Q&A: A New Revolution for Thin Client Computing

Today's thin clients have so much more to offer than they did even just a few years ago. Jeff McNaught, Vice President and Chief Strategy Officer at Dell Cloud Client-Computing, explains all the new ways they can help your enterprise in this Q&A.

By Trevor Pott

Thin clients are not new.  They have been around for more than 20 years providing a secure and manageable means for organizations of all sizes to provide secure digital working environments to staff all over the globe. 

Thin clients have some advantages over traditional "fat" clients.  The primary advantage is that thin clients don't store data on them.  This dramatically reduces the digital attack surface, making them the most secure endpoint devices that staff can use to interact with their organization's digital infrastructure.  This is especially useful for organizations needing to minimize the risk of data loss due to theft or misplacement of a physical device.

This has operational benefits for IT teams that maintain endpoints.  The use of thin clients means that IT teams do not have to scrub or re-image endpoints when someone is done using them.  This can save a great deal of time, especially when considering the deployment of mobile endpoints as well as decommission procedures.  Additionally, any employee can use any thin client, anywhere, and get to their specific desktop and work, making ideas like BYOD, free seating, home officing, and hoteling easier and more secure.

As technologies are refined and advanced, the functionality and capability of thin clients continue to improve.  To give us an idea of the state of thin clients today, Trevor Pott from Virtualization and Cloud Review has done a Q&A interview with Jeff McNaught, Vice President and Chief Strategy Officer of Dell Cloud Client-Computing.

Q: Can you give us an overview of the different types of clients available?
Sure, let's start with a favorite topic -- zero clients.  A decade ago, while I worked at Wyse, the team considered several designs for a more secure thin client, and the idea around a "zero client" was that it did not have a general purpose operating system like Linux or Windows on it, so it could be the most secure device you could deploy.  Today, there are some entirely hardware-based zero clients on the market. The problem is, as we found in our customer testing on a device we never released, those devices are usually "stuck in time." They often can't embrace unexpected improvements in network, connection, or security protocols. And worse, vulnerabilities in the design, whether known or not, can't be easily addressed after the fact.

We design a thin client to be in service for 8 to 10 years, and as best we can, anticipate supporting likely updates in the applications, brokers, and servers in that lifespan.  To do that, it requires a flexible device, and that means at least a small amount of changeable internal software. If a vendor says it's a zero client and it's all hardware without any internal software, you should avoid it for that reason.

The model that we created with Citrix back in 2009 was a 95 percent hardware and 5 percent software zero client -- we called it "Xenith."  The Xenith firmware was not based on Windows or Linux, addressing the security needs of our customer advisory board, and was co-developed with Citrix, ensuring a superior user experience given the light hardware, and allowed the device to be updated as new features were introduced across its intended lifespan.  This provided organizations the desired security and performance benefits, with the added benefit of longer device life.  Xenith was a huge hit with customers, and everything we learned from it, we included in our own future work on "traditional" thin clients.  We also work with a company called Teradici, to offer extensible PCoIP protocol zero clients for VMware environments, which we continue to offer to this day, also built on the 95% hardware 5% software model.

Q: What About Traditional Thin Cllients?
In traditional thin clients, the physical device can make a difference in certain circumstances, but the most important differences are a result of their software.  That software, delivered in the device firmware, defines key aspects of the device capability, including security.  The key trade-offs are flexibility and security, and are inversely proportional in most cases. 

Most traditional thin clients today are based on Windows or Linux operating systems. We have a lot of experience in this space, and nearly half of Dell's shipments of the Wyse brand today are based on these technologies.  With a traditional thin client, you take the operating system, optimize it, and lock it into the device's Flash.  

For example, Microsoft's Windows 10 IOT Enterprise software available on some thin clients provides the flexibility we're accustomed to in PCs, with support for a wide range of displays, peripherals, management models, support for local browsers, and the ability to embed certain Windows apps into the thin client firmware image, enabling them to act as "thin PCs" in some scenarios such as when the server or cloud is "offline."  In addition, the most advanced software clients for Citrix, Microsoft, and VMware are available for Windows-based thin clients first, and in my experience, gain new features before other software architectures.  This advantage is offset by the need for more powerful device hardware (CPU/RAM) and the need to protect the thin client from malware as you would a PC, keeping its firmware updated as patches and updates are released by Microsoft or the thin client vendor.  Most organizations desire a low-overhead "set it and forget it" model for thin clients, and for obvious reasons, this is not recommended with Windows-based thin clients.  Dell addresses this with a unique and advanced technology, called Dell Threat Defense, which employs artificial intelligence and machine learning in software to prevent execution of 99% of malware, including zero-day threats.  Threat Defense dramatically reduces the risk of malware infection on Windows-based thin clients, even on older and unpatched devices, reducing the amount of regular patching needed.  Bottom line, if flexibility and offline use are key requirements, it's hard to beat a well-protected Windows-based thin client.

