Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 

Multiframe 5

Introduction

For years, thin clients are being used for connecting to Terminal Server and Citrix Presentation Server/XenApp farms. For a profit from using the Server Based Computing concept, the fat client should be replaced by a so-called thin client. A fat client required quite a lot of effort to administrate and maintain with a virus scanner, hot fixes and so on.  A thin client includes a small operating system requiring minimal maintenance. It used to be too costly to throw away fat clients, because of the investment made in these workstations. Then someone came up with the idea of converting fat clients into a kind of thin client. Although transferring a workstation to a thin client was not very difficult, there was a big wish for a centralized management of these converted workstations for those small updates and maintenance that should be made.




Nowadays there is an increasing focus on transferring (and buying) normal workstations to perform a client role. Firstly, there is an increased need for powerful clients, because applications are becoming more graphical. Terminal Server products are moving the graphical instructions to the client. Secondly, "real" thin clients are getting more expensive, reducing price differences between thin client and fat clients. Thirdly, the Virtual Desktop Infrastructure (VDI) technique is becoming more and more popular. By implementing the Virtual Desktop Infrastructure, fat clients are moved to virtual machines on a server virtualization platform. The virtualized workstations can ideally be accessed via a thin client.

 

 

Summarized the need for normal workstations running as a thin client system is still there and nowadays there are more reasons to use this methodology instead of buying "real" thin clients.

But central management is also becoming more important, so instead of manually configuring the workstations this should be done using a central management system that handles all tasks for installing, configuring and updating the workstations.

This can all be accomplished with the open source software Multiframe from the Norwegian manufacturer Linpro.

Multiframe has actually been around since the beginning of the century, when it was created as a direct response to a Linpro customer's request for a PC-to-thin-client-converter. It has since been steadily developed by Linpro, into a complete framework for thin client management, but with a continued focus on the "shrinking" capabilities which turns nearly any ordinary x86 based computer into a secure, fast and highly reliable terminal. The client software in Multiframe is capable of connecting with a number of different terminal servers and mainframes through various protocols, e.g. Citrix ICA, Microsoft RDP, encrypted SSH, IBM 3270 and 5250, X11, NX, and ordinary web (www) connections. Due to the licensing terms of some of these modules and other components which were included in previous versions of Multiframe, the software was until now released as closed source, proprietary software. However, in line with Linpro's own company policy and philosophy, the developers have made the necessary adjustments to be able to release Multiframe version 5 as GPL-licensed open source software.

In this review, I will take a look at version 5.0 of Multiframe.

Installation

The main component of the Multiframe framework is the Linux-based administration server. This server handles all the requests and actions to install, configure, update and use the thin clients. Multiframe supports multiple servers sharing the same database for load balancing and fault tolerant scenarios. By default the installation process uses an internal database on the server, so for this scenario the configuration should be altered after the installation, to use an external database. Multiframe also has a built-in feature allowing some clients to act as proxy servers, so the server does not need to handle all the traffic.

The installation of the Multiframe administration server is really easy. The first configuration option is the question of which hard disk to perform the installation on, followed by the message that all data on the hard disk will be removed. Secondly the IP configuration needs to be specified. The server can be running via a DHCP-provided IP address or a manual IP. When using DHCP, it is a good thing to reserve an IP address within the DHCP server, so the server always has the same IP address and this IP address can be specified within the DHCP options for the client scope. 

Image
Figure 1: Configure the network settings.

After these two configuration settings the files are physically installed on the machine and after a restart the server is up and running.

When using the PXE technique to connect clients to the Multiframe server the DHCP options need to be added on the DHCP Server. To support PXE boots via the DHCP scope option 066 needs to be configured with the IP address or name of the server running Multiframe and option 067 with boot file which needs to be used to start-up the client (for Multiframe this option is /pxelinux.mac).

Image
Figure 2: Microsoft Windows DHCP options for running PXE services.

Configuration

Configuration and maintaining the Multiframe environment is all done via a web-based console. Logically you need to specify the IP address of the server within the browser. By default a user name and password is created (see the manual for this information) to log on.

After logging in the console is displayed. The console exists of several parts which will be described later in the review.

Image
Figure 3: Multiframe Administration Console

The first thing we are going to arrange is embedding the Citrix ICA client in the Operating Systems for the clients. Because of distribution regulations, Linpro is not allowed to include the client in advance. Download the Citrix ICA client for Linux (currently 10.6 is supported) from the Citrix website. The client can be added by selecting the server in the left pane, followed by the ICA setup button. When another version than 10.6 will be integrated, a manifest will be necessary, which can be obtained from Linpro. After specifying the client location (and the optional manifest file) the client can be added. After a while the client will be displayed within the console and the ICA protocol is available within the session option (described later).

