ThinLinc Remote Desktop Server Overview for Linux

    The Cendio ThinLinc solution in Russia has not yet received much fame, although it is gradually starting to attract attention. We decided to publish a short review so that readers can appreciate the convenience of the software product under Linux.

    ThinLinc is a software product through which a user accesses desktops, files and applications from a central server. Thus, the computing resources of the organization are concentrated in the data center, and not distributed to end users. Possible breakdowns and failures of client devices do not affect the integrity and safety of data.

    ThinLinc differs from most similar products in its sharpening under Linux. The product was originally developed as a server for remote access to a PC running Linux, and, since it had proved its worth, Cendio decided to continue its development and support.

    Although the ThinLinc server runs on Linux, users can run Windows applications and access their desktops. To do this, you need to connect Remote Desktop Services via the RDP protocol. As a result, you can simultaneously run Windows and Linux applications on the Linux desktop without switching between environments.
    Here's what a combination of environments looks like on one screen:

    Starting Windows in a separate window

    Launching a Windows application in “seamless” mode (the user can move or resize the application) The

    ability to switch between Linux and Windows environments is saved and provided when logging in to a special menu.

    However, again, the specialization of the solution is integration with Linux and the use of open source code. ThinLinc performs best on platforms such as Red Hat, Ubuntu, and openSUSE.

    ThinLinc uses a standard client-server model. Sessions are created on the ThinLinc server as instances of the Xvnc process. Instead of sending the output data to the physical screen, the X11 server converts it to the VNC protocol and sends it to the TCP socket. The connection of standard X11-working environments and applications with this process occurs as if it were a regular X-server. The VNC client can then connect over the network (local or global) and display the content on a remote screen.

    ThinLinc System Architecture

    The ThinLinc system architecture adapts to the existing user architecture and makes it possible to extend the ThinLinc system with everything necessary. Standard authentication is used, providing integration with eDirectory, Active Directory, NIS, etc.
    ThinLinc can be installed on one machine or in a cluster.

    The cluster configuration allows you to evenly distribute the load between the agent servers on which sessions and applications are running, and also provides scalability and fault tolerance. Agent servers in the cluster are identical to each other, and if one of them fails, the others take on user sessions. In the event of a failure, you can configure the main server by switching it to the backup capacity. This ensures duplication at all levels.

    Thanks to load balancing, you can add servers as needed.

    ThinLinc load balancing also extends to Remote Desktop Services.

    • The main ThinLinc server (vsmserver), which acts as a session broker and gateway in the cluster, solves the following tasks: monitors and verifies sessions, distributes the load among agents in the cluster, performs initial authentication, selects a terminal server, and sends session information to the client.
    • The ThinLinc agent (vsmagent) is responsible for launching and hosting the processes that make up the ThinLinc session and establishes tunnels for graphics and local devices. The tunnels are multiplexed over the SSH connection per user.
    • ThinLinc-client is connected first to the main server, then to the agent, which the main server considers the most suitable. When a client connects to a server, all traffic between them is encrypted via SSH, eliminating the need for VPN services and ensuring a secure connection even through the Internet. The ThinLinc client can run on a variety of Linux, OS X, Windows, and other thin client platforms, including HTML5-based clients that run through browsers.

    Hardware component

    Since all the computing power is concentrated on the server, it is not necessary to purchase expensive hardware for users, even when it comes to performing resource-intensive tasks. The server itself can be either physical or virtual.

    Together with ThinLinc, a wide variety of thin-client devices can be used, such as outdated desktop computers, laptops, tablets, smartphones and specially designed devices with minimal hardware requirements. These devices consume little energy, require minimal maintenance and have a low cost of ownership.

    Alternatively, the company may use the BYOD (bring your own device) model, in which employees use their own devices in the workflow.

    ThinLinc supports local HDD and USB on the client.

    Thanks to the ThinLinc architecture, client devices are as isolated from the server as possible. For example, if a user connects to the server from home from his laptop that has a virus, there is no chance that this virus will get into the server environment.

    Computing resources

    The computing resources required for the ThinLinc cluster depend on the number of users, the type of server hardware used by application users, etc. Based on user experience, you can give the following averaged numbers:

    • Disk. About 100 MB for software and data. Each active session typically requires less than 100 KB (storage of session data and session log). In addition, disk space is required for the operating system, user applications, and logs.
    • CPU resources and memory. The amount of processor resources and memory depends solely on the applications launched by users, user activity and expected response time.

    When ThinLinc is used only to access the Windows desktop through rdesktop, experience shows that approximately 50-100 MHz and 20-50 MB per active user are required.

    A fully functional KDE or Gnome desktop with regular running office and Internet applications (LibreOffice, Firefox, some graphical programs and open multimedia rich web pages) requires approximately 150-300 MHz per active user, and the expected amount of memory per user for such a desktop without applications is 100-200 MB *.

    * Figures are based on customer experience using the Intel Xeon 7140M (Netburst). For other processors there will be different numbers.

    Among other amenities, ThinLinc implements the principle of hot-desking, in which employees do not have any seats assigned to them, and access to the desktop is provided from any client connected to ThinLinc. Sessions closed in one place open from another place in the same form right up to the cursor position.

    To work on the corporate network outside the organization from other people's client devices, the user only needs a USB flash drive with the ThinLinc client loaded on it. You can also download the client to your smartphone and connect to the ThinLinc server via mobile networks.

    ThinLinc can print remotely without the need to install special drivers on the server.

    ThinLinc requires a minimum of effort and time to install and configure. ThinLinc automatically detects the Linux distribution and installs all the missing software packages from the data warehouse. During the installation, the firewall, print queue, etc. are configured.

    ThinLinc installation includes downloading server and client parts from the developer's site , for which you need to enter your email address. A link to the distribution will then come to this address. Free ThinLinc can use no more than five simultaneous users.

    After installation and configuration, in which basically you only need to click the "next" button, you get a fully functional ThinLinc system.

    For large clusters with many servers, the ThinLinc installation can be automated using configuration files.

    The system allows using various authentication mechanisms: static or one-time passwords, RADIUS protocol, public key authentication, Kerberos protocol.

    Also popular now: