You are on page 1of 15

Deploying and Managing Thin Clients

A white paper by W y s e Te c h n o l o g y I n c .

We will cover the following topics: • Enterprise Security • User Experience and Mobility • Network Scalability and Interoperability • Asset Management and Health Monitoring We will also review the key features of Wyse Device Manager (WDM). we will consider some of the requirements for a large-scale thin client deployment. 1 .Abstract In this article. for addressing these requirements.

. . . . . . . . . 4 THIN CLIENT MANAGEMENT WITH WYSE DEVICE MANAGER 4. . . . . . . . . . . . . . . . .9 CONCLUSION . . . . . . . . . . . .13 APPENDIX A – ABOUT WYSE TECHNOLOGY INC. . . . . . . . . . . . . . . .7 . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 2 . . . . . . . . . . .S C A L E D E P L O Y M E N T S . . . . . . . . . . .Ta b l e o f C o n t e n t s INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . .3 C O N S I D E R AT I O N S F O R L A R G E . . . . . . . . . . . . . . . .

each day 10-million enterprise users access their corporate network and applications through thin clients. Besides.INTRODUCTION By some estimation. What is a thin client? It is a client computer in clientserver architecture networks. and VMware Virtual Desktop Infrastructure (VDI). and mainly focuses on conveying input and output between the user and the remote server. Microsoft Terminal Services or Hyper-V. or vendor-specific OS like Wyse Thin OS) and a limited set of applications. they offer little compelling functionality in exchange for the added complexity they bring. Linux. 3 . have redundant resources and management needs. they are too power hungry. Organizations of all size are able to realize the following benefits: • Lower TCO • Lower energy consumption • Reliability of mission-critical operations • Increased data security While traditional PCs work well with virtual desktops. The combined solution provides just enough hardware and software resources to connect to remote back-end infrastructures such as Citrix Application Delivery. All corporate applications and resources reside within these back-end environments. which depends primarily on the central server for processing activities. Windows CE. Their reduced complexity makes thin clients the ideal front-end computing platform for VDI and other client virtualization environments. Thin clients run simplified versions of Operating Systems (ex: Windows XP Embedded. therefore cost more.

consider the following question: “What do you do when a reservation agent in Honolulu airport notifies your IT department in Chicago that his computer screen is black?” The implied requirement is the ability to automatically manage and to seamlessly interact with thin clients. and server virtualization. but often understated. In this article. remote management aspects for deploying thin clients. The speed of remedial actions will have a big impact on the end-user experience. 4 . we want to discuss some important. storage optimization. regardless of their geographical Thin clients. But they also allow IT challenges to be aggregated to corporate datacenters where dedicated staff can provide much faster. are cost-effective. on the other hand. To illustrate how critical remote management can be. higher quality of service and realize economies of scale in terms of energy savings. CONSIDERATIONS FOR LARGE-SCALE DEPLOYMENTS There have been numerous studies about the cost advantage and other benefits of thin clients. and reliability of mission-critical operations. and have just enough resources. employee productivity.Figure 1: Thin clients are ideal for VmWare VDI Architecture (picture from wmware.

without full encryption. and neither does one network! Traditionally thin clients were confined to ticket counters in Airports or tellers in bank branches. In a broad sense. Most importantly. While thin clients offer significant security benefits over traditional PCs. such as in a branch office of a bank. the challenges can be grouped into the following categories: • Enterprise Security • User Experience and Mobility • Network Scalability and Interoperability • Asset Management and Health Monitoring Enterprise Security Often thin clients exist in networks that carry sensitive business information. attacks like “man-in-the-middle” where a malicious 3rd party intercepting a software download and interjecting a Trojan horse is possible Note that financial companies are not the only organizations grappling with these risks.The example above highlights only one of several issues. connected to a server in the headquarters through a remote connection protocol. which you need to foresee for a large-scale deployment. Otherwise. User Experience and Mobility One size does not fit all. In short. it is imperative that thin clients operate according to well-defined policies and all customizations or local applications be installed through the central IT department to minimize voluntary or involuntary security breaches. In an environment like this. The industry term for these use-cases is “task-based computing”. highest levels of security require that there is no clear text data flowing through the corporate network. all communications between thin clients and backend servers must be fully encrypted. Most organizations must secure their network with industry-standard encrypted HTTPS protocol. Take a Health-Care institution that has to secure patient information. any large-scale deployment across multiple geographies. However. particularly with any network topology that has to traverse the Public IP Network represents a potential risk to the organization. with the rapid proliferation of 5 . or a retail business that has to process VISA transactions.

