Terminal Server Internals�for Vambeers : Terminal Server Internals for Vambeers PubForum 2005, Nice, France
Bernhard Tritsch
About Bernhard Tritsch: About Bernhard Tritsch Author of Microsoft Windows Server 2003 Terminal Services (Microsoft Press)
Microsoft Most Valuable Professional (MVP) Windows Server – Terminal Server
Chief System Architect at visionapp in Frankfurt/Main, Germany
Author of www.wtstek.com
Session Motivation: Session Motivation Car Industry
DaimlerChrysler, BMW, Volkswagen, Audi, ...
International Motor Show (IAA) Cars in Frankfurt
Geneva International Motor Show Terminal Server Industry
Microsoft, Citrix, triCerat, AppSense, visionapp, ...
Microsoft ITforum in Barcelona
Citrix iForum in Las Vegas
MTV's
What the Heck are Vambeers?: What the Heck are Vambeers? Vambeers are people who usually don't care if it's day or night, because they work with their Terminal Servers in dark rooms, sometimes in huge data centers
Only sometimes, when it's dark outside, Vambeers want to go out to drink beer
Vambeers belong to the species commonly known as "server nerds"
PubForum is a natural habitat for Vambeers
What's under the Hood?: What's under the Hood? Pimp my Terminal Server, Vambeers!
But before modifying and tuning terminal servers, it is good to know some system details...: But before modifying and tuning terminal servers, it is good to know some system details...
Required Components: Required Components A multi-user environment consists of the following components:
Access software on a client: Software on a thin client, a Web browser, or a standard PC that enables access to a terminal server over the network
Communications protocol: A key component is the RDP protocol enabling remote clients to access the terminal server
Terminal server: Windows Server with Terminal Services installed that permits simultaneous user sessions
The RDP Clients: The RDP Clients
Standard Win32 RDP Clients: Standard Win32 RDP Clients
Standard Win32 RDP Clients: Standard Win32 RDP Clients Two different clients
Remote Desktop Connection: Start – All Programs – Accessories – Communications
Remote Desktop MMC Snap-in: Start – All Programs – Administrative Tools – Remote Desktop
One common component
Mstscax.dll: RDP Client ActiveX Control
vRD from www.visionapp.com: vRD from www.visionapp.com
The RDP Protocol: The RDP Protocol
RDP Protocol Features: RDP Protocol Features Based on the standards ot the T.120 protocol family and related to Microsoft NetMeeting
Supports up to 64,000 channels
Screen is transmitted as raster graphics
Adaptive to client capabilities (bitmaps, color table, character commands, caching, ...)
Compression and encryption (up to 128-bit)
Support of Virtual Channels to extend functionality
The Terminal Server: The Terminal Server
Standard User Session Processes: Standard User Session Processes Start – Administrative Tools – Terminal Services Manager
Standard User Session Processes: Standard User Session Processes Csrss.exe: Win32/64 subsystem controlling the execution of Windows processes and threads
Winlogon.exe: Controls the interactive user logon and communicates with the security subsystem
Explorer.exe: Graphical interface presented to the user after logon (the "shell")
Rdpclip.exe: Executable for file copy, allowing you to copy and paste between terminal server and client
Ctfmon.exe: Monitors the active windows and provides text input service support for alternative user input
Task Manager: Task Manager
Subsystems in User Mode: Subsystems in User Mode These processes run in the system context
Csrss.exe: Win32/64 Subsystem, one instance is executed per user session
Services.exe: Administrative instance for background processes (Windows Services), controlling multiple service hosts (svchost.exe)
Lsass.exe: Local Security Authority Subsystem; used to authenticate users and monitor the degree of security of the other subsystems
Smss.exe: Session Manager; this is the first process in user mode created after system start
Windows Services: Windows Services Start – Administrative Tools – Services
Terminal Server Service: Terminal Server Service Process name: "svchost.exe -k termsvcs"
The terminal server service is responsible for
Session management: listening for connections, assigning connected users to sessions
Initiation and termination of user sessions
Session event notification
Runs as system service, utilizes the System Global name space
The service is entirely protocol independent
Uses Rdpwsx.dll for protocol-specific extensions
Slide21: System
Support
Processes User Applications Executive Services Object
Mgr. Process
Mgr. Cache Window-
Manager Local
Proc.
Calls Virtual
Memory
Mgr. Login Screen Kernel Hardware Abstraction Layer Graphics
Device
Drivers File System Network Devices Security
Mgr. Win32 Subsystem (Csrss)
Hardware Kernel Mode User Mode Windows on Windows / Virtual DOS Machine Service Processes
Terminal Server Device Drivers: Terminal Server Device Drivers Start – Administrative Tools – Computer Manager – Device Manager – Non-PNP Drivers
Start – Administrative Tools – Computer Manager – Device Manager – System Devices
Drivers, drivers, drivers: Drivers, drivers, drivers Termdd.sys: General Terminal Server Driver
Kbdclass.sys: Terminal Server Keyboard Driver
Mouclass.sys: Terminal Server Mouse Driver
Rdpcdd.sys: RDP miniport display driver
Rdpwd.sys: RDP WinStation Driver, RDP stack driver for TCP/IP
Tdtcp.sys: TCP/IP Transport Driver
Rdpdr.sys: Terminal Server Device Redirector
System Information: System Information Start – Run... – "msinfo32.exe"
Namespaces: Namespaces Namespaces are responsible for identifying objects and are controlled by the Object Manager
Two namespaces are available on terminal servers:
User-specific namespace, managing objects related to applications that originated in the same session
System-wide namespace, visible to all applications across the system
System-wide namespace is linked to console-session namespace
Slide26: Terminal Server
Device Driver
Termdd.sys Rdpwd.sys Winlogon Rdpwsx Smss Rdpdd.sys
Display
Driver Terminal Server Service Win32k.sys
Kernel Csrss Per-
Session
Apps Video Mouse,
Keyboard User Sessions (WinSta) 1 - n System-wide Tdtcp.sys User
Mode Kernel
Mode
WTS Configurator: WTS Configurator Download from http://www.wtstek.com
Thank you: Thank you www.wtstek.com