Image
Figure 4: Adding the Citrix ICA client

After adding the ICA client, it is time to create the logical structure within the console and to configure the settings.

Within the console the logical structure is based on three levels. The first level is the default Multiframe node. On this level the server, the default settings and the Multiframe admin components are available. Configuration on these objects is limited. On the server you can configure settings like the display name of the server, the addition of the ICA client and assigning administration rights, within the Multiframe admin the settings for the default Multiframe administrator can be configured (or deactivate/delete this user when you configured delegation of control) and the default settings cannot be adjusted at all.

On this level the logical structure can be created using folders and networks. On those two levels several configurations settings can be assigned, which are inherited by the folders, networks or devices below this component. The folder is an optional component, while the network component is mandatory. The network component is based on the IP subnet. For every IP subnet a network will be created. When a client connects to the server and the subnet is not defined, it will be created automatically.

On all these three levels the following configuration options are available:
- Create session
- Create profile
- Create Schedule

On the Multiframe level the following configuration are additionally available:
- Create theme
- Create user
- Create group

On the network layer the following configurations settings are especially available:
- Create device image
- Create VPN-enabled device image

Let's take a closer look at these configuration options.

Create session
With this component the connections to the servers are created and displayed on the thin clients. Multiframe supports connections to several systems like IBM 3270 emulator, IBM 5250 emulator, NX, Secure Shell, X11, WWW, RDP and ICA (remember that you need to add the client in order to make this option available). In this review, I will focus on WWW, RDP and ICA. However it is a big advantage that these legacy systems are supported, so that this kind of client software is not necessary on the Terminal Servers. After specifying the name of the session and the session type, the properties window is displayed. All three session types offer a lot of configurable options. Within the RDP session type you configure access to client devices (like the USB memory sticks, CD-Rom drives, serial ports and audio forwarding), the server which should be connection server for the session (can be a direct server or the session broker server available in Windows 2003 and Windows 2008), the default logon domain, bandwidth optimization and the connection methodology (RDP5).  If access to client drives is supported, you can assign a drive letter, so the device is displayed with that driver letter in the Citrix or RDP session. Also the ICA session type offers all the settings you need. Just like the RDP level you can configure access to the client devices. It supports all Citrix discovery types (TPC/IP, HTTP and HTTPS) with the possibility to specify up to three servers for the setup of the connection. Other important options are bandwidth optimization, encryption level, default login domain and auto connection.

Image
Figure 5: Configuring a Citrix Session

The WWW session type can be used to let the users use the browser on the client to access websites, but also to display the applications connections to the users via a Citrix Web Interface or the Windows 2008 TS WebAccess. Within the configuration settings of the WWW session type logically the FQDN can be specified to which should be connected. Several proxy settings can be configured (when using it as the standard browser), the display of the web browser (fullscreen or windowed). When using the Citrix Web Interface you can configure the option Use ICA session to apply the configuration settings of this configured Multiframe session to the Citrix sessions started using the Citrix Web Interface.

Every session needs to be connected to a frame in the profile configuration (described below). Every profile can handle a maximum of 8 frames. So in case you are using Published Applications/RemoteApps and have more than 8 applications, you will probably use the WWW option to display the Web Interface or the TS Web Access to present the applications to the user. If you are using a Published Desktop you probably will configure a RDP or ICA session.

Create Profile

A profile within Multiframe is used to configure the settings of the thin client. The following categories are worth mentioning in this review:

  • Operational Parameters

    Within this configuration item all kind of settings can be configured for the client operating system like the version, the hard disk erase method, the images used during boot-up and the desktop background, wireless network settings (thin clients can also connect using wireless networks), network MTU settings and dual boot options.
  • Screen and keyboard/mouse

    By default the operating system will automatically recognize the hardware-related items as the available video card, display settings, keyboard settings and so on. But some components are sometimes not recognized and can be configured using the profiles to be set to a specific type or settings. Other settings like the default settings for NumLock, Screen Saver and position of the screens can also be configured. 
  • Hardware

    In the hardware section you can configure whether a thin client has devices like CD-Rom, dual screen, CD burner or disk drive embedded.

  • Service Parameters

    This option allows the usage and configuration of SNMP and SSHD for additional management of the thin clients.

  • Global Settings

    This part configures the default behavior and settings when a thin client connects to the Multiframe server for the first time. Think of settings of automated registration, automated installation, automatic client type class assignment and naming template of devices.
  • External Devices

    External Device allows the configuration of local printers. Multiframe supports both Citrix as ThinPrint (client is included in the client operating system) and logically the configuration for these products.

