Extending the life of PCs by converting them to "Thin Clients"

Goal:

Review solutions to provide a seamless user experience to a virtual desktop infrastructure (or server based computing or even kiosks) by extending the life of the existing PC deployment until such time they can be replaced with an actual Thin Clients.

Note: This is a pretty long article... Jump to the Summary and then read the rest of the article if you want.

Solutions Reviewed:

(Alphabetical Order)

• 2x Thin Client Server
• http://www.2x.com/thinclientserver/
• Citrix XenDesktop: Desktop Receiver Embedded
• http://www.citrix.com/English/ss/downloads/details.asp?downloadId=1686492&productId=163057
• Citrix XenDesktop: Citrix Provisioning Server
• http://www.citrix.com/english/ps2/products/product.asp?contentID=1297541
• DevonIT VDI Blaster
• http://www.devonit.com/software/vdi-blaster/overview
• IGEL PC to TC Conversion Card
• http://www.igel.com/igel/live.php,navigation_id,1297,_psmand,9.html
• Microsoft Windows Fundamentals for Legacy PCs
• http://www.microsoft.com/licensing/software-assurance/fundamentals.aspx
• http://www.microsoft.com/downloadS/details.aspx?familyid=54A5F01B-9D0C-460C-A132-4BFAFFB97973&displaylang=en
• Microsoft Windows SteadyState (with Windows Disk Protection - VERY COOL!!!)
• http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx
• ThinStation
• http://www.thinstation.org/
• http://www.thinstation.org/LiveCD/
• TS-O-Matic - http://sourceforge.net/apps/mediawiki/thinstation/index.php?title=TSoM
• ThinLaunch Thin Desktop
• http://www.thinlaunch.com/
• Wyse WSM
• http://www.wyse.com/products/software/wsm/index.asp

Criteria:

The choices for performing a PC to Thin Client conversion are really limitless. Tweak existing XP deployments, turn XP into a Kiosk, replace XP by installing Linux and the connection client, stream the XP OS, boot Linux off the network, boot Linux off a LiveCD/USB, replace with a thin client immediately and more.  We decided to concentrate on some basic factors to choose the ones that made the list.

1. Supports multiple display protocols out of the box.
We just want to make sure it supported multiple solutions. Some of the solutions have specific configurations or options for one display protocol, but in general to have made the list, they had to support multiple options.
Note: Citrix XenDesktop: Desktop Receiver Embedded made the list as it is built-in and the most common protocols provided by each of the solutions are Citrix ICA, Microsoft RDP, VMware View (sometimes called VDI or VMware View), HTTP and some sort of emulator (X or VT).

2. Pre-built (or mostly pre-built)
Are you really saving money if you spend 6 months turning 1 PC into a Thin client only to find out the image you have is now out of date and doesn't work on the other 1,000 workstations because they have a different video card driver? Some of the solutions cost money (so they usually are pretty quick to deploy) and some are free (which means expect some investment time on your part to read documentation, HOW TOs and a lot of forum).

3. Low Cost (or at least Lower Cost than buying a Thin Client now)
If it is cheaper to just buy a Thin Client (forget depreciation or the fact you just bought 5,000 PCs last year), then just go do that. But since most companies can't forget depreciation (budget wise or politically) , then the goal is to provide a low cost intermediary solution that can extend the life of the PCs. Potentially some of the PCs could last well beyond the normal 3 year refresh cycle and may be able to function properly for years (Anyone still have Windows 98 still running somewhere?)