Another option is Linux, which is a different mix of security, flexibility, and functionality.  Linux-based thin clients are generally thought to be more secure than their Windows counterparts, given that they are essentially immune from malware specifically targeting vulnerabilities in the Windows OS, but still must be protected from malware targeting the Linux OS or browser exploits.  Linux-based thin clients do offer many of the same benefits as Windows-based models, including support for clients for Citrix, Microsoft, and VMware, local browsers, and embedding of Linux applications into the firmware, albeit often without the fit and finish or advanced functionality available in their Windows counterparts.  Linux does support a range of peripherals, but future-proofing against peripheral changes may take more planning, depending on the vendor.  The hardware and software quality of Linux-based thin clients can vary greatly, and functionality can differ significantly between vendors, so testing and validation of functionality is crucial.  Performance can also vary greatly, so before purchasing, measure and validate that the underlying hardware will be able to support changes in your application strategy for the intended life of the device.  Since Linux can be free it's chosen more commonly by smaller or newer vendors, who might lack the technical depth or financial strength to offer Windows-based solutions.  And keep in mind, there are more than fifty vendors offering Linux-based thin clients and your experience and longevity of support is only as good as the selected vendor. 

Q: Are there other options?
There are. In fact, more than half of the thin clients we sell are based on software called "Wyse ThinOS."  We wanted to design thin clients with the security and performance benefits of a zero client, and the long lifespan and adaptability of a thin client.  To do this, we created our own software, introduced it in the year 2000, and have continually enhanced and improved it since, while maintaining true to the reasons we created the category in the first place.  

In the spectrum of security and flexibility, ThinOS is designed first to protect organizations from security threats while providing superior performance on energy optimized hardware, with support for a broad set of popular peripherals.  ThinOS is, by design, more restrictive in peripheral support. Additionally, it does not include a local (on device) web browser to further reduce attack surface. This way, flexibility, applications, and browsers can be delivered (and workflow enforced) by the IT team in the digital workspaces residing on the server, or in environments like Microsoft Azure or Amazon AWS. 

ThinOS delivers the features of Citrix, Microsoft, and VMware clients and protocols, implemented by Dell engineers, and tested and validated by those partners.  ThinOS has the smallest software image, and thus the smallest attack surface, but it can also offer important things like our real time media engine, which is critical for Skype for Business.  It's also important for any advanced video capabilities.

ThinOS radically simplifies management, enabling organizations to choose no management software at all on one side of the spectrum, or sophisticated, alert-based models hosted on-site or in a public cloud at the other.  Organizations can choose from generic to highly specific on-screen branding and functionality, and it can be accomplished without the need for management software of any kind - using a simple script file and a DHCP tag (or two) on the server.  Each time a ThinOS thin client starts up, in less than 5 seconds it reads those DHCP tags, makes any required updates to its software and/or configuration, and lets the employee get to work.  

More and more organizations I talk to want to put thin clients in places without an IT team, like a branch office, home office, retail store, or small medical clinic. With that in mind, our devices work out of the box, by simply plugging them into power and the network, they can automatically configure and update themselves, based on the organization's standard.  A lot of our customers appreciate the fact that they don't have to learn a new software product, yet for those organizations that want a sophisticated management tool, Dell offers that too, supporting more than 100 thousand devices, and free of charge for up to 10 thousand devices.  

Interestingly, many of our most security-focused customers, upon putting it through their testing, consider ThinOS technology equivalent to zero client software because it's not based on Linux or Windows, and there is no published API.  In the 17 years that ThinOS has existed, no customer has reported a breach through one of our ThinOS-based thin clients.

Q: So there's no need for Thin Client management?
While many use no management software at all, many of our customers want to be able to mix and match Windows, Linux, and ThinOS thin clients in their organizations, for the unique benefits they provide, based on the actual worker, use case, or device location.  Most vendors don't support that easily, but despite the different design and capabilities of these three models Dell offers a highly sophisticated, single management solution that works with all three.  It's called Wyse Management Suite, and it replaces our previous management software, Wyse Device Manager, which has been the most used software of its kind since the year 2000. We have re-written our entire management playbook to deal with the fact that people are managing thin clients from other countries and across different connection types.

