The COVID-19 pandemic is credited with being a catalyst in the area of digitalization. Processes had to be digitalized within a very short time at a speed that previously seemed impossible. Virtually overnight, the importance of the role of IT administrator grew enormously, with administrators frequently benefiting from technologies that long since seemed outdated. Terminal services, an almost forgotten technology that allows home office workplaces to be set up with a minimum of time and effort, come from an age when clients were little more than simple character displays. For administrators, they are a welcome tool, because they allow simpler administration of centrally operated applications and settings than is the case with high-maintenance desktop computers.

The use of classic terminal server technologies with one (or more) central servers promises optimum utilization of a central server system instead of the often inefficient distribution to desktops. In principle, a server-based solution increases availability and, thus, ultimately security. Now 18 years old, ThinLinc is available in version 4.12 and includes both the server-based elements (session broker, load balancer, admin interface) and the end-user components (client software, customization tools). The interaction of these different components produces a complete solution that fulfills all requirements for a modern terminal environment.

In this article, I'll show you how to set up the software, adapt it to a Windows environment, and ensure access is protected.

Technical Foundation

In technical terms, ThinLinc is a Linux remote desktop server that primarily uses open source software such as TigerVNC, noVNC, OpenSSH, common Unix printing system (CUPS), and PulseAudio. From these tools, the developer, Cendio of Linköping, Sweden, developed a robust, stable environment for server-based computing.

ThinLinc provides the resources of the Linux server in use by converting a regular Linux distribution into a remote desktop server, which simplifies typical tasks for administrators because they only need to keep the server in mind, making it much easier to monitor the environment.

In principle, ThinLinc supports all Linux distributions that use the RPM or DPKG package managers. The tool's system architecture is based on a typical client-server architecture designed in such a way that the terminal server can be integrated effortlessly into an existing IT infrastructure (Figure 1). Apart from regular system authentication, integration of NetIQ eDirectory identity infrastructure management, Active Directory (AD), Network Information Service (NIS), and other elements is also possible. ThinLinc uses pluggable authentication modules (PAM) for authentication.

Figure 1: New terminals can be created and printers shared in the admin web interface.

The software supports clustering and offers high availability and load balancing. To ensure high availability, two systems act as virtual systems management (VSM) servers. If a system is down, the VSM server handles requests so as to ensure that no or only minor disruptions to services occur. Load balancing distributes the user sessions uniformly to the servers in a ThinLinc cluster, with the servers burdened equally insofar as is possible.

The architecture is characterized by the master, agent, and client. The ThinLinc master server (vsmserver) is responsible for initial authentication and selection of the terminal server. To do this, it tracks all sessions and distributes the load to several agents in a cluster. Its task is also to ensure that the clients receive the relevant session information.

The tasks of the ThinLinc agent (vsmagent) include starting and hosting the processes from which a session is generated. The agent also establishes tunnels for graphical and local devices. The tunnels are multiplexed for each user by means of a Secure Shell (SSH) connection. Finally, the client establishes two connections: one with the master first, and then another with the agent that the master qualifies as being optimal.

Installation Preparations

Before performing the installation, you should check the Linux server system you want to use with ThinLinc to make sure it fulfills the necessary system requirements. The hardware side has no special requirements. The server configuration should be guided primarily by the requirements that users place on the environment. To provide every user with a KDE or Gnome desktop, you need to ensure around 200MB of storage space in each case. Much more important is the availability of RPM support, SSH, and a correct Network Time Protocol (NTP) configuration.

ThinLinc is offered under a proprietary license, but the developers provide a demo version for download that is limited to five users working simultaneously. The cost for five to 10 users is to $78 per year per user and for 11 to 49 users is $66 per year per user. To install, download the ZIP archive from the ThinLinc website [1], unpack it into a directory of your choice, and start the installation script with:

sh ./install-server

If you have a valid license, save the relevant text file with the file extension .license in the /opt/thinlinc/etc/licenses directory. In principle, the basic system is now ready for use. You can install the printer as a next step or set up web access.

Configuring Printers with CUPS

Despite the increased acceptance of the paperless office, printing documents remains an important function that a central server solution also needs to support. According to the project website, ThinLinc is used in particular in university and official contexts, and the option of printing is especially required in the latter case despite growing digitalization. The tool therefore relies on the renowned CUPS print server for print functionality.

ThinLinc essentially offers two variants: access to a local printer or to the nearest printer. In the first case, you have two operating modes: device-independent and device-dependent. The two can be combined.

You need to revert to the ThinLinc setup to install the PDF conversion filter, the back end, and the queue in CUPS on all machines. The setup adds a new queue called thinlocal to the CUPS server and makes it available to the users. The thinlocal printer is cluster-enabled: If a user sends a print request to a node in a ThinLinc cluster that is not hosting the user session, the print request is forwarded automatically to a suitable node.

The local printer is ready to use once the installation is complete; you only need to ensure in the ThinLinc client configuration that the diversion has been activated.