Ulteo has just released Version 2 of its Open Virtual Desktop (OVD), an Open Source desktop broker product which is designed to deliver GUI applications running on Linux, Terminal Services and Windows to java-enabled browsers. It’s a rare Open Source & Linux option in a market of proprietary desktop brokers designed to deliver only Terminal Services or Windows (VDI). If you have a commitment to Open Source, and specifically Linux desktop applications, or are looking for a desktop broker at a lower price point, you should consider Ulteo.
Rationale
Although the most obvious route to making a Linux desktop environment multi-user is via X, there’s nothing to stop Linux environments being turned into “Terminal Servers”. Similar benefits in manageability, energy consumption, and security can accrue as for a Windows Terminal Server.
At The Virtualization Practice we tend to describe Terminal Services as “Presentation Virtualization” since each user session has a virtualized graphics layer on the same Operating System. Strictly-speaking Ulteo’s Linux Terminal Server actually uses operating System Virtualization, (analogous to Parallels Virtuozzo Containers) to deliver a Terminal Server-like functionality
However, for a variety of reasons, Linux desktop applications have proved difficult to introduce into a corporate environment. This has proved disappointing for organizations with a commitment to Open Source elsewhere in the stack. Ulteo offers an incremental route to the introduction of Linux desktops, since individual applications can be delivered from Linux and others from Windows.
For a range of applications that are available on both platforms, there is no real difference if the application is delivered from a Windows or a Linux Terminal Server. With Ulteo you can easily deliver applications like Adobe Reader, OpenOffice or Firefox from Linux whilst delivering Windows-only applications (e.g. line-of-business applications) from Terminal Servers or Windows client operating systems, all through the same portal.
The client end is a Java applet and runs without additional application download in a very broad range of browsers. This makes it a good option for scenarios where you can’t ensure an RDP or ICA client is pre-installed or installable by the users. Many windows desktop brokers now have Java clients, but not all.
Finally, the fact that Ulteo is Open Source and has a set of open internal APIs means that whereas the traditional desktop broker is monolithic, you can easily pull Ulteo apart and stick pieces of it into another portal.
Company
Ulteo is a French open-source startup, run by Open Source veterans from Intalio and Mandrake. It uses a standard GPL licence and owns its own IPR so it has the option of dual-licecning for “enterprise” features . It currently makes money by charging for support and implementation services.
Whilst it is seeking to develop a community of implementers and users of its product in a traditional open source manner, its commercial focus is on Enterprise implementations. It sees a growing market in organizations who are mandated (by company or Government policy) to seek Open Source alternatives to proprietary software. Current main market sectors are retail/distribution and hospitals/healthcare, with a broad international mix.
Features
Ulteo offers both Published Applications and Published desktops. Instead of using an RDP or ICA client application or client object, access is provided from a Java applet running inside a web browser. It has a simple management interface and good directory integration.
Desktop Mode
The Ulteo published desktop is a Linux virtual desktop running in an operating system container on a Linux server. This allows you to restrict access on a per-user basis to a subset of the applications which are actually present on that server. It can also access Windows applications published into the Linux Desktop from a separate Windows Terminal Server, under the control of Ulteo. These are displayed inside seamless RDP windows, so it looks like Windows and Linux applications are running on a single desktop. To facilitate sharing amongst the applications, the Terminal Services profile (which contains the files behind the desktop) can be mounted in Linux via CIFS and thus made accessible to both Linux and Windows applications.
Portal Mode
Portal mode takes the applications that would be available on the user’s Linux desktop and lists them in a more conventional desktop broker manner as icons in a web portal. Clicking on an application icon launches it in a new browser window.
Client connectivity
There is no direct access for applications to access the local filesystem on the client but the portal has a separate file browser which allows files to be uploaded to and downloaded from the user’s desktop. There is a separate java applet in the portal that handles client-side printing via a PDF printer driver.
Architecture
The front-end to the system is the Session Manager, which is a web application (built in Linux/PHP) controlling access to the Ulteo Desktops. Authentication is via password or other SSO, and there is an open API for building additional authentication mechanisms. The user’s browser is redirected with a one-use time-limited token to create a session with an Application Manager . This is another Linux PHP-based web application which embodies the logic of the application portal, serves out the applets to the browser, and invokes the desktop application inside a operating system container (either directly or via rdesktop onto a Terminal Server or Windows Server). The applet is a special optimized VNC viewer which attaches itself to the application running inside the desktop.