Wyse Management Suite works both onsite and from the hybrid or public cloud, including the Dell cloud. That enables it to manage devices securely globally and without any concern as to how they connect to the network. This is an industry first.  It's also the first major product to include a smartphone app, making alerts and management more convenient for a mobile workforce. If there's an issue at two in the morning, the right people get alerted and they can often fix the problem through the app on their phone without getting out of bed.  For management at scale, the product includes a great deal of functionality. It uses a group-based policy engine that enables the concept of zero-touch deployments for configuration, patches, and even initial installation.

Typically, all of our thin clients work right out of the box when you put them on the network. Nothing else needs to be done.  As long as one of our management models (no tool, simple tool, or comprehensive tool) is in place, the server will automatically configure the thin client according to a global policy or a group policy.

Q: How is a mobile thin client different than a traditional thin client or zero client?
This is an area that I love to talk about, because there's a lot of confusion about what these terms mean. When organizations choose one of our mobile thin clients, they're getting our secure, manageable and reliable Dell Latitude hardware with an optimized version of Windows 10 IOT Enterprise or Windows 7 embedded software installed. Organizations might choose to deploy some number of traditional desktop thin clients, and maybe 5 percent of that number in additional mobile thin clients. The reason they do this is that mobile thin clients are completely sharable and don't have any trace of the worker after they're used. This is ideal for desk-centric workers who occasionally need to work in a conference room, or present their desktop on a projector, or work from home, work from the road, a coffee shop, or want to be able to travel without risk of exposing corporate data if asked to open their laptop for security inspection.  There is no data on the device, it's just connecting me to my data in a digital workspace environment. 

Mobile thin clients are a small piece of the business, but they're growing as the demand for mobility grows and modern networks becomes increasingly more powerful.  We offer LTE on some configurations, so if your cell phone has a signal, you've likely got a great computing experience with a mobile thin client.

Q: People move from place to place now. They'll want the same environment from device to device. And they're moving across networks as well. So how do thin clients cope with the increasing demands for mobility and portability for VDI?
Work is no longer a place we go for 8 hours a day. It's now an activity we execute at any time, day or night, from anywhere.
When you look at the solutions from Citrix, Microsoft, and VMware, they all have the ability to deliver Windows desktops, Windows apps, web-based apps, and be accessed from any device, like a PC, thin client, or a smartphone or tablet. It's easy to move between devices, and you can utilize the same workflows across any of them.

Each of them will deliver an optimized experience based on whether you're working on a keyboard and mouse while sitting at your desk or if you're using a touchscreen device while mobile. With the right setup, you can connect securely into your work environments, even when using an untrusted device or network like an airport internet kiosk or an open public Wi-Fi network. Also, your desktop is always the same. And if you're using a device you don't own, there's no trace of what you did on that device. You don't have to be concerned with that at all.

Q: Can you expand a little on the challenges of doing video and audio over thin clients? Especially regarding Unified Communications.
If you look five or ten years back, streaming audio, streaming video, and especially unified communications were not well supported.  Because your audio and video were being sent to a server and the server had to send it somewhere else, that introduced some latencies and quality issues.

We worked very closely with our partners to get those kinds of applications to work effectively. Today Windows and Linux thin clients benefit from updated clients, and our ThinOS-based thin clients have a Real Time Media Engine (RTME) built into their firmware, which enables many advanced applications, including Skype for Business.  While you start your Skype call up, behind the scenes, the server initiates that call, but then silently hands the baton to the thin client and the thin client will establish a peer-to-peer relationship with whatever device it's talking to. This action is invisible to the user, and dramatically reduces the amount of data on the network, improves quality, reduces latency, and provides a very similar experience to what you would get on a traditional Windows PC. The old days of video and audio calling not working well on thin clients are behind us.

Q: Do you have anything you would like to add?
What we covered here is how thin clients have traditionally been used and a peak at the current horizon, but there is more to come. At Dell, we see workforce transformation driving a lot of innovation in client devices.  We're seeing a resurgence in PC shipments, in great design, and solutions that enable people to achieve more than before. We're seeing growth in VDI and digital workspaces with pre-configured hyper-converged infrastructure and storage, making it easier than ever before for organizations to plan, deploy, and run these modern environments.  We're seeing solutions that really work, that enable us to get our work done, and reach our potential.  

This article is part of a marketing program that allows advertisers to share their content with our audience. The editors of this site were not involved with the creation of this content.