 

High Level Solutions Matrix

	Cost*	OS	Configuration	Deployment	Protocols
2x ThinClientServer	Free up to 5 thin clients (limited functionality) 25 thin clients: $595 100 thin clients: $2195 1000 thin clients: $10,395	Replace existing XP with 2x's ThinClient OS	Central Management with Web Management Console	Deployed via 1) PXE and DHCP, 2) Bootable USB/CD/DVD	2x NX, Microsoft RDP, Citrix ICA
Citrix XenDesktop: Desktop Receiver Embedded	Built-in with Citrix XenDesktop (All Editions)	Keep existing XP or Vista	Central Management with Citrix	Deployed via standard Microsoft application deployment tools	Citrix XenDesktop Only
Citrix XenDesktop: Citrix Provisioning Server	Built-in with Citrix XenDesktop Advanced and above	Replace by streaming XP or Vista	Central Management with Citrix Provisioning Server Console **	Deployed via PXE and DHCP	Any protocol/application (Client for that protocol would be installed and configured in image)
DevonIT VDI Blaster	$19.99 per physical workstation	Replace with DeTOS	Central Management with ThinManage/DevonCM  (same tool for managing their thin clients)	Manual (Can't find any information on deploying the VDI Blaster via any tool)	Citrix ICA (XenApp and XenDesktop), VMware View, rDesktop and Firefox
IGEL PC to TC Conversion Card	$99.00 plus tax - LIMITED TIME PROMO as of July 31st, 2009 (originally priced at $185.00)	Replace with IGEL Linux	Central Management with IGEL Remote Management Suite (same tool for managing their thin clients)	Manual since it is a physical card that must be inserted into each workstation	Citrix ICA, RDP, X11R6, VDI support, NoMachine NX, Ericom PowerTerm LTC, ThinPrint, VoIP (SIP client), VPN and Cisco VPN, 802.11b/g drivers, Firefox
Microsoft Windows Fundamentals for Legacy PCs (WinFLP)	Software Assurance customers only	Replace with Windows Fundamentals for Legacy PCs	Central Management with Group Policy	Manual or existing Windows XP/Vista deployment solution	Any protocol/application (Client for that protocol would be installed and configured)
Microsoft Group Policy Objects	Built-in	Microsoft Windows XP or above.	Central Management via Active Directory Users and Computers	Deployed via Active Directory Users and Computers   Workstations must be joined to the domain	Any protocol/application (Client for that protocol would be installed and configured)
Microsoft Windows SteadyState	Just requires a valid Microsoft Windows XP or Vista OS	Windows XP/Vista	Managed via GPO ADM Template	MSI can be deployed via Software Distribution or Active Directory	Any protocol/application (Client for that protocol would be installed and configured in image)
ThinLaunch Thin Desktop	1-10 Licenses: $26.00 11-100 Licenses: $23.00 100+ Licenses: $20.00   Per Workstation cost	Keep existing XP or Vista	No Centralized Management of configuration	Deployed via standard Microsoft application deployment tools	Any protocol/application (Client for that protocol would be installed and configured. Then set as the default application)
ThinStation	Open Source Pre-Built LiveCDs	Replace with Open Source Linux	Central Management*	Deployed via 1) PXE and DHCP, 2) Bootable USB/CD/Floppy	Options for Citrix ICA, RDP, VMware View, FireFox, X, VNC , VT and more
Wyse WSM	???	Replace by streaming XP or Vista	Central Management with Wyse WSM Console	Deployed via PXE and DHCP	Any protocol/application (Client for that protocol would be installed and configured in image)

* Costs are list prices from web sites. Products listed in Euros have been converted and approximated to US dollars.
** Requires PXE Boot and DHCP for Centralized Management

Note: VMware View does not have a built-in solution to turn a PC into a Thin Client, but you can use a "Shell Replacement" method to perform similar capabilities. This is a manual procedure and is not supported by VMware. That is why it is not included at this time in the comparison. ThinLaunch does a similar method but has some extra security features (Disables shutdown/lock workstation keystrokes to gain admin access, etc). This has been tested and works. See this site for more info on "Shell Replacement" from VMware:
http://blogs.vmware.com/view/2009/02/vmware-view-client-as-a-shell-for-xpe-and-xp-pro-clients.html

Note: Manual creation of Linux based LiveCDs with the appropriate client is not covered here since it can be a lot of work to get the LiveCD just right. Here are some reference articles to remaster the LiveCDs after the client installs.
http://www.knoppix.net/wiki/Knoppix_Remastering_Howto

https://help.ubuntu.com/community/LiveCDCustomization

 

Choosing a Solution

After doing some research, we came up with the following information to help categorize the solutions and help us identify the pros and cons with each method.

