domingo, 18 de março de 2012

Centralizing cross-platform applications on a Linux Terminal Server

Roughly 3 years ago we described how windows-only applications could be (almost) seamlessly delivered to a network of Linux workstations. Although Windows terminal services CALs are not seamless to whoever has to pay for them, the technical solution works very well and can be relied on for mission critical scenarios. Now we will look into what Linux can do, to centralize cross-platform applications. Previously, we stated:
In a ideal world every piece of client software is either:
  • web based, with standards based cross browser development
  • portable, developed with a cross platform language / toolkit (Java, Qt, Gtk+, ...)
But even when an application is cross platform, i.e. able to run on multiple desktop operating systems, it is often preferable to have it centralized if certain conditions are met:
  • it is a critical business application, supported by a separate team
  • it is updated very often
  • it generates a lot of network traffic from the local desktops to a remote server
  • ...
If the application is indeed cross platform (or if it is Linux specific), the correct choice is to centralize it on a Linux server. This "server" is in fact a remote "desktop" which allows for multiple graphical sessions. With Linux, no CALs need to be purchased and there are no limits for the number of clients connecting to the application, besides network and server performance.

The architecture is very similar to the one proposed in the previous article. In fact, we invite you to review it before moving forward on this one.

The xrdp login screen

The key pieces for doing getting the work done are:

1) a Linux distribution to run the application that needs to be centralized
2) xrdp – the open source RDP server
3 Vmware / Xen / ... - so that the Linux distribution can be installed as a virtual machine
4) rdesktop or the newer freerdp - an open source RDP client

As before, preventive measures have to be put in place on the remote machine
  • no administration privileges for any regular user
  • minimal software installation
  • automatic startup of the desired application(s)
Each user must have its own startup script on ~/.xinitrc and ~/.xsession linked to it. As with Windows, the authentication can be local with generic users (usually the management applications have their own authentication...) or made against LDAP, Samba, Active Directory, etc.

Below is an example .xinitrc that launches a very simple window manager (opennbox) and a minimalistic task bar called tint2.
#!/usr/bin/env bash
setxkbmap -layout pt
xsetroot -solid rgb:3b/59/98
openbox &
tint2 &
/usr/local/bin/mount_share.sh
exec /path/to/my/application
The purpose of this script, besides doing some initial setup, is launching the centralized application on an nearly invisible desktop environment. If the users are not local this script has to be created automatically for them during the first login (eg, via /etc/skel and pam_mkhomedir).

A java application running on a Linux remote server

If you need packages for xrdp that work out of the box you can get them from the following locations:

xrdp 0.6 for Ubuntu (tested on 10.04 an 12.04)

xrdp 0.6 for Mandriva / Caixa Mágica 14

Opening a session is a simple as running
rdesktop -g 1024x768 -a 16 -k pt 192.168.0.12
from a desktop shortcut. You can also automate the login process by passing the username and password directly on the command line
rdesktop -g 1024x768 -a 16 -k pt -u User1 -p MyPassword 192.168.0.12

This means that a double click on the desktop shortcut will trigger the opening of a remote session and the startup of the centralized application. Whenever the application is closed the remote session will be terminated.

If at some point the user closes the client window, the session will remain running allowing for a later reconnection. Currently, xrdp supports automatic resize and colour depth adaptation, so it is possible to reconnect from a different device and continue the work interrupted before. It is also possible to connect from Windows clients since xrdp has been tested with at least Windows XP and Windows 7.

One thing xrdp doesn't support yet is forwarding the print jobs as the Windows terminal server component does. However, if you are on a LAN or VPN, you can have your central Linux terminal server recognize the printers from all your CUPS servers and print directly to their print queues. You can also have your users print to a PDF file on a shared folder which can accessed from the local workstation.

Xrdp is an amazing piece of Open Source software. It can used for more ambitious tasks, such as centralizing entire desktop sessions to be accessed by thin clients. That is a more complex topic which may be the subject of a future article.

Sem comentários: