controlled, monitored and logged, letting organizations enforce policies that control when apps may be accessed and from where.Some vendors sent us multiplatform versions of their remote-display servers, while others sent Windows-only models (see the features chart, for all supported application and client platforms). Where possible, we used the product's Windows variety to ensure consistency in our performance tests.

We judged products based on four criteria: price, management, features and performance. To compare prices, we asked vendors to quote list price for one server running 20 clients, with three years' maintenance included. If a product required additional licenses of another product--for example, Windows TSCALs (terminal services client access licenses) or Windows 95, 85 or ME licenses--we included that. See our pricing chart on the left for a cost breakdown.

Remote Display Server PricingClick to Enlarge

Power of Three

We evaluated each product's ability to perform three key managerial tasks: application deployment, access management and client management:• Application deployment deals with the setup and configuration of published applications.

• Access management covers the product's ability to control and secure access to published applications and their supporting resources.

• Client management rates how easily we could configure and control client behavior from the server end--a function critical to enterprise management.

Because nothing foments dissent among end users like a sluggish application, extensive performance tests were critical. We simulated client activity on our servers and measured CPU and memory utilization under various loads. For a complete description of our performance tests, see "How We Tested Remote-Display Servers" performance results are here to the right.

Remote Display Servers Performance

Click to Enlarge

In our invitation, we specified that products should scale to support several hundred clients across multiple servers. Although all the entries meet this requirement, some are better suited to larger deployments. For example, offerings from Citrix, Jetro and Tarantella provide server-agnostic clustering and the ability to set metrics and conditions for balancing load. In addition, four out of five products tested contain built-in support for enterprise directories, such as Microsoft's Active Directory. NeTraverse is the odd one out here. The Citrix and Tarantella remote-display servers provide the most complete reporting and monitoring capabilities.

When we were gearing up for our tests, we thought the biggest challenge would be installing and publishing applications on the remote-display servers. We thought wrong. To our amazement, application publishing was a breeze, though each product has its own options for publishing apps, some more feature-rich than others. While we're on the subject, note that not all apps are suited to SBC. For example, graphics-intensive and multimedia applications will run into problems. Color depth is an issue because remote-display clients generally support only 16-bit or 24-bit color. And when the screen must rewrite often, as with games, you'll see performance problems.

Indeed, performance testing posed an interesting challenge. Our dual-CPU Pentium III 1-GHz Xeon servers, each with 1 GB of RAM, met the minimum requirements for all the products we tested, so our biggest concern was the resource demands of the test applications we planned to publish. When we finally put the ax to the grinder, all the products easily handled a 10-client load without change in responsiveness, but with 20 clients things slowed down noticeably. Jetro CockpIT impressed us by handling 30 clients running our text mix with tolerable performance. In contrast, rival products either rolled over under a 30-client load or showed response times in the "poor" category, defined as "too slow to be useful."

Our Editor's Choice award goes to Citrix's feature-packed MetaFrame Presentation Server 3.0, Enterprise Edition. Although it is the most expensive and complex product we tested, it turned in consistently strong results across our grading criteria.

Everything about MetaFrame told us its sights are set on the enterprise. The built-in installation manager helped us deploy packaged applications to each presentation server in the farm, making installs and updates to multiple presentation servers a snap. Once we published an app, we could load-manage it across presentation servers using several different metrics, including application or server-user load, CPU, client IP address and memory or disk utilization. To help administrators determine which metrics will best balance the load, the product can monitor real-time activities by user, application or server. No systems admin can afford to stare at a screen all day and wait for something to happen, but fortunately, SMS, SNMP and SMTP alerts can be sent based on any resource being monitored. To test this feature, we set an SMTP alert to warn us when more than 10 users accessed our published word-processing application.The features don't end there. MetaFrame includes a complete policy-management framework that let us create policy filters and apply them by user, IP address or server. These policies can control encryption, bandwidth limits and client behavior settings. We used this feature to disable client audio capabilities and throttle client bandwidth to 32 Kbps for a select group of users connecting on a specific IP subnet. Let's see those pesky salespeople play with their MP3 collections now [insert crazed laughter].