OS: Replace or Reuse?

As far as the local OS goes, the solutions basically fall into four buckets:

• Keep XP Installed
• Stream XP
• Stream/LiveCD/LiveUSB another OS
• Install with OS

Keep XP Installed

In the "Keep XP Installed" method, you have to make a decision. Do you want to manage the XP workstation (Managed PC)? Or do you not want to manage the OS (Unmanaged PC)? Unmanaged means you are not patching or running any sort of anti-virus solution on the workstation. You can use GPOs or features of the solution to lockdown the system as much as possible, but we would highly discourage that. There is too much stuff in the wild that can be brought into your organization.

Since the goal is to transition to Thin Clients eventually and therefore this is a short term solution, we would recommend you keep patching and maintaining the Ant-Virus and the Windows OS until the conversion to thin clients. You are still saving money since you don't have to support the workstation when it finally dies (replace with a thin client at that point), the updating of the hardware or the migration of the user's data when it dies.

By themselves, the "Keep XP" solutions may not directly address the goal of providing a thin client experience. Some of the solutions provide built in security mechanisms to prevent the workstation from being harmed, but these are typically local Group Policies which may not be sufficient enough to prevent every attack of the local interface.

Stream XP

Some of the solutions, like Wyse WSM or Citrix Provisioning Server can stream a new fresh copy of Windows XPe or other Windows Operating Systems, but you still will want to update and maintain that OS. While "OS Streaming" simplifies the update of the OS by utilizing a centralized imaging system, it will also require additional resources (servers, storage and possibly network changes) to implement this on the WAN. Choosing this path may depend on the current maturity of your desktop maintenance solutions when it comes to Windows Updates or Anti-Virus.

By themselves, the streaming OS solutions can only resolve the Thin Client goal of the solution. They provide an always functional system, since if the local workstation is breached, a simple reboot will return the system back to a pristine state. For a seamless user experience, this will need to be combined with another solution that is meant to turn XP into a Thin Client.

Note: This method could have been in "Keep XP Installed", but we chose to put it under its own category  since it is an optimized version of "Keep XP Installed" and it does require additional infrastructure to support this.

Stream/LiveCD/LiveUSB another OS

This is very similar to the Streaming XP category, but in this case you are typically streaming some distro of Linux to the workstation.  Some of the distro's have methods to PXE boot customized packages that include the client to connect to the infrastructure. The PXE boot process would boot the image each time and therefore would return the workstation to a pristine state each time. Other's have bootable LiveCD (a CD or DVD containing a bootable computer operating system) or LiveUSB (similar to LiveCD with the added benefit of writing changes to the USB, if desired). You will need to spend time either customizing the package to include your client or to configure it so that is more seamless to the user.
Note: If you are streaming or live booting a Linux distro, you will need to use the Linux clients to connect to your infrastructure. Please check the Linux client capabilities as not all Linux clients have the same features of the Windows client.

Install another OS

In the "Install another OS", you can finally get away from all those pesky Windows Updates... and now you get to deal with proprietary or open source operating systems that may have just as many holes or requirements for updates. One security school of thought says "systems built on open source are not good because they are subject to any exploits that the solution may have inherited from one of system it was built on". The other security school of thought says "proprietary or open source means there are more exploits since you probably haven't utilized common systems that have already been hardened". Dammed if you do, dammed if you don't.

Anyway, installing another OS can be performed in a multitude of different methods. Some of the solutions utilize an install CD/DVD to perform the replacement of the local OS.  Some have a centralized mechanism and some don't. Without a centralized deployment mechanism, this may take some time to install across all of the desktops. Since it is an installed OS, it will eventually require an update or a patch. It may not be as often as "Patch Tuesday", but it will eventually happen.