Both Application Server and Session Manager can be installed on the same server, although in larger-scale deployments multiple Application Managers would be used. The Windows Server runs a small service which maintains a status connection to the Application Manager, and allows seamless windows via RDP.
Managing
There is a separate administrator’s interface for configuring and managing the applications. Users and user groups can be stored in a MySQL database, or sourced either from OpenLDAP or Active Directory. Configuration of Active Directory is remarkably straightforward with no need for schema changes or creation of specialist Organisation Units.. Application groups and the mapping of applications to user groups are defined in the MySQL database. It has its own load-balancing mechanisms (specifically heplful for Linux Servers, TS has its own mechanisms), the ability to take servers on and off line, and to install applications into the Linux desktops.
Packaging
There is an Ulteo installation ISO containing a Linux server, which can be installed directly onto a physical or virtual machine and which provides the containers for the virtualized desktops, the Application Server and/or the Session Manager. Alternatively you can install into an existing Linux installation using a standard package manager. The small server-side windows components have a separate Windows installer.
Comparables
The Desktop Broker market is now fairly established, with products from a variety of vendors including Citrix, Ericom, Systancia, and Quest, deployed to provide access to Terminal Services and/or Windows Client-based workspaces on Windows and non-Windows desktops. VMware has a VDI-specific offering.
There is not, however, a large corresponding set of products which provide access to Linux “Terminal Servers” (or mixed Linux and Windows). Examples of other products in the space include.
- Sun Secure Global Desktop – probably the most comprehensive solution in this space, delivering Windows (including Terminal Services), Linux, Solaris and host-based applications. Its architecture and feature set are similar to OVD.
- Citrix XenApp for Unix – which does not deliver Linux, only other Unixes and seems to lack commitment from Citrix.
- noMachine’s NX server – which delivers Linux and Solaris but not Windows.
- Red Hat Enterprise Virtualization for desktops – currently in Beta, which delivers Linux and Windows (but only as VDI, not from Terminal Services)
Of these, only the Red Hat and the Ulteo products are actually Open Source. (NX Server offers a free download for 2 users, but above that a subscription licence model applies). Sun and Citrix offerings are proprietary.
Caveats
- When delivering Windows applications in particular, the GUI can be slow because the current architecture passes data via both VNC and RDP. Furthermore there is no direct access to the video enhancement technologies used by other vendors. Ulteo offers a way of streaming specific video content via a control embedded in the portal, which bypasses the VNC and RDP layers but it isn’t seamless.
- It is currently impossible to set up application silos (i.e. terminal servers with specific non-conflicting groups of applications on them) in Ulteo, and so if you have application conflicts on Terminal Service you will need to use a separate application virtualization product such as Microsoft App-V. This is generally a good idea anyway, and if you have Windows 2008 Server RDS CALs, there is no additional cost.
- If you are using Terminal Services, there is currently a requirement to use Active Directory, rather than an alternative OpenLDAP-based directory.
- If you are going for a VDI solution with multiple Windows desktop images (rather than a TS approach), Ulteo currently offers very little support for their management.
- The token-passing redirection mechanisms in Ulteo make certain forms of network deployment more complex than with other desktop brokers which are usually reverse-proxies and don’t expose the addresses of the underlying Terminal Servers.
- This is, however, an active open source project and most of the above are being worked on.
Summary
Whilst VDI with individual desktop images is being promoted by a number of vendors, we still believe that for many users Terminal Services will offer a more cost-effective option. Amongst Terminal Services users, Ulteo’s appeal is likely to be to more cost-conscious and linux-oriented organizations than the large enterprise customers of Citrix, VMware, Ericom, Systancia or Quest, but within these potentially new markets it can deliver many of the mangeability benefits of the existing proprietary products, and it has few competitors for its key feature of delivering both Linux and Terminal Services desktop applications through the same portal.
I’ve used both NoMachine’s NXserver and FreeNX server.
They both support clients from the free NoMachine nx client or the NoMachine NX “Web Interface”
Both work well but sound/audio for the most part doesn’t work well without extreme measures.
I’d suggest also taking a look at x2go. It is open source and the current release has clients for mac/pc/linux.
x2go uses the NoMachine NX GPL’d transport libraries so has same performance more or less.
However, x2go implements a working audio interface and its client tool is very easy to setup shared directories, printer and audio.
In just a very few weeks x2go is to introduce a new Web Portal interface as well.
The server side component of x2go is highly configurable for featues such as load balancing etc.
http://www.x2go.org/index.php?id=7
So far I’ve been very impressed with x2go so much so that I use instead of NX.