 Image
Figure 6: Configuring a profile

Beside these configuration settings of the client, the configured sessions can also be assigned to a profile. This is a nice option because a profile can be connected on the levels Multiframe, folder or network, so the settings will be applied to the layers and devices below this option.

Create Schedule

A really powerful option within Multiframe is the Schedule feature. This features makes is possible to carry out automated tasks at a specific time, day and/or date. With the exception of the task to create a back-up of the database, the tasks are related to the client. Among the tasks I really like the ability to carry out the tasks when the client is idle. For example there are tasks to shutdown the client when idle (for example shut down the clients automatically after business hours, except those they are still in use) or update the client with an updated operating system.

Image
Figure 7: Creating a schedule

Create Theme

This option available on the top level is to personalize the boot process of the thin client to your corporate design. You can create a message displayed during the boot process and display your corporate logo.

The configuration can be assigned on several levels like the folder and network folder. The settings can also be configured on the device themselves. What I really like  is that the product displays  the level that the settings are inherited from. This makes it very easy to find out where settings are configured and how these can be changed if necessary.

Image
Figure 8: Multiframe showing the settings for the device including the origin of the settings.

 

 

 

 

Delegation of Control

Rights can be configured on the top level, folder level, network level and devices. Multiframe has three roles available:
- System Administrator
- Network Administrator
- Helpdesk Crew

On these levels you can configure to which user(s) and/or group(s) a specific role needs to be assigned. It is also a pity that the user will see all options available (although the role does not provide access to that part) and will get an error message when that user tries to configure the setting.

Logically this user and/or group first needs to be created, before a role can be assigned.

This is done via the top level option Create user/group. First you need to create the user(s). This is done by specifying a username, a full name and a password. Next the user can be added to one or more groups by creating or selecting this group and make the user a member of this group.

Image
Figure 9: The group System Management NL with the members and assigned rights.

On the several levels you can apply the above mentioned roles to a user or group  via the properties of that level.

Deploying and Using Thin Clients

Within the Multiframe environment there are four different thin client classes defined.

- Multiclient
This is the most common Multiframe client. This client is a system or thin client, which has the client operating system installed on the local hard disk or flash rom.
- Multidiskless
This client does not have permanent storage available (no hard disk or rom) or has a hard disk which should be retained (multi boot). Every time the client is started, the operating system is loaded into the internal memory of the client. Logically, the client needs more memory to store the operating system and function properly.
- Multiproxy
A multiproxy client is a multiclient with an additional role. This extra role is to proxy the operating system between the clients and the Multiframe server. The clients in the subnet will receive the operating system from the Multiproxy instead the Multiframe server. This is useful when there are many multidiskless clients that download the operating system software every time the system is started.
- MultiVPN
This client is only available via the image distribution method using USB or CD-ROM. This client is outside the management network and can set up a VPN connection to the inside network.

Clients can be enrolled using two methods:
- PXE
This is the easiest way to manage your thin clients centrally. Using the PXE technique the client will boot-up from the network and connect to the Multiframe server. Unfortunate only one PXE system can be available in a subnet and changes to the switches are needed to pass PXE request to another VLAN.    
- USB/CD-ROM
If PXE is not possible, you can create a bootable USB or CD-Rom which can start a minimal operating system to connect to the Multiframe server. These images can be created from the management console on network level. There is an option to create the device image for USB or CD-ROM, providing the appropriate settings to connect to the server.

Independently of which method is being used, the client announces itself to the server. By default a new client will be labeled with the class device. This means that Multiframe will not perform any actions on this device. This behavior can be changed with the earlier described Global Settings in the profile. Consider those settings carefully. Because if you configure the client as a Multiclient by default at the next boot, the hard disk will be erased and the Multiframe operating system will be installed. As mentioned earlier the client's IP address and subnet will be used to determine to which network level the client will be assigned (and inherit the configured settings). After all the configuration settings are configured, the client needs to be booted once again to receive all the settings and depending on the configured class, to install the operating system. 

After this reboot the client is fully operational. The client will boot-up and will display the assigned sessions on the desktop. When one of these sessions is started, the desktop (running in the designated "control" frame 10) will be killed to free up hardware resources. As soon all frames are closed frame 10 is loaded again.

The configured sessions are displayed on the desktop of the Thin Client. Users can easily start a session by double-clicking the icon. Since the default frame will be closed, the startup window is shown during creating the session. The sessions ran smoothly during my tests. Starting another session or switching to another session is really easy. The user needs to press the <CTRL> button, the <ALT> button and the F<nr> (where the number is the frame number) button to switch or start this session. With the <CTRL>, <ALT> and the <BACKSPACE> shortcut the control panel can be displayed. Within the Control Panel session management can also be performed by the user. Overviews of the available sessions, their current state, reconfiguring the session (manually refreshing the session configuration out of the server) and stopping or starting a session are some of the options provided on the frames tab. The user can also change some settings like the keyboard, mouse, display, encrypted media and audio settings.