 

Considerations:

• Keep XP Installed
• This is the most flexible method for turning a PC into a Thin Client. Though you still need to maintain the OS (Windows Updates, Anti-Virus), you will have the full features set of the Windows clients for each Virtual Desktop solution, the ability to quickly switch solutions, and the ability to quickly switch back to a full PC for any reason.
• If your current desktop maintenance strategy is poor (or non-existent), then this option may be risky.
• If you are going to utilize a solution that results in XP (or Vista) still remaining on the workstation, then you should manage it and keep the Windows Updates and Anti-Virus solutions up to date. If you plan to streamline this more with OS Streaming, the additional infrastructure will be required but it will simplify the management by utilizing centralized images (The less number of images the better.)
  
  
• Streaming Windows XP/Vista or any other OS
• Streaming will require infrastructure to perform the streaming mechanism (BOOTP, PXE, TFTP, etc.).
• You will also need to create an image that supports all your different hardware platforms which may take time and testing.
  
  
• LiveCD/LIveUSB
• Cannot be centrally deployed so back to "Sneakernet" - http://en.wikipedia.org/wiki/Sneakernet
• Updating the image with the latest client is manual work and then all users CDs or USBs must be updated with the latest image.
  
  
• Installing another OS
• If you are installing a Linux distro on the workstation, review the capabilities of the Linux clients for your particular virtual desktop solution as certain features may not be supported in their Linux clients.
• You also need to review the deployment mechanim of the OS. Does it require physical access to install the alternative OS or does it require some additional infrastructure to automatically provision?

Management:  What features do you need?

Here we are really talking about all the facets of management from deployment to troubleshooting to configuration management.

The first question to ask is "Can the solution deploy from a central location and do I need it?".  If you have 10 users in 1 office, central deployment is a nice to have. If you have 10,000 desktops in 40 countries, then central deploy becomes a necessity.

The next question to ask is "Are the configurations managed centrally and do I need it?". If you just trying to make it one year and you don't expect a lot of changes, then you may not need this. If you are trying to make this last as long as possible, and expect lots of changes, then you will probably want centralized configuration management. Some of the solutions don't come with a centralized management capability, but since data is stored in an image, a file, a registry or configuration file, scripts or other tools can be used to manage them.

The next questions is "What protocols do I need to support now and possibly in the future?". If you only require one protocol, then that makes life easy. But if you need support for multiple protocols and may require additional ones later, then you may need to choose a more flexible solution. Don't expect protocols to be automatically added in every solution or for it to always be kept up to date. Think of it this way. It can take Vendor1, a couple months to update the client. They may decide the Linux client can take a few months longer to build and test. Once released, the solutions may take some time to update with the latest version. Something to consider. 

Another protocol factor is that protocols are rapidly being enhanced at this time. The development cycle is very quick and the client may require updates to support the latest features. The solution you choose should include the ability and ease of updating to support the latest clients.

 

 

Product Pros and Cons

This is not a technical deep dive into the solutions. Just a pros and cons based on what I read and saw of each solution.

Note: If you are connecting to a Virtual Desktop Infrastructure, VECD licensing is required to license any virtual desktop OS that is Windows based. Some of the solutions may require a local Windows OS license to utilize also.

• 2x ThinClient Server
• Overview: Replace the local OS with 2x's ThinClientOS image via installation to the hard drive or PXE) or booted directly from USB, or CD/DVD. The ThinClientOS can then be centrally managed to launch the necessary connections to the backend The Free Edition is only for up to 5 thin clients. Enterprise Edition must be purchased for additional users, features and support
• Pros:
• No local Windows OS or local Windows OS license is required
• Centralized management console for all configurations
• Cons:
• Supports Microsoft RDP, Citrix ICA and the Linux NX protocol only No VMware View support at this time.
• Additional infrastructure to support this solution
• Linux clients are used and therefore may not support all the features of the Windows client.
• Linux clients may need to be updated and this is up to the vendor to provide the latest image

