Multi-user access of an Embedded Windows System ?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I understand that I can install Win XPE and use the RDP protocol to control
the computer from a remote location, but that allows only one user at a time.
Is there some other product that behaves more like Windows Terminal Server
where multiple users can log in simultaneously?
Or - is there some way to install Windows Terminal Server in such a way so
the disk is not written? For example, if we could install Windows Terminal
Server on a flash disk, and use something like XPE's EWF capability to
prevent writes to the flash disk, that would be ideal.
 
Hi jrb. There are a couple of facets to this question that I'll try to
address here.

Terminal Services on WinXP Pro and Embedded will not allow more than one
user to be logged in to the computer at the same time, to the best of my
knowledge. I believe Fast User Switching (which is supported at the main
desktop only) is the only way to allow more than one person to be logged in
at the same time, but even then, only one person can be actively using the
computer at a time.

The ability to have multiple users logged in via TS is something that's
available in the Windows Server 2003 product line.

(Again, I'm not an expert on this - there is a chance I'm wrong on this
topic. Could someone with more experience with TS confirm this?)

As for TS and EWF interacting with one another: Sure, there's no reason you
couldn't install TS and EWF together on the same runtime. EWF will prevent
ALL write operations from going to the protected partition - it's up to you
to decide whether you want them to be directed to RAM (RAM/RAM Reg Overlay)
or to a separate partition (Disk Overlay). But TS should work fine in that
scenario so long as you don't exceed your system's RAM or disk space. (In a
RAM Overlay, the more writes are performed to the overlay, the less RAM is
available to the operating system. In a TS scenario, I would recommend a
Disk Overlay - you can always discard the overlay on shutdown if you don't
need to persist the written data between boots.)

--
Matt Kellner ([email protected])
STE, Windows Embedded Group

This posting is provided "AS IS" with no warranties, and confers no rights.
===============================
 
Hi Matt,

Thanks so much for answering my post in the WinXP Embedded Newsgroup.

Your comment that EWF can be used with Windows Terminal Server 2003 has
given me some hope that we can put together a system that meets our needs.
I have looked through the MSDN newsgroup "tree" for another group that may be
more appropriate for this, but I'm not sure if any address the Terminal
Server products. Any advice on where to turn next to get confirmation for
our plans ?

What we need to do is….
(1) Add a computer board to our system that runs a Microsoft Windows
operating system. This must run Outlook, Word, (the usual stuff), and also
run some additional 3rd party software that we can install. After
installation, this new computer board will not have a screen and keyboard
connected.
(2) Provide access to this computer from up to 5 other computers via Remote
Desktop Protocol.
(3) This new computer should be "read-only" and not write on it's local disk
drive (which will probably be a flash disk). We will have writeable disk
storage available elsewhere on the network.

We will have many of these "systems" and need to maintain a common
configuration.

While I have been using Windows systems for years, I'm a newbie at doing any
installations. How can I verify that we should be able to do this?
(A) Install Windows Terminal Server to boot initially from an on-board flash
disk, and connect to the network drive.
(B) Get the Enhanced Write Filter (EWF) and install it to work with the
Terminal Server to protect the flash disk. The EWF could use a disk overlay
on the network drive.


I understand that we need the proper licenses for this. I think in
addition to the Windows 2003 Terminal Server License we might need the 5 seat
licenses per system as well. I'll look into this separately.


I would appreciate any advice that you might have on this (especially the
procurement of and installation of EWF), or if you can refer me to someone
who knows about the Terminal Server products that would be a great help also.

Thanks very much for your help.
 
Hi again jrb. Sorry for the delay in getting back to you on the reply.

Your setup sounds intriguing, but you're going to run into a few problems
with it if I'm reading your scenario correctly. First off, EWF is available
only for Windows XP Embedded, and is not intended to be used with XP Pro or
any other "full" OS.

Second, due to licensing restrictions, you cannot install MS Office on a
system running XP Embedded. If your "server" in this system needs to be
able to run Outlook, Word, etc., you will need to use a full Windows
install, and in this case it sounds like the system would be best suited
running a version of Windows Server 2003 in order to provide support for
multiple users via Terminal Services.