Total Cost of Ownership ComparisonClick to Enlarge

MetaFrame's remote-display protocol includes some unique, cutting-edge features. For example, it's the only product to support both audio output and input. More impressive, it let us play a sample video on our remotely displayed Internet Explorer using Citrix's SpeedScreen Multimedia Acceleration technology. SpeedScreen improves the response time of image-intensive Web pages, Macromedia Flash programs and video by "playing" the video or Flash presentation on the client device rather than on the server. However, this feature only with Internet Explorer, Windows Media Player and RealOne Player on 32-bit Windows clients.

MetaFrame Presentation Server's comprehensive security model let us set up multiple admins with varying degrees of access control in the administrative console, a useful feature for the enterprise. We configured a role for helpdesk administrators who could completely control and manage user sessions but could not deploy new applications or change server settings in our server farm.

Citrix MetaFrame Presentation Server 3.0, Enterprise Edition. Citrix Systems, (800) 424-8749, (954) 267-3000. www.citrix.com

Tarantella offers two products in this market: the Terminal Services Edition (TSE) and the Enterprise Edition. The Enterprise Edition supports remote display of Windows, Unix, Linux, Java, mainframe and AS/400 applications, making it very flexible for consolidating access to applications on heterogeneous platforms under one environment. In contrast, TSE is Windows only and relies on Windows Terminal Services to do much of the heavy lifting. You'll pay for the flexibility of Enterprise Edition--it costs more than 10 times as much per client as TSE. Based on the capabilities and requirements of our performance testing environment, TSE was a better fit for this review.

Tarantella says Secure Global Desktop TSE is the ultimate companion to Windows Terminal Services, and we don't disagree. The product is jam-packed with features, including reporting, monitoring and clustering support, yet it's affordable; in fact, it boasts the lowest per-client price in this review.

We easily administered Secure Global Desktop TSE using a Web browser and found the user interface and online help easy to navigate. For large environments, TSE supports clustering and load balancing, but unlike Citrix MetaFrame, it cannot deploy the application to other servers in the server "team," the Tarantella equivalent to MetaFrame's farm.

Remote Display Server Features

Click to Enlarge

Secure Global Desktop gave us quite an array of settings to configure for a published application, including limiting the number of concurrent sessions per team or per server. Publishing applications on the server was simple; we especially liked selecting an application from the Start menu and having the rest of the required fields automatically filled in. Of course, if the application you want to publish doesn't appear in the Start menu, you must enter the path to the application manually, a slight annoyance.

For even greater flexibility, the product let us define connection settings and control the client experience by tweaking audio capability, caching and color depth. Connection settings can be assigned to a published application on a group of computers. For example, we published applications at 8-bit color depth to Windows 9x clients, but 24-bit color depth to Windows XP clients.

Secure Global Desktop TSE has easy-to-use yet surprisingly comprehensive monitoring and reporting that gave us usage reports for users, clients, servers and applications. With a couple of clicks, we could see which apps had been accessed in the last 24 hours and by whom. For the administrator who's got to have it now, real-time monitoring of current user sessions is available, and we could send messages to users or take control of a user's session using shadowing.

One particularly useful reporting feature was TSE's audit-logging, which logs all changes made to the system, making it easy to see which administrator added and updated applications or changed server settings.

Tarantella Secure Global Desktop Terminal Services Edition. Tarantella, (888) 831-9700, (831) 427-7222. www.tarantella.com

Like Secure Global Desktop TSE, Jetro CockpIT is designed as an enhancement to Windows Terminal Services. And like TSE, CockpIT sports an easy-to-use Web administrative interface and supports load balancing, clustering and Active Directory. CockpIT's ability to manage published applications and control client settings compared favorably with MetaFrame and Tarantella. And as we noted earlier, CockpIT aced our performance tests.CockpIT was held back in this review by its relatively lightweight feature set. For example, it lacks multiple administrative roles and application metering, and cannot associate a published application by file extension and shadow a user's session from within the administrative application console. We could shadow user sessions, but we had to jump over to Windows Terminal Services Manager. CockpIT does have respectable support for reporting, though not up to MetaFrame's and Tarantella's standards.