for the following reasons: • Ability to roam in a campus • Ability to work from SOHO • Ability to travel while working with highly-sensitive information (ex: Airport. Without the right network architecture planning and necessary remote access capabilities. As a trend. Reaching out to mainstream users also requires a special attention to their unique experience needs. The remote management solution has to work across multiple IP networks. Furthermore. particularly on Windows XP Embedded and Linux based thin clients. there are still a number of technical issues that can only be dealt at the thin client side. the geography and time zone based management policies should gracefully adapt to user mobility. more and more mainstream users. Automobile) In many instances. these devices will be located across the public IP network. securing and managing these devices will be difficult. They want to be able to roam across public IP networks and they demand to have a personalized computing experience. it should provide a wealth of policy creation and enforcement features to allow for various device configurations and user customizations. A strong pushback from the end-users may create resistance in your organization and put deployment plans in jeopardy. architected to provide the right balance of security and accessibility. While there have been advances in desktop virtualization technologies. behind residential gateways or other network elements. What should be the policy towards these local 6 . often referred to as “knowledge workers” are adopting thin clients. more and more organizations are embracing the next generation of Virtualization based thin computing.Client Virtualization technology. "Which local printer do you connect to? What USB mouse did you plugin? What was the monitor resolution size you chose? Can your PDA synchup with your outlook calendar / contact information running on the backend server? How do you remember the SSID/Password for the Wi-Fi net work?" In addition. users may want to install applications. The mainstream users bring along a new set of experience requirements that must be addressed. When a user travels to Hong Kong from London with his/her portable thin client.

But on the flipside. with download sizes exceeding 250 Mbytes? The network scalability plan should include “remote software repositories” so that updates can be propagated to geographically disperse locations in the most efficient and automated manner.k. provided by device BIOS.a “imaging”) over the network.000 thin clients around the world with the latest OS and Applications. When a thin client OS is 7 . like power interruptions during software upgrades. thin clients should operate flawlessly. The remedial action is to reimage or de-brick the device across the network. As an example. whereas a PC would have to be replaced every 3 years. it is important that the management software provide adequate bandwidth-throttling to handle network limitations.customization attempts and how do you enforce these policies? Network Scalability and Interoperability Compared to PCs. require up 250 Mbytes or more memory for the operating system and applications. also known as bricked device. According to customers. With proper planning and adequate policy enforcements previously mentioned. the thin client base operating system and local applications may have to upgraded on an ongoing basis to ensure seamless functionality over a longer period of time. images may become corrupted. Many thin clients. In a few instances. an average thin client is fully operational for 7 years. thin clients store their software on Flash Memory. plans are never perfect and unforeseen problems do arise. A Point-of-Sales terminal in a small store in a shopping mall will be better served with a direct connection to a regional software repository. the remote management capabilities should include features for managing remote thin client policies. PXE boot requires specially configured DHCP servers and does not work well across WANs and not at all across the public IP networks. thin clients have significantly extended life cycle. The net result is additional cost-savings. will impact your Total Cost of Ownership Unfortunately. Remote repositories can be great assets to optimize your network traffic. In addition. A common practice is to use Pre-Boot Execution (PXE) capabilities. However. particularly Windows XP Embedded based devices. they may not be suitable for every location. Ease of de-bricking a remote device. What is your strategy for upgrading 10. Imagine you have found a critical security hole in your thin client operating system and all devices must be updated immediately. rendering thin clients nonoperational. In cases like that. or lack thereof. However. to initiate a software upgrade (a.

