Hosting Windows application from Terminal Server?

I have an old VB6 application that I need to share with many people outside our organization that have both Windows and Macs.  The first thing that comes to my mind was to setup a terminal server, or whatever is in use today, to share this with everyone.  I have a few questions.  First, am I correct that what I need is terminal server and does that automatically come with the current Windows Server OS?  Also, I understand that a user will login into terminal server with RDP.  Will they be able to print locally from the terminal server session to their location?  Are there any other concerns that come to mind in the scenario that I presented?

Can this be something that I can host on AWS or elsewhere?

Thanks for you guidance.
al4629740Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gary PattersonVP Technology / Senior Consultant Commented:
How many is many?  Running apps like this in an RDP environment is expensive compared to web apps.  For example, for RDP you need one CAL per user, a recurring cost, and RDP style apps typically have higher CPU and memory utilization than web apps.

RDP apps can be harder to secure and harder to scale.

I'm sure this isnt the answer you are looking for, but converting to a web app should usually be considered for apps that need large scale deployment.
0
Gary PattersonVP Technology / Senior Consultant Commented:
Windows 2016 supports RDP Services. Requires licensing and per user or per device CALs.  Figure one CAL per user in most configurations, and budget about $100 per user plus hosting costs.

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-client-access-license
0
David Johnson, CD, MVPOwnerCommented:
I will make an assumption here that your vb6 app has both a front end and a backend component.
So if you modify the backend connection to point to somewhere that is internet accessible you can simply distribute your front end application.
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

al4629740Author Commented:
I would say at most 100 people would be using this app and certainly not all at the same time.

David, the problem with the front end is that it does not work on a Mac so I would figure they could RDP or something.


I sure would like to stay away from having to re-develop the app, but that is on the radar to do in the next year.  I just need an immediate solution in the interim.
0
Gary PattersonVP Technology / Senior Consultant Commented:
For RDP, you still need a CAL for each unique Windows user - even if they only sign on once a year.  So unless they all sign on using the same Windows credential (not a great idea from a security perspective), you're buying 100 CALs.

David's suggestion is really good, if the VB app architecture supports it.  Build security into the application, and have it connect to the database/back end.  Mac users could use VirtualBox, Parallels, or similar to run a Windows machine under osX, or maybe you just offer an RDP solution for them - hopefully a smaller number than Windows users.
0
al4629740Author Commented:
The application has authentication so I won't need a separate windows cal for each user.  I also failed to mention that I get nonprofit rates which makes each cal very cheap.  All in all this might be doable
0
al4629740Author Commented:
"Build security into the application"

In what sense?  As this may already be there.
0
Gary PattersonVP Technology / Senior Consultant Commented:
If you're going to hand out a shared Windows user ID to 100 users (my advice: don't), you need to make sure your application is adequately secure.  What "secure" means in this context is for you to define, not me.  If nonprofit CALs are cheap or free, then just get the right number and give each user their own ID.  

I don't know if the app views data or changes it.  I don't know if the data is sensitive in any way.  You'll have to determine what "secure" means in the context of you application, and what steps you take to secure your application.  I've seen applications where database credentials or back-end service credentials were stored in a string visible by opening the compiled EXE in a text editor or hex editor.  I've seen database credentials or back-end creds stored in a settings file that anyone could open.

Even if your data isn't confidential, and the app can't make changes to it, a server sitting around on the internet with RDP open is going to get probed.  Use of shared credentials increases the risk of password disclosure (malware on a user's PC is a common cause).  Bad guys want access to your system to use it to send spam, host malware/warez/porn, or as a launchpad for attacks against others.  Just saying, be careful.

I do work for a charity that has all kinds of confidential data, and definitely does not have a budget for dealing with a big security issue due to an inadequately secured RDP server or application running on a publicly-exposed RDP server.
0
al4629740Author Commented:
Duly noted and good points.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
There has been some incorrect or misleading information posted:

For example, for RDP you need one CAL per user, a recurring cost,
RDP CALs are NOT recurring.  They are one time.  Further, you also need a Windows CAL.  CALs are ADDITIVE - a Windows CAL gives you the right to access Windows Servers for basic services (file/print/AD/DHCP/DNS/etc) NOT for RDS (RDS is considered a separate service).  RDS CALs give ONLY the right to access systems through remote desktop - they do not include the right to be authenticated, get an IP, resolve internet address, print, or access files on Windows servers.

Figure one CAL per user in most configurations, and budget about $100 per user plus hosting costs.
RDS CALs are about $130 per person and about to increase in price from what I understand (Oct. 1).  

I would say at most 100 people would be using this app and certainly not all at the same time.
Then you need 100 Windows CALs and 100 RDS CALs - Total cost (assuming you don't qualify for Tech Soup or a similar non-profit discount program) of approximately $170 per person, $17,000 TOTAL for 100.  CALs are NOT concurrent - they are PER HUMAN BEING.  They are only transferrable ONCE every 90 days.

There is a POSSIBILITY you could pay less with Device CALs, but that depends on how users are accessing things (from inside the office on specific machines or from anyone on any machine?)

The number of concurrent users will dictate resource requirements though. The server you would need to support that many simultaneous sessions could prove costly.

For RDP, you still need a CAL for each unique Windows user - even if they only sign on once a year.  So unless they all sign on using the same Windows credential (not a great idea from a security perspective), you're buying 100 CALs.
Incorrect.  CALs are transferrable once every 90 days. The statement would be correct if it said "... even if they sign on once every three months".  Once every year, doesn't mean much.  Using the same Windows credential DOES NOT get around licensing.  Again, Licensing is by HUMAN BEING, not user account.  You're buying 100 CALs regardless of whether your users share a single account or everyone has their own.

The application has authentication so I won't need a separate windows cal for each user.
This is irrelevant.  It's being hosted on an RDS Server.  You need Windows CALs and RDS CALs.

I also failed to mention that I get nonprofit rates which makes each cal very cheap.
Great, this can save you a lot.  HOWEVER, I believe there are limits to the amount of "free" or STEEPLY discounted software you can request every year or two.  The number 50 sticks in my head... which if accurracte still has you potentially paying $8500+

If you're going to hand out a shared Windows user ID to 100 users (my advice: don't), you need to make sure your application is adequately secure.  
 Agreed, it's wholly unwise and POINTLESS from a licensing standpoint to try to have all users share a single account.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.