S 2.466 Migration to a terminal server architecture

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

When migrating an existing client/server architecture to a terminal server-supported environment, it must be checked carefully before implementation whether the applications to be migrated are suitable for this.

If the verification results in file or access conflicts on the destination system, this may usually be attributed to a poor or missing separation of the user sessions by the corresponding application. At this point, Windows-based server operating systems offer the option of performing the required encapsulation within a special installation mode in place of the applications. This way, the registration database (Windows Registry) and files in important system directories are separated individually for every session. Applications suitable for terminal servers according to the manufacturers, e.g. in Windows Terminal Server and in the terminal server solutions of the company Citrix, are also usually designed to be installed in this form. If the described encapsulation method is available for the planned terminal server solution, it should be used. If the application is successfully installed, the installation mode must be exited.

Analysis of the requirements

Applications with significantly differing protection requirements should not be operated on one terminal server without any further measures. Whether or not they can be operated jointly on one terminal server depends on the product used and on the individual threats and requirements of the organisation and/or the applications. Therefore, the extent to which the terminal server solution in question is suitable for operating applications with different protection requirements jointly on one terminal server must be assessed.

Additionally, appropriate safeguards must be taken in order to guarantee an appropriate level of protection for all applications. The application with the highest protection requirements in the fields of availability, confidentiality, and integrity is therefore decisive for the respective level of protection of all applications operated on the terminal server. If the required level of protection cannot be attained for all applications, separate IT systems should be used instead.

If many different applications are required, these may also be grouped in accordance with the requirements of their users, because if a large number of very different needs are to be satisfied by a single or a few IT systems, the complexity of the information system and the likelihood of the applications disturbing each other increase. At this point, it is therefore recommendable to distribute the previously created user groups and applications to different systems accordingly.

Moreover, the reference values determined in S 2.465 Analysis of the required system resources of terminal servers and S 5.162 Planning the bandwidth when using terminal servers must be compared to the performance characteristics of the existing network infrastructure and possibly insurmountable bottlenecks must be taken into consideration in advance.

Review questions:

• Are the applications suitable for use on a terminal server?
• Has it been ensured that applications on terminal servers do not access critical system paths and registration databases without authorisation, e.g. with the help of a special installation mode?
• Has it been taken into consideration that applications with different protection requirements must not be operated on terminal servers in the absence of appropriate safeguards?