and flag any discrepancies. time-zone. that is. or better yet. but that doesn't mean that traders in an investment bank should see their devices reboot and update their software at 9:00 A. By creating various user and device policies. undesired local applications. when a new operating system or application update is provided. and so on. job-function. or when a device configuration is changed. IT teams can proactively resolve issues if the system provides real-time asset management and reporting. For instance. relational database. there should be a nonPXE solution. IT staff can ensure that that right users have the right environment to maximize their productivity. the system should be able to gather reports from the thin clients. and so on.M. But the best strategy to maximize your Return-On-Investment is to prevent these problems before they occur. in Frankfurt. whereas a senior executive may like to have a rather minimalistic device on his desk. The device policy and security management should give System Administrators the flexibility to customize these policies based on various factors like user-profile. distributed and/or clustered. Policy management is an important methodology to ensure the healthy operations of thin clients. there are many instances where this generic approach is not adequate. you can ensure the proper usage of the company assets. incompatible peripherals. such as SQL or Oracle DB. take automated action to remedy any problem ensuring that the end-user experience is consistent with the desired policies. comparing these reports to a reference.corrupted and the required action is to “de-brick” the device. While a simplistic approach of “locking-down the device” or “one-profile for everyone” may be okay for some organizations. if not all. location. A trading-desk agent might have a dual-screen with a Bloomberg key board. Any flat-file based information 8 . problems that stem from improper customizations. Asset Management and Health Monitoring We have covered many useful features for fixing thin clients when they break. These advanced asset management and health-monitoring data constitute a critical part of business operations and must be stored in a sophisticated. Another important consideration is extensive asset reporting and tracking. Through tracking and reporting. It may be midnight in San Francisco. a solution that doesn’t require PXE setups on the network. therefore eliminate most.

WDM is purpose-built for thin clients. WDM is installed as a distributed architecture. device configuration. not just Windows • Thin clients require very strong profile based policy enforcement for task-based computing • Thin clients are imaged / provisioned through the network • Thin clients require specific Asset Database for tracking and fast remote diag nosis • Thin clients require tight-integration with ancillary network assets like remote software repositories Wyse designed WDM 4.7 In planning a large-scale thin client deployment. and Asset Management and Health-Monitoring. Network Scalability and Interoperability. the key considerations are Enterprise Security. These groups can be based on geography. including telecommuters in a SOHO setup or end-users in branch offices. We believe that a generic management solution is not adequate simply because: • Thin clients run a diverse set of Embedded OS’s. Branch offices have NAT/Gateways and Remote software solution may appear straightforward in a Lab or a proof-of-concept but in the end will not scale for a large-scale deployment. while there is also a large thin client installation within the corporate network. Asset Database is a SQL 2005 server cluster and multiple Administration GUIs allow segregation of Administrative duties for various sub-groups. user profile. We will use the following simplified network topology (Figure 2) to outline the features that make WDM the industry’s most advanced thin client Management Software. User Experience and Mobility. While there are many solutions targeted for PC management.7 to address all these challenges and to make a large-scale thin client deployment as straightforward as possible. In this example. there are multiple sites. 9 . and so on. network topology. THIN CLIENT MANAGEMENT WITH WYSE DEVICE MANAGER 4.

Besides security. like the thin clients. the HTTPS certificates are self-signed and thin clients have the necessary logic to authenticate the WDM Server component. full encryption allows IT staff to deploy additional techniques like compression to increase network efficiency. Furthermore. WDM Server. 10 .Figure 2: Network architecture for large-scale thin client deployment Enterprise Security For ensuring the highest level of security. IT teams have the option to fully encrypt their network traffic and disable almost all server ports (except for HTTP/S. to reduce deployment cost. For the first time in thin client management. all communications between various network elements. Remote software Repositories are based on full HTTPS encryption. typically port 80/443) to ensure a higher-level of security.

To make WDM services like remote imaging shadowing. instead of running all the components in DMZ. at least a portion of the WDM components must be installed in corporate DMZ network.WDM 4.7 offers: • DMZ friendly component installation for managing roaming or telecommuting end-users • Powerful and flexible user configuration / policy management through Default Device Configuration (DDC) • Extensive customization. device personalization and peripheral connection1 1In conjunction with Wyse TCX Multimedia Acceleration and USB Virtualization Features 11 .7 supports the following features to make it the Industry’s most-secure thin client management software. • HTTPS based Server-Client Communication • HTTPS based Server-Remote software Repository Communication • HTTPS based Device Software Imaging • Ability to authenticate self-signed HTTPS Certifications • Server – Client paired encrypted key for pairing clients with genuine manage ment server • Ability to separate the Asset Database from the WDM server for DMZ installa tions User Experience and Mobility Next. So. Alternatively. the risk of exposing the Asset Database on a DMZ is simply unacceptable for many organizations. WDM 4. firmware upgrade and real-time asset tracking accessible. By creating the right groupings. we can install and start a new SQL service inside the network. However. let us take a look at enabling User Experience and Mobility where thin clients are connected to the public IP networks. we will simply attach WDM to an SQL 2005 server running inside the secure corporate networks. WDM has a very powerful device policy management module. without being impacted by geography glitches. we will make sure that roaming users get all the proper updates and other policy enforcements. called Default Device Configurations.