Jetro adds some extras to set its product apart from the pack. CockpIT's unique scheduling-policy feature, for example, let us set a time schedule, such as "weekdays," "working hours" or "second shift," then assign the scheduling policy to the application. When used in combination with a security policy, we could restrict access to apps by time of day. This feature could be used to manage access to a busy enterprise application by work shift.

Another aspect of Jetro CockpIT that proved useful was its ability to display effective user rights and policy usage. For any security policy definition--nothing more than a set of user and groups--we could view the applications, user profiles and printers affected by that policy, making troubleshooting user access quick and easy. In CockpIT, a user profile represents those settings that govern the user experience at the client, such as printing and local disk drive access. This proved to be crucial because in CockpIT, security policies are the decisive links between user-accessible published applications and advanced settings that control the client behavior for that user. If you're confused, you're not alone--we were, too. But once we understood how it works, we appreciated this feature's power. For instance, you can publish the same application for different classes of users and permit one set of users (employees) to save files locally, but deny another group (guests, for example) that right.

Jetro CockpIT 3.5. Jetro Platforms, (800) 639-5516. www.jp-inc.com

Graphon's Go-Global comes in Windows and Unix versions; we tested the Windows product. To remotely display applications, Go-Global uses its own enhancement to the X11 protocol, dubbed RXP (Rapid X Protocol). RXP does not use the screen-scraping technology popularized by other products; instead, it captures calls passed though a proprietary graphics driver installed on the server and sends them to the client.

According to Graphon, the primary objective of Go-Global is to let its customers Web-enable their applications quickly, simply and affordably. The company says it accomplishes this by keeping the features and functionality simple and not requiring additional licensing, such as Windows Terminal Services Client Access Licenses, which Citrix's, Tarantella's and Jetro's offerings all require. Within the context of our review, however, any gains Go-Global picked up through its plug-and-play approach to application publishing were lost to its lack of administrative support features, such as access control and reporting. For example, Go-Global made application publishing as simple as browsing for an executable file on our server, but user access to the application is controlled via NTFS access-control lists. Thus, when we wanted to restrict user access for Microsoft Paint to a particular user group, we had to alter the NTFS permissions on the .EXE file in Windows explorer, an inconvenient process. In addition, access-control features, such as defining encryption, sound and access to clipboard, printers and disk drives, are controlled at the server level as opposed to the user and application levels, as they are in Tarantella Secure Global Desktop, Citrix MetaFrame and Jetro CockpIT.

Go-Global did let us view and shadow an active session, similar to many of the other products we evaluated. Although these monitoring capabilities are adequate, we were disappointed by the application's lack of reporting and logging. Case in point: We couldn't view the users who accessed our published applications over the past week.

Like most of the products we tested, Go-Global integrates with Microsoft's Active Directory for user authentication. However, Go-Global is unique because it automatically attempted to authenticate on local Windows accounts if it failed on Active Directory, eliminating the need for the client to specify an Active Directory Domain when connecting to the Go-Global display server.

Go-Global for Windows 3.0. Graphon Corp., (800) GRAPHON, (603) 225-3525. www.graphon.comFrom NeTraverse, makers of the popular Win4Lin product line that enables Linux desktop users to run Windows applications, comes Win4Lin Terminal Server. This product takes a radically different approach to remotely displaying Windows applications by actually running an instance of Windows 9x (95, 98 or Millennium Edition) as a virtual machine process on the Linux server. Clients then access their own copies of Windows using a modified version of the X-display protocol. To come full circle, the product also includes a utility for executing a Linux application from within the virtualized Windows session, thereby making Win4Lin the only product we tested capable of running more than one platform of applications on the same hardware.

We're not kidding when we say an instance of Windows 9x. In the second stage of the app install, we whipped out a Windows ME CD-ROM, just to be contrary, and watched in amazement as the Win4Lin installer copied its contents to the server. But the true reality check was delivered during the final stage of the install, when the Windows ME setup was run into a folder on each Win4Lin user home directory. If watching an OS install, firing up the virtual Windows session, installing the Windows apps, then repeating the process for X more users doesn't sound like your ideal way to spend a Saturday night, you're not alone. NeTraverse configured Win4Lin so we could create a master user profile, then publish that profile to other user accounts. When the master profile is changed, as when Office updates are installed, for instance, changes are propagated to the accounts dependent on that profile automatically.