 

• Citrix XenDesktop: Desktop Receiver Embedded
• Overview: Windows remains installed on the workstation. The Citrix Desktop Receiver is installed and configured to connect to the virtual desktop infrastructure with pass-through authentication enabled (Passes information from Microsoft GINA - aka Ctrl+Alt+Del screen - to the client). The Citrix Desktop Receiver Embedded is then installed which forces full screen and removes access to the local desktop unless the administrator who installs it, logs in.
• Pros:
• Built-into Citrix XenDesktop cost (No extra cost for this feature)
• Can be deployed via standard Microsoft MSI tools
• Central management to determine the desktop the user can access
• Supports all the features of the Windows client
• Cons:
• Product Lock-in with Citrix XenDesktop
• Does not function for Citrix's other solutions like Citrix XenApp
• No support for another protocol than Citrix XenDesktop (ICA)
• Requires Windows XP/Vista be installed (Decision: Do you maintain the OS or not?)
• Will require another solution to provide a read-only type state like a Thin Client can provide, if desired.
• Requires Windows OS License for the workstation

 

• Citrix XenDesktop: Citrix Provisioning Server
• Overview: A Citrix Provisioning Server infrastructure is built. An image is created that contains all the necessary drivers for all the workstations the image will be deployed to (multiple images can be created, but a single image is optimal). The workstations boot via DHCP and PXE to determine which image is then booted. The Windows OS is then streamed to the workstation on each reboot.
• Pros:
• No requirement for local hard drive
• Pristine image on each reboot
• Supports all the features of the Windows client to connect to your virtual desktop infrastructure
• Cons:
• Need to update and manage the Windows OS (though this process can be streamlined by utilizing a single image for multiple workstations)
• Additional infrastructure to support this solution
• Can be used to utilize local resources when a virtual machine based virtual desktop is not sufficient for computing
• Will require another solution to lockdown the local OS and provide a seamless interface, if desired.
• Requires Windows OS License for the workstation

 

• DevonIT VDI Blaster
• Overview: Manual install of the VDI Blaster Software on an existing Windows XP installation. It creates a folder system for the DeTOS and modifies the boot.ini. Management is centralized by ThinManage/DevonCM which is available as part of the solution.
• Pros:
• No local Windows OS or local Windows OS license is required (technically only needed to install the OS. After that the boot.ini could technically be modified to no longer boot Windows, but you may need it for an upgrade since it is a local install of the DeTOS)
• Same management console for their thin clients
• Centralized management console for all configurations
• Cons:
• Linux clients are used and therefore may not support all the features of the Windows client
• Linux clients may need to be updated and this is up to the vendor to provide the latest image
• Additional infrastructure to support this solution (1 Virtual Machine)
• Additional Cost to purchase software

 

• IGEL PC to TC Conversion Card
• Overview: This solution is the most unique since it actually does turn the PC into a thin client by placing a physical card into each workstation that has a bootable flash component with IGEL Linux. Once installed, management is fully centralized via the same management console used to manage their thin clients.
• Pros:
• No local Windows OS or local Windows OS license is required
• Same management console for their thin clients
• Centralized management console for all configurations
• Cons:
• Hardware card must be installed in each workstation
• No centralized deployment method
• Linux clients are used and therefore may not support all the features of the Windows client.
• Linux clients may need be updated in the latest images and must be updated manually (or wait until the image has been updated)

 

• Microsoft Group Policy Objects (GPOs)
• Overview: This solution can be done at a very low cost but does not necessarily secure the environment or provide a seamless user interface. By using Group Policies, you can lock down the desktop so that only a single icon exists on the Start Menu/ Desktop and that application automatically starts at boot up.
• Pros:
• No acquisition cost
• Cons:
• Group Policies do not stop everything since not everything in the Windows OS can be controlled via GPOs
• Workstations must be joined to the domain
• User still sees local desktop before the application takes over
• Requires Windows XP/Vista be installed (Decision: Do you maintain the OS or not?)
• Will require another solution to provide a read-only type state like a Thin Client can provide, if desired.
• Requires Windows OS License for the workstation