Third, it just occurred to me that there may be a terminology issue in our
communication here, and I apologize if this has caused some confusion. In
my original reply, I was referring to "Terminal Services", which is the
system component that allows you to login and control a Windows system (NT4,
2000, XP, WS03, etc) via Remote Desktop Connection from another system. XP
Embedded supports Terminal Services, and you can take advantage of it and
Remote Desktop Protocol (RDP) to perform various tasks within an Embedded
system. (Often, the term "Terminal Server" and "Terminal Services" are
interchangeable.)

However, it looks to me like what you're referring to is the Terminal Server
License for Windows Server 2003, which gives you the ability to host
applications on a server machine and access them from various clients. That
sounds very much like the setup you're trying to achieve here.
Unfortunately, this means a couple of things:

(1) You can't get EWF to work with WS03 - this is simply not possible or
supported.
(2) You cannot install WS03 on a CompactFlash card, partially because of the
lack of EWF. WS03 really requires a fixed hard drive in order to function
properly.

I hope this answers your questions. Please let us know if you have more!

PS: One more note about EWF:

EWF does not provide support for network overlays (which would be the proper
term for the system you described). An EWF Disk Overlay uses a special
partition set up on the boot hard drive to store the write operations that
would otherwise be sent to the protected partition. EWF is an extremely
low-level driver (it is loaded as part of NTLDR), and thus it has no network
awareness.

If your system does not need to persist data between boots, you might want
to look into using an EWF RAM or RAM REG overlay instead, which stores
writes to system memory. This would prevent your boot device from receiving
any writes at all, but the tradeoff is that as more writes are directed to
the RAM overlay, this causes less RAM to be available to the OS and your
applications.

--
Matt Kellner ([email protected])
STE, Windows Embedded Group

This posting is provided "AS IS" with no warranties, and confers no rights.
===============================
 
OK, stay with me now, because this is going to get complicated. Read
Matt's earlier reply about the distinction between Windows Server 2003
(2k3) and Windows XP Embedded (XPe). XPe is the *only* Microsoft
product currently supported that allows you to boot from read-only
media. Server 2003 and its ilk allow you to run Terminal Server (an
application, not an OS) which in turn lets multiple people use a
Windows OS at the same time.

What *you* need is features exclusively available in both products --
normally, this would be flat-out impossible. But I think I have a
(perfectly legal!) workaround. It involves a recent Microsoft
acquisition: VirtualPC, formerly from Connectix. Find a free trial
here:

http://www.microsoft.com/windows/virtualpc/default.mspx

This allows you to create "sandboxed" virtual machines that appear to
have a preconfigured loadout of standard PC hardware. You can create
and run multiple machines at the same time. Here's what you would
need:

1.) Install and configure XP Embedded on the target device, using EWF
Reg-RAM mode. This allows you to boot an XP OS from a read-only
device, like a CD/DVD-ROM or write-protected flash. Make sure this is
all up and running first. You'll need one XPe license per device.

2.) Install Virtual PC as an application on XPe. This is the crucial
part -- I can't guarantee Virtual PC will run, but to the best of my
knowledge, *most* apps that work under XP Pro will run under XPe. Get
it running; maybe make it a component so you don't have to install it
on every target device individually.

3.) Create a virtual machine using Virtual PC. Install XP Pro on on
it, along with all your apps. Turn on RDP and "shut down" the virtual
machine. Create as many copies of the new virtual machine as you like
-- one license per each, of course -- and give each machine a unique
IP. Virtual PC will tie each virtual network adapter into your real
network, so that the virutal machines can communicate with each other
as well as the outside world.

4.) Connect your target device to a network, and use RDP to connect to
the IP of one of the XP Pro virtual machines. You should be able to do
this from 5 remote locations at once; one to each of the virtual
machines. You'll probably want to set Virtual PC to start at
boot-time; maybe make it your shell application.

5.) Turn on EWF protection for your flash drive. Cross your fingers;
pray; reboot.


