Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 

Thinworx 2.8

In the SBC market Citrix is still the best known and most used product to extend Microsoft Terminal Servers. In the time competive products are announced and sometimes products (quietly) disappears. One of the newer products is Thinworx of Genuit. This Canadian company released version 2.8 in January.

Thinworx just like product uses Microsoft Terminal Server as platform, so the RDP protocol is used. The users connects to the applications using a portal server bases on Internet Information Server. One of the biggest  improvements within this version Genuit is Secure Router component. This component has the same function as the Citrix Secure Gateway, but it is now rebuild to a full SSL VPN solution including with a VPN component in the Thinworx client.

The Thinworx implementation exists of the following components:
- Controller. This is the main component of the product. is responsible for managing communications between all
Application Servers and Portals within a farm. Only one Controller can be implemented within a single farm. The THINWORX Controller is also the primary point of administration. Some tasks are monitoring the health, load balancing, session establishment, catalogs available applications and so on.
- Application servers. This component is add-on on the Terminal Servers to provide the Thinworx functionality providing the applications to the end-users.
- Portal. This component provided by the website is the central location for the client to connect to and launch the applications.
- AdServer. This component makes it possible to add predefined banners for advertisement spaces.
- Secure Router. This component makes is possible to connect to the Thinworx environment using secure channels using SSL VPN.
- Client. This component is needed on the client to use the Thinworx environment.


Thinworx is using for the Manager, Portal and Secure Router components Microsoft .Net Framework, so this is a prerequisite for the machines where these parts are installed. The controller is first component that needs to be installed.

During this installation you need to provide the product key, the name of the Thinworx Farm ,a name for the machine and a communication TCP port need to be specified. This can be a different name that the computer name so you can identify the machine more easily. Also the real machine name and IP address needs to be provided. The last option is to make the machine a Domain Agent. This part takes care of the communication with the Windows Domain Controller. This service must be run under a domain account member of the Domain Administrator Group and have the log on as a service right. At least one Domain Agent need to installed, the controller and the application server component could be installed with the Domain Agent role.


After the controller the other components can be installed starting with the application Server. During the installation you need provide the communication port, the controller machine name and the logon name. After the installation connected to the controller you need to specify the information about the machine like display name, computer name and IP-address. Also the Domain Agent can be installed if necessary.  Remember that user need to have RDP access. This can be done by adding the local group "thinworxgroup" assigning this permission or adding a domain group (with all user in it) to the local Remote Desktop Users group.

The other components need even less interaction during the installation, beside the installation of all components is written down step by step in the administrator guide. Remember that the portal needs Internet Information Server 5 or higher.

It is a pity that you need to have local administrator rights for installing the Thinworx client on the workstations, also if you download a client from the portal server.

Each component has his own setup file. The installation uses MSI files so unattended installations should be possible, but nothing is mentioned about unattended installations in the manual.


All configuration is done via the Thinworx manager. The Thinworx manager is connected with the control server, which controls all the configuration settings. When starting the first time you need to fill in the control server and the username and password.

Also like more products you need to get used to the Thinworx administration console.In the left plane you select the part you would configure. The available options will appear in the plane in the left below corner. After clicking the options this appears in the right plane. When opening another part the chosen option opens above the previous screens in the right pane. 


Thinworx just offers basic Terminal Server functionality, so the administration and configuration is fairly simple. At Farm level you change the active domain agent for the Thinworx environment and disabling access to the complete farm. Within the controller the SA password can be changed (remember that all application server are using that password, so you should change it also in their configuration) and the machine information.

Beside the same machine information options at the controller you can change the way the application server should connect to the controller (internal or external). Change the server priority (used within the load balancing) and the maximum of concurrent sessions you would like to provide on that server (caution: default setting is two sessions). Also an option is available to take the server offline for access with a single click.

The portal server should be added to the console by specifying the name and the IP-address. The next step is add one or more gateways (websites) to this portal server and setting the authentication mode for the gateway. Thinworx supports Windows authentication and RSA.