 

• Microsoft Windows Fundamentals for Legacy PCs
• Overview: Microsoft released Windows Fundamentals for Legacy PCs to address the desire for a functional Windows computing environment that has been optimized for thin client computing (virtual applications or virtual desktops). Microsoft has removed components of the Windows XP OS that are not necessary when connecting to a virtual desktop/application infrastructure. This solution requires a reimage or reinstall of the Windows Fundamentals for Legacy PCs OS via whatever methods you utilize today for deploying Windows XP.
  3^rd Party Screen Shots of a Windows Fundamentals for Legacy PCs Install:
  http://vmjunkie.wordpress.com/2009/03/25/making-a-thin-client-on-fat-hardware-part-1/%20
• Pros:
• Limited attack surface (Windows Fundamentals for Legacy PCs is a modified XP installation to remove unnecessary components for a thin client deployment)
• Supports all the features of the Windows client to connect to your virtual desktop infrastructure
• Can be used for any virtual desktop or virtual application solution
• Cons:
• Redeployment of the Windows OS to all workstations (using whichever method you use now to deploy Windows XP Desktops - RIS, PXE solutions, manual, etc.)
• May require customization to ensure all the features of the client are supported (Example: The clients used by the virtual desktop solutions may require IE be installed to utilize security features like SSL)
• Will require another solution to provide a seamless interface to the virtual desktop/application infrastructure, if desired.
• Current Windows XP desktops must be on Software Assurance
• It is still Windows XP and should be maintained as such

 

• Microsoft Windows SteadyState
• Overview: SteadyState is deployed or installed on an existing XP or Vista workstation. Configuration can occur locally via the SteadyState Administration Console or via Group Policy Objects. Windows Disk Protection (not enabled by default) forces all non-system approved changes to be discarded at logoff/reboot. System changes such as Windows Updates or AV updates can be allowed to still be saved to the system. THIS IS VERY COOL!
• Pros:
• Makes Windows XP/Vista like a read-only OS but still allow for system updates to occur. (Windows Disk Protection)
• Great solution for machines that are not part of the domain. (locally installed SteadyState Administration Console)
• Centralized deployment for workstations joined to the domain.
• Cons:
• Local management console is functional and in most cases will lock down enough of the user interface but standard GPOs provided by Microsoft for Windows XP are more powerful in limiting the user interface.
• Requires Windows OS License for the workstatio
  
• ThinLaunch Thin Desktop
• Overview: Replaces the Explorer shell that every Windows OS utilizes. Once installed, it provides an interface to select a "default program". The default program can be configured, if necessary. At boot, workstation auto logs in with a local account (ThinDesktopUser) and then the "default program" is launched. It is the only application available. No Start Menu is displayed. Closing of the "default program", automatically restarts the application. Key sequence can allow a log in screen to allow for local administrator access.
• Pros:
• Great solution for Citrix XenApp ("default program" = Firefox or IE), VMware View ("default program" = View Client) or Microsoft Terminal Server ("default program" = Microsoft Terminal Server Client) deployments.
• Allows for flexibility by allowing "default programs" to be modified very easily Supports all the features of the Windows client
• Workstation does not need to be joined to the domain
• Cons:
• Group Policies will need to be implemented to further lock down the system (Example: Disable C:\ access via a File->Open Menu, Enforce a Proxy server that cannot be changed, etc.)
• Optimal use is when the application or the virtual desktop/application will go full screen (Since no Windows Explorer interface exists, multiple apps with minimize and maximizing can get confusing)
• Will require another solution to provide a read-only type state like a Thin Client can provide, if desired.
• No central management console for configuring "default programs" or client deployment (Must use standard MSI deployment tools)
• Requires Windows OS License for the workstation

 

