Unix equivalent of windows terminal server options?

Fri Jan 27 20:54:21 UTC 2017

On Fri, 2017-01-27 at 23:41 +0500, asad wrote:
> I want to replace *Windows terminal server* mostly due to cost
> reasons license cost for 2100 users goes out of roof.
> 
> The end-user is all windows but I want a jump server that is UNIX
> based [...] to run a terminal services for 2100 users.
> Some of the basic requirement for such a setup be:-
> 
>    - use of browser to access web based application
>    - Restrict or limit desktop application based upon user
> authorization.
>    - Supporting concurrent users for about 1200 per server.

Remote access to a Linux system is no problem at all - ssh, and run
whatever programs you like including X programs. The X server is on the
client. In my experience X really likes a fast network, and it not very
good on slow ones, especially for graphics-intensive things, which
these days is almost everything. For Windows users, this is not useful,
because Windows is not an X server, and you probably don't want to have
to install one on every Windows system (though there are free ones).

That leaves RDP or VNC.

Linux supports both RDP and VNC, but doesn't (out of the box) support
multiple users. As far as I know there is no way to use VNC with
multiple simultaneous users. There is a system called XRDP which does
support multiple RDP users, and is easy to install, though with some
restrictions on the window managers you can use. If you log in via
XRDP, you will get your own Linux desktop, with access to Linux
programs and features, and you will be using a Linux window manager,
not Windows.

One big question is authentication. If you are expecting to
authenticate against AD, Linux does support that via Samba. The AD
features are not comprehensive but for straight AD authentication it
should work fine. For non-AD username/password access it will work fine
too; you can even add MFA to the mix if you wish.

The biggest question is what applications your 2100 users will be
running on this server. A primary function of Windows TS is to provide
multiple users, simultaneously, with their own remote desktop, on which
they can run whatever *Windows* applications are available on the
server. Linux cannot provide that for Windows applications in any
general sense.

Linux CAN provide that in a few cases. Those cases are: Where the
program to be run has a Linux version (for example, Firefox); where
there is a good alternative Linux program (for example, LibreOffice
instead of MSOffice); where the Windows program to be run can be run
successfully under WINE.

Controlling access to specific applications on a user-by-user basis is
possible but fiddly; definitely not as point-an-click as Windows. I
have *never* done it myself, but I imagine you would create one group
for each application, and set the permissions on the executable to "-
rwxr-xr--". Not at all sure how you would do it with WINE applications
- perhaps by controlling access to the directory containing the
executable?

Your basic requirements suggest that a TS-style system may not actually
be needed. All clients have a web browser anyway, why go to a central
system to run one? Or are your clients outside the enterprise? Why do
they need to go to a TS to run desktop applications? It will be faster
if they run them locally and just centralise file access if needed.

Finally - don't be too sure you really need 2100 CALs. Ask around and
talk to Microsoft or your Microsoft reseller.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B