Image
Figure 10: Multiframe Control Panel

The desktop of the ThinClient can be edited to your company's standard by showing a background image (for example the company's logo).

Image
Figure 11: Mulitframe Thin client desktop

Management and Logging

In the introduction I mentioned that it is important for a thin client solution to be managed centrally. In the review we already have seen how the installation and configuration of the Multiframe clients is done from a central management. Logically, also after the initial deployment updated, changes and similar tasks should be performed centrally.

Within Mulitframe these management tasks can easily be performed. Adding or changing profiles, sessions and other options are automatically reflected to the client based on a time interval. Using the previously described schedule feature, updates to the clients can be performed automatically. Also with the schedule option you can manage to reboot, shutdown or start the clients at defined times, for example to save power consumption or perform maintenance. When necessary these kinds of tasks can also be carried out manually for each client as possible, by selecting the client in the management console.

The device control option contains buttons to start, power off or restart the client (also with the perform action when idle feature). Reinstallation of a device can also be initiated using the Reinstall device buttons. When configuration changes are made to session, profiles and similar these settings can be pushed to the client directly via the reconfigure unit option.

Multiframe also offers features to support the users (for example by the helpdesk employees). In the console there is an option to send a message to the client or take over the control (per frame) via VNC or RDP. 

Image
Figure 12: Management and Logging of the client

In the figure displayed above, a log about the actions and errors on the client is displayed. A similar log file is also available for the Multiframe server. Both logs are a good starting point for possible issues. As mentioned earlier, the client can also be configured with SNMP and SSHD settings for additional monitoring.

Conclusion

To really obtain a cost advantage when implementing a Server Based Computing or Virtual Desktop Infrastructure, the fat client based operating systems should be limited. If there is still lots of useful fat client hardware available, choosing  a product that rebuilds  fat clients to thin clients is a really good choice.

However, these thin clients should be manageable from a central point and this leads us to products like Multiframe. Linpro offers a solution and with the new Multiframe version version5, the product will in fact be available for free (Linpro offers commercial support, training, consulting and more related to Multiframe).

The product is easy to install and configure, even if you do not have much experience with Linux. The usage of web browser based console makes it possible to administrate the Multiframe infrastructure from any system available (including the Multiframe Thin Client). The product offers all the options you need to set up and maintain a thin client infrastructure. I really like the inheritance feature in the product, especially the information displaying from which part the setting is applied. Using the logical structure and profile makes it very easy to configure these settings to the client almost automatically with advanced possibilities. The new features like the Schedule, theme customization and the added web session (for Citrix Web Interface) are also real value-adding features.

Unfortunately, the manuals are still to superfluous and not organized in a completely logically way. Some parts are described too briefly, so you do not understand the power of some features. One minor disadvantage of the product is the display of options when logged in with a user with delegated control. All configuration settings are available and only when the user (with no access to perform this action) wants to configure this option, a message is displayed that the user does not have permission. It would be better to hide these options from this kind of user (which would also make administration for such users easier).

Advantages:
- Freeware product that offers all the options needed to build and maintain a thin client infrastructure centrally
- Powerful way of configuring settings and sessions using a clear inheritance model (including display where the setting is inherited from)
- Efficient options to perform schedule maintenance and feature saving on power consumption

Disadvantages:
- Documentation is not complete or to superfluous
- View Delegation of Control can be improved

About the Author

Wilco van Bragt is an independent consultant and author based in the Netherlands. He is the owner of the Server Based Computing and Virtualization website called VanBragt.Net  Virtualization, where he is publishing several articles related to Terminal Services and Virtualization topics and product reviews. Besides Wilco van Bragt presents on several independent conferences and also writes articles for several other websites. Wilco van Bragt is self employed (VanBragt.Net Consultancy) providing consultancy services in the Netherlands and Belgium.  Wilco van Bragt is a MVP on Terminal Server, a RES Valuable Professional, a Provsion Networks VIP and a Citrix Technology Professional.

About Linpro

Linpro is the leading Norwegian provider of IT services, products and solutions based on Linux and open source software (OSS).

Their ample experience and high skills makes Linpro a reliable partner, offering professional consulting and software development services, training, support and hosting.

Linpro also offers a range of leading OSS products and solutions (like Multiframe).

 

Linpro is involved in a number of OSS projects, supplying the market with flexible and professional products and services based on open standards.

Linpro Multiframe

PDF Product Review Multiframe