• ThinStation
• Overview: An open source Linux distribution that multiple options for deployment: Installed, PXE boot or LiveCD. The configurations can be modified to launch directly into one of the clients that have been pre-configured to connect or the user may receive a desktop interface where they can select what they want to connect to.
• Pros:
• No local Windows OS or local Windows OS license is required
• Preconfigured LiveCDs for Citrix ICA, Microsoft RDP, VMware View, and more
• Lots of documentation and forums to support customization of the configurations
• Publicly available TS-O-Matic sites can help build the configurations
• Cons:
• Building a configuration (even with TS-O-Matic) can be difficult and time consuming
• Lots of documentation and forums to support customization of the configurations (this can be a negative also)
• Linux clients are used and therefore may not support all the features of the Windows client.
• Linux clients may need be updated in the latest images and must be updated manually (or wait until the image has been updated)

 

• Wyse WSM
• Overview: A Wyse WSM infrastructure is built. An image is created that contains all the necessary drivers for all the workstations the image will be deployed to (multiple images can be created, but a single image is optimal). The workstations boot via DHCP and PXE to determine which image is then booted. The Windows OS is then streamed to the workstation on each reboot.
• Pros:
• No requirement for local hard drive
• Pristine image on each reboot
• Supports all the features of the Windows client to connect to your virtual desktop infrastructure
• Can be used to utilize local resources when a virtual machine based virtual desktop is not sufficient for computing
• Cons:
• Need to update and manage the Windows OS (though this process can be streamlined by utilizing a single image for multiple workstations)
• Additional infrastructure to support this solution
• Will require another solution to lockdown the local OS and provide a seamless interface, if desired.
• Requires Windows OS License for the workstation

Things to Watch Out For When Choosing a Solution

• Versions of the clients that are included with the pre-built packages may be older versions. This may result in loss of capabilities or lack of support when an issue is reported that may be related to the older client version.
  
  
• Features of the underlying OS may limit user experience. If the underlying OS doesn't support USB functionality, then you will not get USB support in the virtual environment you are connecting to. If the method for video optimization is to send the raw data down and use the local codecs, then the underlying OS must support codecs and have them installed for optimal experience.
  
  
• Hardware differences in the workstations could come into play. Most of the non-Microsoft OSes will utilize a generic driver for functionality, but this may not work for all of the workstations you have in the organization. This may require customization of the package, replacing those PCs with Thin Clients faster than you expected or utilizing multiple solutions to address hardware differences.
  
  
• You don't have to compromise necessarily but you may need multiple solutions to meet your need. Example: Microsoft Windows Fundamentals for Legacy PCs provides an interface similar to Windows XP, but will not truly act like a thin client. To make it act like more of a thin client, you may need to also acquire ThinLaunch's Thin Desktop to provide a seamless user interface.
  
  
• Just because you deploy Linux doesn't mean it never needs updating. Linux may not have to go through "Patch Tuesday" but it does need upkeep from security and device related issues.

 

• Thin clients need updating to. They add new features, bug fixes, updating clients and more. So whichever thin clients you choose, make sure the management of the thin clients is easy to use and can perform every task to manage the thin clients remotely.

 

Summary

Recommendation  #1 - Though you may not want to hear it, "Keeping XP" installed seems to make the most sense as a short term solution to convert PCs into Thin Clients until the organization can start purchasing Thin Clients.  Deploying Microsoft Windows SteadyState can turn the desktop OS into a local Read-only image. Then add GPOs  (or possibly a 3^rd party tool) to remove the interface and only show the client for your solution.  This method is:

• Cost effective - Most organizations already have Windows Update tools and Anti-Virus deployed.
• Full Featured Client - Since Windows is the underlying system, the full featured Windows client can be deployed.
• No Customization/Reinstall of an OS - Customizing and deploying any OS will take time and effort. This is true if it is a Windows Fundamentals for Legacy PCs or a Linux distribution.
• No Additional Infrastructure Needed - Solutions that require PXE booting or streaming will require servers to provide these services.
• No Need to visit each desktop - Solutions that must be deployed manually will require visiting each desktop to convert them.
• Most Flexibility - Since every virtual desktop/application solution provides a client for Windows operating systems, you are not locked into a solution. If you utilize a Linux distribution, you may be hand-cuffed with the client not supporting the latest features or a competing solution may not have a Linux client at all.

