Due to hardware reqs we’re tossing the idea at work to replace the Microsoft termserv with Linux. Due to the userbase being all windows fans we’d need a full on GUI and i’ve been prodded towards Mint. Good idea or bad?
I’ve happily set up a remote kunbuntu for my workspace previously, but accomodating multiple complete linux neophytes is giving me a bit of pause.
Bit more info: The current termserv is a debloated win10 machine with the multisession registry edit. However, it’s on an R515 with proxmox (and running extremely well). Due to partner network requirements, we can’t run depreciated software, and the box won’t support win11, and frankly, I sat the boss down and asked him if he wanted to be microsoft’s bitch for the forseeable future and junk serviceable hardware. He’s absolutely up to getting on a linux ecosystem, but the graphical desktop environment is non-negotiable on his end.
**EDIT: ** Anyone else looking to run this system: https://www.apalrd.net/posts/2022/xrdp_intro/ Video link at https://www.youtube.com/watch?v=sAllRma_0xc
Full on GUI for what? Server/ clients?
If you need all GUI tools on a server you might want to try OpenSUSE Leap, it has full GUI (Yast2-GUI-GTK) tools for administering network, Firewalld, services, users, shares, LDAP, filesystem snapshots. Also has AutoYast for saving off server and software config and redeploying on another server. YAST software also lets you select packages to install with check boxes, and other click options to lock/hold a package, upgrade, delete etc. While seeing the versions as radio buttons that can be selected. Takes all commandline work out of the equation.
terminal server as in individual user logins to a desktop environment for internet access. So locked down, RDP access (using XRDP at the moment on a test proxmox image)
Ah, i skimmed over termserver the first time. Both Mint and Zorin are very Windows like. And Zorin is developing GRID, when released is supposed to be a deploy / management tool for IT caring that is caring for multi client installs.
For ease of deploying and locking down a client, maybe microOS or nixOS, both have the build from config file setup.
Due to the userbase being all windows fans we’d need a full on GUI and i’ve been prodded towards Mint. Good idea or bad?
That is completely up to what their requirements are (which applications they use, workflow etc) and what your users are like. Some users are extremely resistant to change - and have connections to people in high places - so you’ll need to think about how to handle them. Like back in my helpdesk days, we had a bunch of VIP users and admin staff oppose the upgrade to Office 2007 (from XP/2003), mainly due to its new ribbion interface, and also incompatibility with some of their custom macros etc. We were midway thru the rollout and ended up completely halting the upgrades due to the fuss they kicked up. Office XP/2003 was already way out of support, but they didn’t care or listen.
So yea, you’ll need to ask your users, not us.
Company owner is 10000% on board because cheap so the only complications will be getting some win-specific software (download clients mostly) to run on the emu
Honestly that is a fairly bad reason. If you do this it is likely not going to end well and you will pay is downtime and man hours.
What are you using the terminal server for? Is it something that can be done on a user device?
Please read other comments on this thread. A single internet access point is the only way we can move forward and gain a trusted partner network rating.
What exactly are you trying to accomplish?
terminal server to provide internet access for multiple users.
More in depth:
Workplace infrastructure is being dragged kicking and screaming into the 21st century. Part of this is to separate production from internet entirely (we work in cinema distribution) , so existing prod workstation VLAN is being blocked off, but staff still need some internet access for downloading content from studios, email, Aspera access, other bits and bobs. So the terminal server will provide this access. The users are all completely unfamiliar with linux, so the Mint GUI has been suggested as a good substitute.
Given most production machines are MS, and again for user comfort, looking to set up xRDP access for multiple users to this mint instance. From what Ive been reading up MATE is the best distro to use for what I’m planning. Not going to be hellishly high load, probably mostly email and browsing as I’m already looking to DMZ dedicated content reception servers (this place is a mess I’ve got my work cut out for me…)
Look into either X forward or Xpra. No need to run a GUI at all, you can run only the browser itself.
X forwarding will require a little more setup: https://docs.cse.lehigh.edu/xforwarding/xforwarding-win/ (first link I found on google)
Xpra would be just an app installed on the client (and server)
xRDP is no issue, I’ve set that up before and already have it running on a mockup mint MATE I’ve spun up. They’re gonna need more than just browsing, so looking for a full (locked down) desktop environment per user.
X11 Fordwarding isn’t xRDP though. You don’t need a full blown graphical session to run.
I wouldn’t install Mint for production either, I’d use something like Debian stable or Fedora.
ah, so it’s like xenapp?
I’m not super familiar with Citrix, but yeah kinda.
deleted by creator
Seems like maybe a good use for Kasm Workspaces. Use persistence in each session to save settings, files etc…
Could you just give them limited access to the internet? Or maybe just setup a network share. What you are describing sounds overly complex. Maybe I’m just being pessimistic but what your describing sounds like a support nightmare
This is actually the easiest way. Anything holding content cannot touch the internet under DCI. . A single multisession termserv with locked down user perms means there’s one point of control.
If it’s just Internet access, would you want to use something more locked down like Fedora kiosk?
Fedora Kiosk does not appear to be in active development, and there is nowhere available to download it.
Sorry, good catch.
It had been a while since I had played briefly with kiosk mode in a VM: I misremembered the project (the one I played with was still available)
I had found it interesting, and had set it up… Probably been around a year or so.
The project I used was Gnome kiosk, not Fedora kiosk.
You can make KDE Plasma look like a dead ringer for Windows. This might make user acceptance easier.
I’d look at KasmWeb for VDI. You can make instances ephemeral or keep them persistent, and you can also hook actual desktops via the VDI as RDP sessions. I have also set up a docker instance of a Windows session via Dockur and exposed it via Kasm
I’m not sure if you can disable desktop customization in plasma
I just wouldn’t enable persistence on the Kasm session.
I’ve never used Kasm personally. It sounds like a decent piece of software.
Why do you recommend KDE? Wouldn’t Xfce4 or Cinnamon be simpler and lighter weight?
Update: Kasm really is not Foss and requires a EULA
It’s easy to transition a windows user to Plasma as their underlying concepts are very similiar in how windows and workflow are organized. And you can set it up to look exactly like Windows, which would reduce pushback/confusion by the users.
I had one person convinced the laptop I gave them was a Mac for several week. I mean an experienced user would notice things after a short while, but it took quite a while for this user to catch on, and when I told them they were on Manjaro (which they have no clue what that is), there was a shoulder shrug and carried on. Apps like WPS Office look different, but not all that strange.
A basic KDE desktop is as lightweight as XFCE in my experience. You can load it up if you try hard enough, but they’ve put a pile of work into keeping things light and snappy.
Kasm is pretty neat. I run it as a docker stack on it’s own VM, it’s getting quite decent from a sysadmin standpoint since that’s a heavy focus of theirs for setting up a Linux based VDI.
Honestly, Linux very much not as polished as Windows when it comes to a multiuser terminal server.
With that being said you need to look at xrdp and X. Make sure you lock down security and configure your desktop.
Honestly I would not use something with a preinstalled desktop. Start with a base image and then install the basic desktop and apps you need. You can always use custom configs to make the desktop look like whatever you want.
I’m all for Linux but terminal services is not a common use case.