Windows Terminal Services comes bundled with Windows Server 2003. Citrix costs
extra. Here’s why you might consider paying the piper.
- By Greg Shields
Ever since Microsoft began bundling Terminal Services with Windows 2000 Server, users have asked, "Why should I pay for Citrix when Windows Terminal Services is free?"
"Sometimes you shouldn't," says Tim Reeser, chairman and CFO of Engineering Computer Consultants, a Citrix Platinum Reseller in Ft. Collins, Colo., and author of the recently published book Citrix MetaFrame for Windows Server 2003: The Official Guide. "When people ask, I tell them that for any deployment under 75 users, you can do reasonably well with just Terminal Services."
That's not the response you'd expect from a Citrix reseller. But with Terminal Services for Windows Server 2003, Microsoft announced a number of new features: Windows Server optimizations to support more users per server, Remote Desktop Client improvements like greater screen resolution and more colors, and support for connecting client devices into the remote session.
At first glance, Citrix's recently released MetaFrame Presentation Server v3.0 provides similar functionality as Terminal Services. Both let you remotely log on to a server remotely from a client anywhere on your network or the Internet, and both give you access to centralized applications using an easy-to-install client and low bandwidth client.
The challenge for Citrix is to convince customers they need Citrix when the common perception is that Terminal Services is free. Nabeel Youakim, a Citrix vice president responsible for the ongoing partnership between Microsoft and Citrix, says that perception is off base.
"Terminal Services is not free," he says. "A Terminal Services Client Access License (TSCAL) costs about $149 per user at retail price and is non-concurrent, which means one TSCAL per user." Any time Terminal Services is used in Application Mode, a TSCAL is required for every connected client. A Citrix server license sells for around $200 to $250 per user and allows multiple users per license—there is no charge for any Citrix client software. Youakim estimates most customers average about four users per license, which makes the per-user cost between $50 and $75.
There is a catch, however: "You still have to purchase a TSCAL for every user any time you're using Citrix," he says.
So you have to buy TSCALs at about $150 per user no matter which option you choose, making that issue a wash. What it all comes down to, if Youakim's estimates are accurate, is you're really paying $50 to $75 per user more for Citrix as compared to Terminal Services.
That brings us back to the central question—do the added benefits of Citrix justify the extra expense? While some features are remarkably similar between the two products, the Citrix MetaFrame Access Suite does boast some interesting improvements.
The Client Makes
If you're familiar with how Terminal Services or Remote Desktop works, you're well on your way to understanding how Citrix operates. Citrix uses a proprietary protocol called Independent Computing Architecture (ICA) to push screen updates and mouse/keyboard commands between the client and server. It's similar to Remote Desktop, but with significant bandwidth optimizations. ICA works in tandem with Microsoft's Remote Desktop Protocol (RDP), and both can be used simultaneously on the server.
The most immediate benefit Citrix has over RDP is support for more operating systems. Unlike RDP, where clients are limited to Microsoft operating systems, Citrix provides freely downloadable ICA clients for Solaris, AIX, HP-UX, Macintosh, OS/2 and others. Even DOS gets its own client.
Citrix's greatest advantage may be its "client-less" Java client, delivered as compile-on-demand Java code. You can couple the Java client with Citrix's no-host Web and security products to provide ICA access to any client, from any server, at any location that has Internet access.
"The Java client is being used more and more in our installations," Reeser says. "It's much easier for the end user." That's because the Java client is auto-downloaded and configured by the Citrix administrator, not the end user.
More importantly, the Java client isn't restricted to areas where you can actually install a client. Because of its "client-less" nature, you can—theoretically—use it in highly secure areas like airport and hotel kiosk computers, making it a boon for road warriors.
But Reeser notes there's a catch to that plan. "About 50 percent of hotel and airport kiosks are locked down so tight the Java client won't run," he says. But with Citrix claiming it has some 50 million users, he says kiosk owners are beginning to realize they have to allow users to employ the Citrix client.