Also the Secure Router needs to be added to the console for the configuration can be set. For both connections (clients and portal) the NIC should be defined including the portal which should be used.

After specifying the configuration for all components the applications can be set. Applications can be collected  in so called Group Names. Within the portal the user can select the Group so the applications will be shown in the portal. If you do not specify a Group Name the application is published within the default view. After specify the display name of the application you can also specify the amount of license for that particular application. After that each Application Server should be added with the path where the application is installed. After adding the application users and/or groups can be added to the application again via the option in the below left pane. The selection is showing your Active Directory. The added users and groups will also be displayed within the User and Groups part.

The last step in configuration is the setting the load balance options. Thinworx uses three criterion  for determining the load on each server. Each criteria (CPU usage, Memory usage and Server Priority) can be given a weighted value. A value between 1 till 10 can be configured, where how lower the value the less impact it has on the load balancing decision.

Using Thinworx

After configuration we are ready to use the environment with connecting to the portal. After logging in the applications assigned are displayed to the user. At the Application Group the user can switch between the defined Groups via the Thinworx Manager.

Good functionality in the Thinworx client are the possibilities to choose the workspace for each applications. Just change the workspace right up the menu and start the application. Also the session management is an option I really like. Within session management the user can see all his open applications and terminate his own application that is (for example) not responding. Your helpdesk will really love this option.

Also a nice option is the shadowing possibilities. The user can permit himself to allow shadowing of his session. If needed the user can set a password need to given to shadow, confirm the request and the way shadowing will function (view only of interactive). If the user permitted every user (yes, also normal users) can shadow this session right out of his portal session. The other user or administrator opens via the button Shadow List. This list shows all users with their active sessions and with a simple click shadowing starts.


Thinworx does not support fully seamless Windows. Although the applications do not have any Windows showed, you easily see this when minimizing the application. Then the server background will be shown as shown in the figure below. This can be confusing for the end users when using the option Full Screen. The user should minimize the session using the Thinworx frame. Also each application will start a new session, so session sharing is not available within Thinworx.

Thinworx support client drive mapping and client print mapping. This relies completely on the standard RDP protocol. Within Thinworx this can not managed, so Terminal Services Configuration should be used that.



Within the Thinworx console no additional options are available to administrator the environment. Options like shadowing and terminating sessions can (and should) be done out of the portal. There is a special page (http://%portalserver%/thinworx/farm.aspx) with some information (on logged on user base). 

However Genuit have included a reporting option within the Thinworx Manager. With this reporting option several kind of surveys can be created. Most of the reports are based on historical usage, although a few reports are about the current usage. These reports are generated within the Thinworx administrator and can be saved in PDF format. The offered reports are useful and are useable for Management Reports.

Beside these reports there are no other tools or options available to administrator the environment. To administrator the environment bases on real-time information you should MS Administrative tools or similar. Also Thinworx supports client drive and client printer mapping, but no options are available within the console to control these mappings. I found out Thinworx relies on the RDP Protocol setting, so you sould configure this using Terminal Service configuration.


Thinworx is extending Microsoft Terminal Services with basic add-on like Application Publishing and Load Balancing. In comparison with other manufacturers Thinworx has good possibilities to connect to the environment from the Internet secured using SSL VPN tunneling, so this a great advantage. Also the options the end user have for terminating their own sessions and the possibility to let their sessions shadow by all users is pretty OK. The biggest disadvantage is the use of  a single Thinworx controller. If this machine fails the complete environment is out of order.

Thinworx should be considered in environment where basic Terminal Services are needed extended with Load Balancing and Application Publishing. If you have (many) user connecting via the Internet Thinworx is providing all the components you actually need if above mentioned functionality is all you need.

- Web-based SSL connections possibilities
- Advanced options for end user like terminating their own sessions and shadowing options
- Report functions with possibility to store reports in PDF format

- Single point of failure via the Thinworx Controller
- No 100% Seamless Application Publishing (and without session sharing)
- Some options relies on the RDP protocol and can be configured using the Thinworx manager

Genuit Thinworx