can be created with up to 90 levels of hierarchy. device type. This allows Administrators to set up restricted views and designate sub-group Administrators to manage a subset of thin clients. Furthermore.7 has industry leading policy management tools. the new Non-PXE boot capabilities in WDM 4. based on the policies set by the root administrators. Administration delegation is another powerful technique that is available in WDM and is integrated with Microsoft Active Directory services.7 provide seamless Network Interoperability. and so on. 12 . based on location.Network Scalability and Interoperability WDM ensures that high-latency downloads occur only between the Master and Remote software Repositories. WDM also supports remote GUI connections so those delegate Administrators can connect to the WDM sever and the Asset Database. These configuration policies are called Default Device Configuration (DDC) and ensure that a particular device belonging to a particular DDC group behaves exactly the way intended. subnet. All device image updates should occur through the local / nearest Remote software Repository. Remote repositories act as local mirrors of the Master Software Repository and they automatically synch with the Master Repository. • Windows and Linux based Remote Software Repositories • Dealing with large images through distributed software download locations • Adjusting to remote location bandwidth limitations through bandwidth-throt tling • Imaging / Remote management over public IP networks: • Non-PXE Boot • HTTP / HTTPS based software imaging Asset Management and Health Monitoring WDM 4. Different types of configurations.

thin client management software that provides superior security. This has shown that while thin client management may appear straightforward at the outset. Any comprehensive Asset Management and HealthMonitoring solution must rely on an industry-standard Relational Database. additional logic and features for network scalability and interoperability and finally a world-class asset management and health-monitoring feature-set.7 is an advanced. which contains the Asset data. Administrators have full access to the powerful relational Database. we have reviewed some of the considerations for a large-scale thin client deployment program and discussed how to design and manage a thin client computing infrastructure with Wyse Device Manager. purpose-built. • Powerful and flexible Default Device Configuration (this feature is worth men tioning a second time) • Administration Delegation • MS SQL Relational Database for Asset Tracking CONCLUSION In this white paper. (WDM). WDM 4. a sophisticated management such as Wyse WDM is required to deliver the full benefits of a thin computing solution. 13 . better accommodation for end-user experience and mobility. In addition. MS SQL.WDM comes packed with powerful scripts and queries for Asset Tracking and Reporting.

Citrix. Wyse partners closely with industry leaders Microsoft. VMware. and others to achieve this objective. or call 1-800-GET-WYSE Wyse Technology Inc. visit the Wyse web site at www. California. CA 95134-1801 Wyse Sales: 800 GET WYSE (800 438 9973) Sales: 408 473 1200 Wyse Customer Service Center: 800 800 WYSE (800 800 9973) Or send email to: sales@wyse. manage risk.. The Wyse logo and Wyse are trademarks of Wyse Technology Inc. Wyse Technology is the global leader in thin computing. 09/08 880925-26 Rev. with offices worldwide. 3471 North First Street San Jose. Wyse is headquartered in San ©2008 Wyse Technology Inc. Some features require support by server operating system and protocol. with better security. and deliver access to information. For more information. Other product names mentioned herein are for identification purposes only and may be trademarks and/or registered trademarks of their respective companies. allowing people to access the information they need using the applications they want. Specifications subject to change without notice. Thin computing allows CIOs and senior IT professionals to reduce costs. infrastructure software. A . and services that comprise thin Visit our website at: http://www.Appendix A – About Wyse Technology Inc. and at a much lower total cost of ownership than a PC.wyse. Wyse and its partners deliver the hardware.