Terminal Services can connect users to Terminal Servers through the Windows Remote Desktop Client. All users must configure their clients with the correct connection settings for the server. In small installations, training users on this process is easy, but in larger environments with dozens of servers and hundreds of clients, the process can get unwieldy.
Enter Citrix Web Interface. In a correctly configured Citrix Web Interface environment, the burden of maintaining server connection information is removed from the user. All users need to connect to a Citrix-enabled environment is the Web address of the Citrix Web Interface portal. At the portal, users log in once to access all the applications available within that environment. Each user's login information can be securely sent to the selected MetaFrame server hosting the application. This means you can achieve a single sign-on experience.
Once the user logs into the Citrix Web Interface server, new or updated client versions automatically deploy in the background. You can also download these client versions as an ActiveX control. That ensures all client configurations are handled by the administrator; users have no configuration capabilities. Users need only a username and password, and the applications for which they have permissions are presented.
Figure 1. The main Citrix management console is much more comprehensive than Terminal Services' (see Figure 2).
Of course, if you're operating in a Web environment, Internet connectivity and security are paramount concerns. When running Terminal Services, all traffic between client and server is handled over TCP port 3389, which is not a port that is typically routed to the Internet, making client connections difficult through Internet firewalls.
To combat this problem and provide a secure method of transporting ICA over unsecured networks, in 2001 Citrix released Citrix Secure Gateway. Now in its second generation, Secure Gateway provides proxy and ticketing services to your MetaFrame deployment, allowing you to securely connect Citrix-enabled applications to the Internet while easing firewall traversal. The Secure Gateway authenticates users and employs a combination of SSL and network proxying to encrypt the ICA stream coming out of the MetaFrame server. It also re-encapsulates data into a TCP port 443 HTTPS connection, which is much easier to route over insecure networks. The gateway also masks the internal network information of your secured MetaFrame servers.
What this provides over Terminal Services is the ability to push applications over the Internet while providing users with an easy-to-use Web interface. Combining this with Citrix's Java-based client can create an environment that lets users access applications from kiosks or even airport computers.
Figure 2. The Terminal Services management console is spare, uncluttered and functional.
To Stream or Not to Stream
Microsoft's RDP protocol has improved dramatically since the beginning. So much so, in fact, that the difference in total bandwidth used between RDP and Citrix's ICA protocol is negligible.
According to Citrix Technical Support Services, a good rule of thumb for either protocol is about 30Kbps per concurrent user. This means that at a typical load level, your network connection use will scale with the number of concurrent users that each connection is serving.
One important difference remains, however. RDP is considered a "streaming protocol," while ICA is not. As a streaming protocol, RDP will consume 30Kbps at all times during the session. ICA's bandwidth utilization, on the other hand, will decrease if the user's session becomes inactive. Data packets are only transferred between client and server when a mouse or key is clicked or something is updated on the screen.
The Bottom Line
Jones agrees with the suggestion that servicing more than 75 users may warrant making the jump to Citrix, but notes that many companies start small, then build their Citrix deployments over time. "Why do they eventually buy Citrix? For many reasons—management, client homogeneity and security," he says.
So, why should you pay for Citrix when Terminal Services is "free?" If your deployment is small and simple, Terminal Services is easy and inexpensive to deploy. If your environment requires multiple operating systems, your users demand simple interfaces, or you want secure environments outside your LAN, the added features of Citrix are worth the investment.
Greg Shields is Author Evangelist with PluralSight, and is a globally-recognized expert on systems management, virtualization, and cloud technologies. A multiple-year recipient of the Microsoft MVP, VMware vExpert, and Citrix CTP awards, Greg is a contributing editor for Redmond Magazine and Virtualization Review Magazine, and is a frequent speaker at IT conferences worldwide. Reach him on Twitter at @concentratedgreg.