Although packed with cool technology, Win4Lin was a little lean on administrative tools and functionality compared with the other products in our review. Reporting and real-time monitoring capabilities, for example, were nonexistent, and several administrative functions, such as access control and directory

integration, were lacking as well. NeTraverse says it plans to incorporate additional administrative functionality into future releases, but for now suggests using Win4Lin in concert with other products, such as Tarantella Enterprise Edition. Finally, those concerned with application compatibility among newer apps and the aging Windows 9x platform will be happy to know that NeTraverse is working to add Windows 2000/XP compatibility in future releases.

Win4Lin Terminal Server 3.0. NeTraverse, (512) 228-2000. www.netraverse.com

Michael Fudge Jr. is a systems administrator at Syracuse University's School of Information Studies. Write to him at [email protected].

We tested five remote-display servers at our Syracuse University Real-World Labs®. A sixth server functioned as a dedicated Windows 2003 domain controller. We used six identical Dell dual-processor 1-GHz, Pentium III PowerEdge boxes, each with 1 GB of RAM and RAID 5. The installed OS was either Windows 2003 standard or Red Hat Linux 9, depending on the product's requirements.

To evaluate each product, we installed and configured a diverse set of publishing applications, from Notepad and Paint to Mozilla Firefox to Open Office and Microsoft Office 2003. In addition--and purely in the interest of science, of course--we installed Pinball, to see how each client handled graphics and animation. We based our evaluation on how simple it was to get each app up and running on the remote-display server.Once the applications were installed, we evaluated the display servers' feature sets by attempting to secure applications by group and by changing various elements of client behavior from the administrative console, including display, bandwidth and audio settings. Next, we tested reporting, logging and monitoring before turning our gaze to the client side, where we assessed the functionality of such features as audio, application behavior and accessing files and printers, both locally and remotely.

For our performance tests, we set up 30 workstations running client software to connect to each of our five display servers. These workstations were all members of our test Active Directory domain, and each ran Windows 2000 Professional.

To make our performance tests real, we simulated what users might do on a remote-display server. For starters, we divided user activities into four basic tasks: the application launcher, the touch typist, the window mover and the Web surfer. The application launcher task opened and closed applications on the server at random intervals. The touch typist task launched a word processor, then simulated a user keying up a long document. The window mover task launched an application, then moved the application window around the screen at random locations and intervals. Finally, the Web surfer task launched a Web browser, then cruised to various Web sites at random intervals, simulating surfing activity.

To perform these tests, clients were configured to automatically log on to the remote-display server and execute one of our four predefined tasks. We then ran trials consisting of 10, 20 and 30 clients, each time measuring average system load (processor and memory utilization) on the server. We wiped the slate clean by rebooting the entire test environment between trials. Having all 10, 20 or 30 clients try to connect to the remote-display server at the same time was unrealistic, so we staggered our client connections over a five-minute interval during testing.

We also performed an additional, admittedly subjective evaluation that we called the "responsiveness" test. Once the server was at the desired load for the trial, we launched a word processor application and started writing a memo. We noted the application's response time and rated it as normal (no noticeable degradation in performance), tolerable (responsiveness noticeably slowed, but still tolerable) or poor (responsiveness so slow that the application is unusable).All Network Computing product reviews are conducted by current or former IT professionals in our own Real-World Labs®, according to our own test criteria. Vendor involvement is limited to assistance in configuration and troubleshooting. Network Computing schedules reviews based solely on our editorial judgment of reader needs, and we conduct tests and publish results without vendor influence.

R E V I E W

Remote Display Servers



Sorry,
your browser
is not Java
enabled



------------------->

Welcome to NETWORK COMPUTING's Interactive Report Card, v2. To launch it, click on the Interactive Report Card ® icon above. The program components take a few moments to load.

Once launched, enter your own product feature weights and click the Recalc button. The Interactive Report Card ® will re-sort (and re-grade!) the products based on the new category weights you entered.

Click here for more information about our Interactive Report Card ®.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights