windows terminal services for remote pvss access peter chochula – alice 17 june 2004
TRANSCRIPT
Windows Terminal Windows Terminal Services for Services for
Remote PVSS Remote PVSS AccessAccessPeter Chochula – ALICEPeter Chochula – ALICE17 June 200417 June 2004
OutlineOutline
MotivationMotivation Technology : RDP, RDC, Windows Server Technology : RDP, RDC, Windows Server
20032003 CERNTS, licensing issuesCERNTS, licensing issues ALICE Test SetupALICE Test Setup Tests to be performedTests to be performed
Motivation for using TSMotivation for using TS
Remote access to control systems is required Remote access to control systems is required by several groupsby several groups
We were looking for secure and reliable We were looking for secure and reliable solutionsolution
Number of protocols passing through CERN’s Number of protocols passing through CERN’s firewall should be limited to minimumfirewall should be limited to minimum
CERN’s security team recommends TS in CERN’s security team recommends TS in conjunction with PVSS remote UI as a conjunction with PVSS remote UI as a preferred solution preferred solution
Remote Connection to Remote Connection to Control Systems (basic Control Systems (basic
ideas) ideas)
Remote client
CERN’s firewall
W2003 TS
Control System
Remote desktop
connection over VPN
PVSS Remote
UI
PVSS Master Projects
Technology behind the Technology behind the Windows TSWindows TS
Windows 2003 TS component is an evolution Windows 2003 TS component is an evolution of Terminal Servicesof Terminal Services
Allows for delivery of Windows based Allows for delivery of Windows based applications to remote (even non-Windows) applications to remote (even non-Windows) computerscomputers
Secure communication with clients is based on Secure communication with clients is based on RDP (remote data protocolRDP (remote data protocol
Remote desktop clients Remote desktop clients (RDC)(RDC)
Implemented in Windows XPImplemented in Windows XP Clients available forClients available for
Windows 95/98/98SE/ME/NT4/2kWindows 95/98/98SE/ME/NT4/2k Windows CE – allows for using palmtops on client Windows CE – allows for using palmtops on client
side!side! LinuxLinux MAC OS X 10.2.8 or laterMAC OS X 10.2.8 or later
Web based interface available for ActiveX Web based interface available for ActiveX enabled browsersenabled browsers
Client Resource Client Resource redirectionredirection
File SystemFile System Client drives are mounted inside server sessionClient drives are mounted inside server session
PortsPorts Client COM and LPT ports can be mounted to the serverClient COM and LPT ports can be mounted to the server
AudioAudio Sound can be redirected to clientSound can be redirected to client
PrintersPrinters Client printers (including networked) are visible to serverClient printers (including networked) are visible to server
Windows keys Windows keys Combinations such as ALT-TAB etc. can be redirected to Combinations such as ALT-TAB etc. can be redirected to
server (CTRL-ALT-DEL is disabled for security reasons)server (CTRL-ALT-DEL is disabled for security reasons)
Additional featuresAdditional features Time Zone redirectionTime Zone redirection
RDC client can provide its time zone to the server – this RDC client can provide its time zone to the server – this allows for working across different time zones (makes allows for working across different time zones (makes sense for agenda etc.)sense for agenda etc.)
Virtual channelsVirtual channels provide possibility to enhance communication between provide possibility to enhance communication between
client and application running on serverclient and application running on server Roaming disconnectsRoaming disconnects
Allow for reconnection to disconnected sessionsAllow for reconnection to disconnected sessions Clipboard mappingClipboard mapping
Copy/Paste support between client and serverCopy/Paste support between client and server 24-bit color support24-bit color support
Benefits from TS and Benefits from TS and RDCRDC
Centralized maintenance of remote UI projectsCentralized maintenance of remote UI projects No need to install project on each client machineNo need to install project on each client machine
Low-bandwidth access to dataLow-bandwidth access to data Only screen view of the data is transmittedOnly screen view of the data is transmitted RDP provides techniques such as data compression or RDP provides techniques such as data compression or
persistent bitmap cachingpersistent bitmap caching Connection optimization based on network bandwidthConnection optimization based on network bandwidth
High level of securityHigh level of security 128 bit bi-directional RC4 encryption (client dependent)128 bit bi-directional RC4 encryption (client dependent) Additional FIPS compliant encryption levelAdditional FIPS compliant encryption level
Enhancing security on Enhancing security on TSTS
TS user rights can be assigned to individual users or TS user rights can be assigned to individual users or groupsgroups
Software restriction policiesSoftware restriction policies Administrators can allow only certain programs to be run Administrators can allow only certain programs to be run
by specified users by specified users Client settings can be overridden by serverClient settings can be overridden by server Client access can be restricted to PVSS00NV, (closing this Client access can be restricted to PVSS00NV, (closing this
application would terminate the connection)application would terminate the connection)
Windows TS capacityWindows TS capacity
MS provides tools for measuring the performance of MS provides tools for measuring the performance of serversservers
Rough estimates based on “Knowledged workers” Rough estimates based on “Knowledged workers” and “Data Entry workers” groups (as defined by the and “Data Entry workers” groups (as defined by the Gartner group)Gartner group)
Server is considered to be at capacity when it is 10% Server is considered to be at capacity when it is 10% slower as it was with single user loadslower as it was with single user load
Numbers should be taken as a guide, real test must be Numbers should be taken as a guide, real test must be done with PVSS in order to verify our real needsdone with PVSS in order to verify our real needs
Server capacity estimateServer capacity estimate
Server Server ConfigurationConfiguration
Knowledge WorkerKnowledge Worker Data Entry WorkerData Entry Worker
4x Intel Xeon MP4x Intel Xeon MP
2 GHz, 4096 MB2 GHz, 4096 MB270270 520520
2x Intel Xeon 2.4 GHz2x Intel Xeon 2.4 GHz
2.4 GHz, 4096 MB2.4 GHz, 4096 MB200200 440440
1x Intel Xeon1x Intel Xeon
2.4 GHz, 4096 MB2.4 GHz, 4096 MB140140 200200
4x Intel Pentium III4x Intel Pentium III
0.8 GHz, 1024 MB0.8 GHz, 1024 MB5050 120120
Estimated memory Estimated memory requirementsrequirements
Total recommended memory for TS:Total recommended memory for TS:
128 MB + (# of users) * (Memory per user)128 MB + (# of users) * (Memory per user)
Where memory per user can be estimated as Where memory per user can be estimated as 9.5 MB for Knowledge workers9.5 MB for Knowledge workers 3.5 MB for Data Entry workers3.5 MB for Data Entry workers We measured ~3-30 MB for Remote UI projects We measured ~3-30 MB for Remote UI projects
(very very preliminary)(very very preliminary)
Windows 2003 Server Windows 2003 Server EditionsEditions
Four editions availableFour editions available Web edition (no TS support)Web edition (no TS support) Standard Edition Standard Edition Enterprise EditionEnterprise Edition Datacenter Edition (optimized for mission critical Datacenter Edition (optimized for mission critical
applications - large database servers etc. )applications - large database servers etc. )
In our evaluation we focused on Standard and In our evaluation we focused on Standard and Enterprise editionsEnterprise editions
Comparison between Comparison between Standard and Enterprise Standard and Enterprise
EditionsEditions Only “relevant” parameters are listedOnly “relevant” parameters are listed For details see For details see
http://www.microsoft.com/windowsserver2003/evaluation/features/compareeditions.mspxhttp://www.microsoft.com/windowsserver2003/evaluation/features/compareeditions.mspx
Standard EditionStandard Edition Enterprise EditionEnterprise Edition
Max. memory per serverMax. memory per server 4 GB4 GB 16/32 GB16/32 GB
NLB cluster nodesNLB cluster nodes 1616 3232
Server Cluster Nodes Server Cluster Nodes (failover for applications)(failover for applications)
N/AN/A 88
64bit support (Itanium)64bit support (Itanium) NONO YESYES
Price (rough estimate)Price (rough estimate) ~USD 1000~USD 1000 ~USD 4000~USD 4000
Overview of TS licensingOverview of TS licensing Two licensing modesTwo licensing modes
Per userPer user Per devicePer device
License is issued to the client by the serverLicense is issued to the client by the server License server provides a pool of licensesLicense server provides a pool of licenses Licenses are not returned to the pool after disconnecting the sessionLicenses are not returned to the pool after disconnecting the session
E.g. a colleague using a laptop goes away with the licenseE.g. a colleague using a laptop goes away with the license Reformatting a client disk wipes out the licenseReformatting a client disk wipes out the license Unused licenses will be returned to pool after a timeout period (~80 Unused licenses will be returned to pool after a timeout period (~80
days)days) If the connection to licensing server is lost, TS issues If the connection to licensing server is lost, TS issues
temporary licenses to clientstemporary licenses to clients
TS at CERNTS at CERN
Central service provided by CERN’s IT is now Central service provided by CERN’s IT is now operational (CERNTS)operational (CERNTS)
User rights are restricted to minimum User rights are restricted to minimum (basically the user is allowed to use only the (basically the user is allowed to use only the Office applications)Office applications)
No possibility to install new software by the No possibility to install new software by the useruser
PVSS support not foreseenPVSS support not foreseen
Cloning of CERN TS for Cloning of CERN TS for experimentsexperiments
No manpower for central maintenance of additional No manpower for central maintenance of additional TS availableTS available
We were offered help with installation of the servers We were offered help with installation of the servers and setting-up of licensing and local policiesand setting-up of licensing and local policies Credits and thanks to Ruben D. Gaspar AparicioCredits and thanks to Ruben D. Gaspar Aparicio
BUT!:BUT!: We can profit from CERN License ServerWe can profit from CERN License Server A reasonable number of licenses (~5000) available at A reasonable number of licenses (~5000) available at
CERN (out of them ~300 presently in use)CERN (out of them ~300 presently in use)
Test Setup in ALICE Test Setup in ALICE CERN
network
2x W2003 Enterprise Edition running
TS
PVSS Master Projects
RDC
Private network
RDC
PVSS Master Projects
Tests to performTests to perform
A preliminary list of tests to be performed has been A preliminary list of tests to be performed has been preparedprepared Credits Wayne, BruceCredits Wayne, Bruce
Some test were already done – as a proof of the Some test were already done – as a proof of the conceptconcept
Systematic tests will be performed this summerSystematic tests will be performed this summer Everyone is invited to participate Everyone is invited to participate Following slides show the status and should trigger Following slides show the status and should trigger
discussiondiscussion
Tests to performTests to perform
Understand what is needed to set-up a WTS Understand what is needed to set-up a WTS able to run PVSS UIMable to run PVSS UIM
Present status:Present status: 2 Servers installed (180 day trial of Enterprise 2 Servers installed (180 day trial of Enterprise
Edition) and created remote UI projectsEdition) and created remote UI projects To be done:To be done:
Check if this is what we needCheck if this is what we need People should have a look at the service and People should have a look at the service and
commentcomment
Tests to performTests to perform
Understand what is needed to set-up a WTS Understand what is needed to set-up a WTS cluster able to run PVSS UIMcluster able to run PVSS UIM
Present status:Present status: NLB cluster setup in progress – it will be setup on NLB cluster setup in progress – it will be setup on
private networkprivate network To be done:To be done:
Test the performanceTest the performance Decide if we really need a server cluster (tending Decide if we really need a server cluster (tending
to say “no”)to say “no”)
Tests to performTests to perform
Understand how to set-up the access to Understand how to set-up the access to multiple different (10) of PVSS systemsmultiple different (10) of PVSS systems
Present status:Present status: Simultaneous access to 2 systems tested (even Simultaneous access to 2 systems tested (even
across CERN’s firewall)across CERN’s firewall) To be done:To be done:
Test the performanceTest the performance Perform tests with more realistic (big) projects Perform tests with more realistic (big) projects
(scheduled for early July)(scheduled for early July)
Tests to performTests to perform
Understand the load of the WTS in the previous casesUnderstand the load of the WTS in the previous cases Present status:Present status:
Rough estimate done, will be repeated with proper tools Rough estimate done, will be repeated with proper tools
To be done:To be done: Perform tests with realistic (big) projectsPerform tests with realistic (big) projects Sort of “data challenge” would be neededSort of “data challenge” would be needed
Your help would be really appreciatedYour help would be really appreciated
Tests to performTests to perform Look on the effect on users if one user initiates a high CPU-Look on the effect on users if one user initiates a high CPU-
load taskload task Present status:Present status:
Tested a policy which allows to execute only remote UI projectsTested a policy which allows to execute only remote UI projects High CPU-load tasks can be killed by administratorHigh CPU-load tasks can be killed by administrator Test should be done with proper tools – e.g. Values from Task Test should be done with proper tools – e.g. Values from Task
Manager could be misleading. We will follow the test methodology Manager could be misleading. We will follow the test methodology proposed by Microsoftproposed by Microsoft
To be done:To be done: Identify high CPU-load tasks which are needed Identify high CPU-load tasks which are needed Look on the effects and define policiesLook on the effects and define policies See how clustering helps See how clustering helps
Tests to performTests to perform
Try access to the WTS from Windows Try access to the WTS from Windows machines (XP,2000,NT), Linux and MACmachines (XP,2000,NT), Linux and MAC
Present status:Present status: We tested RDC with XP, Windows 2000, We tested RDC with XP, Windows 2000,
Windows 98 SE and Linux Windows 98 SE and Linux To be done:To be done:
Perform tests with MAC, Windows CE ….Perform tests with MAC, Windows CE ….
Tests to performTests to perform
Determine the behavior if the connection between Determine the behavior if the connection between WTS and PVSS is lost (also on PVSS system if any)WTS and PVSS is lost (also on PVSS system if any)
Present status:Present status: Temporary cut the connection between WTS and networkTemporary cut the connection between WTS and network
Operation correctly resumes if the disconnection is shorter than ~7s Operation correctly resumes if the disconnection is shorter than ~7s Otherwise the remote UI loses connection and has to be restartedOtherwise the remote UI loses connection and has to be restarted No effects on master PVSS project observedNo effects on master PVSS project observed
To be done:To be done: Perform real testsPerform real tests
Tests to performTests to perform Determine the behavior if the connection to the WTS Determine the behavior if the connection to the WTS
is lost (also on PVSS system if any)is lost (also on PVSS system if any) Present status:Present status:
RDC allows for re-connection to a disconnected session – RDC allows for re-connection to a disconnected session – tested even across CERN’s firewall (and it works)tested even across CERN’s firewall (and it works)
On server side a policy can be defined which kills On server side a policy can be defined which kills disconnected sessions after a predefined timeoutdisconnected sessions after a predefined timeout
We were able to reconnect to a session even after 3 days We were able to reconnect to a session even after 3 days To be done:To be done:
Perform more tests with big systems ( also on NLB cluster Perform more tests with big systems ( also on NLB cluster to check the roaming)to check the roaming)
Tests to performTests to perform Identify the requirements for licensingIdentify the requirements for licensing Present status:Present status:
Discussed with IT, our test server is recognized by CERN Discussed with IT, our test server is recognized by CERN License serverLicense server
Seems to work (tested with ~20 simultaneous connections Seems to work (tested with ~20 simultaneous connections to WTS)to WTS)
To be done:To be done: Read again the description of non-trivial MS licensing Read again the description of non-trivial MS licensing
modelmodel Follow the developments of Longhorn Servers (present Follow the developments of Longhorn Servers (present
licensing model is completely different from W2000)licensing model is completely different from W2000) Discuss future support with ITDiscuss future support with IT
Tests to performTests to perform Look at any possible security issues with this approach and Look at any possible security issues with this approach and
how to minimize the riskhow to minimize the risk Present status:Present status:
The approach is recommended by CERN security teamThe approach is recommended by CERN security team Additional tests scheduled in ALICE for JulyAdditional tests scheduled in ALICE for July
A firewall will be placed between the WTS and PVSS projects running on A firewall will be placed between the WTS and PVSS projects running on private networkprivate network
Several tests will be performed at private network (Administrative Circular Several tests will be performed at private network (Administrative Circular Nr. 5 restricts the tests on CERN’s network) Nr. 5 restricts the tests on CERN’s network)
To be done:To be done: This is a critical issue with many consequences and has to be studied This is a critical issue with many consequences and has to be studied
carefully with help of CERN Security and Network teamscarefully with help of CERN Security and Network teams One should especially look at resource sharing as this is a potential One should especially look at resource sharing as this is a potential
source of problemssource of problems
Tests to performTests to perform Look at how to handle login (single or multiple)Look at how to handle login (single or multiple) Present status:Present status:
We looked so far only at local policies and defined a group We looked so far only at local policies and defined a group of usersof users
To be done:To be done: This topic has to be followed – what are the requirements?This topic has to be followed – what are the requirements? The client can securely share credentials with WTSThe client can securely share credentials with WTS File system permission between Windows and Unix could File system permission between Windows and Unix could
be also handled by Windows Services for Unix (SFU) – it be also handled by Windows Services for Unix (SFU) – it provides NFS server and client, password synchronization provides NFS server and client, password synchronization etc. (we installed SFU and will test it soon) etc. (we installed SFU and will test it soon)
Tests to performTests to perform
Look at performance when changing Look at performance when changing frequently the panels or when panels are frequently the panels or when panels are frequently modifiedfrequently modified
Present status:Present status: PendingPending
To be done:To be done: It has to be doneIt has to be done
Additional testsAdditional tests
All tests should be done more systematically All tests should be done more systematically and with more realistic systemsand with more realistic systems So far we tried just to check the conceptSo far we tried just to check the concept
Identify bottlenecks (e.g. network influence)Identify bottlenecks (e.g. network influence) Understand user requirementsUnderstand user requirements Study related technologies (e.g. SFU, SUS…)Study related technologies (e.g. SFU, SUS…) What else did we forget?What else did we forget?
ConclusionsConclusions
Concept of TS has been studied in ALICEConcept of TS has been studied in ALICE Test setup including 2 Enterprise servers is Test setup including 2 Enterprise servers is
operational (we will be forced to reinstall at least one operational (we will be forced to reinstall at least one server by the end of July – grace period is over)server by the end of July – grace period is over)
No major problems discovered so farNo major problems discovered so far
We will continue our tests and report the resultsWe will continue our tests and report the results Any help is appreciatedAny help is appreciated