Recommendation #2 - If you want a limited form of Windows XP and you already have in place a Windows deployment tool, then you should look at deploying Windows Fundamentals for Legacy PCs to at least limit the attack surface and provide only the minimum capabilities to access the environment. Again combine with GPOs and SteadyState (I haven't confirmed this since I don't have access to WinFLP and it is possible MS may stop you from doing this to simplify the user interface and provide a Read-only image

Optional Design - If you want to simplify the administration of Windows XP by streaming it on every boot, then Citrix Provisioning Server or Wyse WSM can be utilized. They will need extra infrastructure to support their services, but they both give Windows a stateless environment by always returning Windows to a pristine state each time.

 

For simplifying the user experience, that will depend on the solution you are connecting to.

• If you are primarily using Citrix XenDesktop, then the Citrix XenDesktop: Desktop Receiver Embedded is your best choice. It is built-into the solution (No extra cost) and provides a seamless user interface (User hits Ctrl+Alt+Del like they normally do, Enters username and password like they normally do, and then their desktop launches). GPOs will not be needed here.
• If you are using VMware View for virtual desktops, then ThinLaunch's Thin Desktop solution can easily replace the Microsoft "Explorer.exe" interface with the VMware View Client. It automatically disables common security capabilities (Disable Shutdown, Disable Task Manager, etc.).
  You could also review VMware's document on replacing the Explorer shell but there is no support for this from VMware. Thought it does work.
• ThinLaunch's Thin Desktop is also a great solution for Citrix XenApp, Microsoft Terminal Server or Kiosks where you only want one application run. For Citrix XenApp, you could set the default application to run IE or Firefox that then defaults to the Web Interface site. For Microsoft Terminal Server, you could launch MSTSC.EXE that has been preconfigured with correct information. You still may need to lockdown portions of the desktop to prevent C:\ access or File -> Open from being used also.

 

If you are looking to try and get closer to a thin client experience or simply don't want to use Windows for the workstation, then you really have to make some decisions.

If you want a software based solution, then I would look at DevonIT VDI Blaster (I liked this one best so far even if their latest code is Version 2 is still Beta), 2x ThinClientServer. ThinStation or any of the customizable Linux distributions (LiveCD/LiveUSB).  While DevonIT and 2x have pre-built solutions with management interfaces, you need to make sure they support the protocols and clients you want to utilize using the matrix.  ThinStation and any of the customizable Linux distributions have more flexibility, but they may take more time to deploy since you will need to perform a lot of the customization yourself.

• Recommendation #1 for replacing XP - IGEL, and DevonIT can use the same management interface to manage their respective thin client offerings also. The benefit here is you can start getting familiar with the interface for management and then when you start utilizing their thin clients, the same management interface will be used decreasing the administrator training requirements.
  
  IGEL's PC to TC card, DevonIT VDI Blaster, 2x ThinClientServer and the LiveCD/LiveUSB solutions turn the PC into a Thin Client by creating a read-only state from a solid state device or an image that is deployed each time.
  
  We liked DevonIT VDI Blaster out of these choices but it may need more time to mature in latest revision. It supported Citrix and VMware protocols and had some of the best user experience. While it isn't necessarily easy to deploy or update, that may be enhanced in the latest editions.
  
  
• Note: We found the LIveCD/LiveUSB time consuming for larger deployments due to the vast number of possible hardware configurations in disparate locations. This may work for a smaller deployment with 1 or 2 sites, but even then...

How much is your time worth when you know it will be replaced soon? Just keep that in mind when going down this rabbit hole of replacing something in the short term that will be replaced with something in the long term.