I've seen this done running over 20 XP Pro virtual machines on one
(pretty beefy) XP Pro server. It was used to teach a class -- instead
of the instructors running around all over installing XP Pro and all
the software used in the class to one machine after another, they just
booted from a live Linux CD that had RDP support, then told everybody
to connect in to a virtual machine. If they wanted to add another
machine, it took less than a minute to make a copy of the disk image.
It was really pretty smart, and it sounds like it's just the thing you
need. Let us know what you decide -- and I hope it works out!
 
Hi Corderer,

Thanks so much for your help in this. I caused some confusion with my
misunderstanding that Windows Terminal Server was an OS, instead of an
application that runs on WS 2003.

The Virtual PC option is a fascinating one - I would like to pursue it
further. I would like to install Xp embedded on a card / flash disk and
see if I can get the trial version of Virtual PC running. If I get to try
it, I'll report back to this newsgroup with the results (probably with a new
post).

I do have a backup plan - but it involves installing the new Windows Server
2003 PC in a different cabinet so it can directly access a writeable hard
drive.

So either way, I think I can get the job done, just not the way I had
envisioned it initially.

Thanks again for your help.
Jay
 
Hi Matt,

Thanks so much for your help in this. I caused some confusion with my
misunderstanding that Windows Terminal Server was an OS, instead of an
application that runs on WS 2003.

You have saved me from an effort of attempting something that couldn't be
done - I appreciate that. I may have to fall back to the possibility of
installing a WS 2003 system with a writeable hard drive elsewhere on the
network.

Thanks much
Jay
 
Wow, that's one heck of a workaround. I am not in a position to say whether
this would work or would be legal, as I don't know the specifics of getting
Virtual PC working and installing Terminal Server and such on it. But I'd
like to point out that this is not likely to work in a CF environment for
several reasons:

(1) Running Virtual PC and WS03 in an EWF-RAM-Overlay scenario is likely to
require a very large amount of RAM in order to run properly. This is both
because WS03 itself is very resource-intensive and would require a lot of
RAM to work in (and/or disk space for virtual memory), and also because
booting a sub-OS is likely to perform a lot of writes to the main OS's boot
partition, which will quickly fill up the EWF overlay. In short, the
technical limitations of the host OS (XPe+EWF) and the boot media
(CompactFlash) would require the machine to have an inordinately large
amount of RAM, and even then it couldn't be guaranteed to last very long.

(2) As more complexity is added to this system, the cost of the system
itself and all of the applicable licenses and software increases
exponentially. We're already talking about a system that would cost a lot
more to implement than a simpler, hard-drive-based solution that could just
run WS03 and Terminal Server directly.

--
Matt Kellner ([email protected])
STE, Windows Embedded Group

This posting is provided "AS IS" with no warranties, and confers no rights.
===============================
 
Matt,

I was assuming that the OP really, really had to do exactly what he
laid out: have one physical computer, completely write-protected, that
five remote clients can run Office and suchnot from. If he can relax
any of those requirements, (especially hardware write-protect), I agree
that WS03/TS would be a better answer.

Just to clarify: I had meant to install XP Pro, not WS03, on the
virtual machines. Now, that's still not exactly *low* resource
consumption, but I could see it working out. You can, technically, run
XP Pro on 128 MB of RAM. You probably won't be thrilled with the
result, but that's life I guess. Multiply by 5 and you've got 640MB.
Put in 4GB of RAM and you've got 3.5GB (roughly) to divide up between
XPe's kernel needs and the overlay. If you have the option, and if it
doesn't break OP's rules, you could hook up one or more writable
(magnetic) hard drives and store the virtual machines' swap files
there, minimizing overlay activity. I'm not saying it's cheap, or even
necessarily in line with the XPe licensing terms (does VPC count as a
"verboten" desktop app?), but it's the only way I can think of to get
the job done.


Hey! Further brainstorming: if it's possible to somehow mix RAM and
DISK modes for EWF, you could boot from a RAM-overlay protected (e.g.
flash card) drive, but protect the magnetic drive in the system with a
disk-based overlay, which of course means you can make basically as
many writes to it as you feel the need to do. Alternately, it may fit
with the OP's intent to leave the entire VPC systems on a writable
(unprotected) drive. They'll be sandboxed, and if anything goes wrong
the "restore" process involves exactly two steps: 1.) Drag, 2.) Drop.
Sounds good to me ;-)
 
Back
Top