Implementing a Terminal Server with Linux
A Terminal Server is a server which is designed to be remotely accessed, in the same way you can run a virtualised Remote Desktop to enable access to your network or a particular application. It is a very convenient way to enable internal or external users to access services in a secure way.
Some guidance:
- Any Endpoint on your system must be secured, including servers
- Yes you save money on licenses through a Linux Terminal Server, but you still have to invest into setting one up correctly and sustain it
- The NCSC have some helpful guidance on securing servers
- Linux Mint is a ‘flavour’ of Ubuntu, see this link to their Community
- We recommend setting up a VPN to then connect to a Terminal Server
Installing Linux Mint MATE
In order to install Linux Mint, you first have to download the MATE edition of it, available here. It is important to confirm your download is correct to avoid possible loss of data or external additions, see how to do this here.
Once you have downloaded the Disk Image (ISO file) you can either burn this onto a DVD, put it onto a network location, or onto a USB. To burn your Disk Image to a DVD or USB, you can use the Fedora Media Writer.
You can then follow the most up to date installation instructions as seen in this piece by the Linux Mint Project. Update the installation once complete.
Next comes configuring it as a Terminal Server.
Installing the Linux Terminal Server Project software on your Linux Mint server: see here.
You will need to use an application which lets you remotely access the Terminal Server, such as:
- Remmina
- X2Go Client
- Microsoft Remote Desktop (there is a version for MacOS as well)
Please, secure it
It is good practice to ensure that you prevent unauthorised individuals or organisations (such as criminals) from being able to access your servers.
There are a range of steps needed to secure your Terminal Server(s), including the following:
- Oversight, ensure a security provider can monitor and administer servers
- Network Security, and separate the Terminal Server from other servers on your network. Also setup a separate VPN for secure remote access
- Endpoint Security, the Terminal Server would ideally have an EDR installed
- Patching and Version Control, know what needs upgrading and updating
- Two-Factor Authentication, manage who logs on and if it is really them
- Resilience, ensure there are alternatives to avoid system downtime
- Consistency, it is important to consistently do the above!
Please, virtualise it
Some businesses may wish to run their servers on old PCs or workstations, this is perfectly fine (however be aware of the risks in relation to resilience) but please virtualise the servers.
By running virtual servers you are able to be more agile and tinker with the server without taking on significant risks from misconfiguration, you can also live-migrate (move) the Terminal Server with an enterprise solution.
You can for example run your Terminal Server on a Dell Tower Server and have local weekly backups of the server, and then only make changes or upgrades the day after a successful backup.
Virtualisation also helps you achieve environmental goals, and you do not necessarily need an enterprise solution such as Red Hat Virtualisation if you intend for this to be a small-scale Terminal Server. There are virtualisation solutions for smaller operations such as VirtualBox which will do perfectly fine.
Why Linux Mint MATE?
If you haven’t already read our piece on Linux, please do. Linux Mint is designed to be accessible and visually-appealing. It is both vibrant in its use of colours as well as using hues which are not too ‘loud’.
Linux Mint is made using the LTS – Long Term Support – release of Ubuntu Linux, which has its own enterprise variant. This enables you to benefit from long-term support typically lasting three-full years, and many of the applications Linux Mint uses are enterprise-ready.
Finally, here at Hayachi Linux Mint is our favourite, for the reasons above, for when an Enterprise Open Source solution such as Red Hat Enterprise Linux isn’t strictly necessary and/or cannot be afforded.
