A thin client is a basic computing device that runs services and software from a centralized server. Most people are familiar with desktop computers, where software is installed on a local drive, and an operating system controls software and its interaction with local hardware. With a thin client, only a monitor, network card, mouse, and keyboard are available to the end-user, and other hardware and services run on the network.
Benefits of a Thin Client
Organizations that move to a thin client environment offer several benefits. Most benefits affect large enterprise organizations where supplying employees with desktop computers exhausts much of the IT budget. The costs of deploying new desktops and mobile devices for each new employee can be millions for a large organization. Thin clients reduce much of the overhead necessary for desktops, including costs in IT support, replacement parts, upgrades, and recycling.
Benefits of using thin clients include:
- Centralized IT: Because a thin client must pull its software and operating system from the network, IT controls allowable applications running on the system. Usually, a list of available software is offered to network users, and they can install it in their virtual environment when they need it. Any unapproved software must be approved by IT and made available on the centralized server.
- Easy manageability: When a thin client fails, only basic hardware must be replaced. If the issue is with software, the administrator can reconstruct the user’s virtual environment instead of troubleshooting incompatible software or operating system failures. Updates and security patches can be deployed to every thin client environment without installation across desktops and devices that would remain unpatched until the user connects them to the network.
- Enhanced security: With no local storage or operating system, an attacker is unable to exploit a user’s thin client in the same way that desktops can be exploited. Some exploits are rendered useless in a thin client environment. Since data is not stored on the local device, malware that breaches a local drive (e.g., ransomware) would not have access to any local data. Viruses that corrupt a master boot record (MBR) would not affect a thin client. Much of the risk associated with user desktops is neutralized.
- Improved productivity: Today’s thin client environment lets users work anywhere in the office provided that a thin client is available at the location. Most thin client environments use data centers that house centralized servers, which frees the organization from housing massive servers in network closets. This leaves room for more thin-client hardware where users can work. Users can access their virtualized profiles on their own mobile devices, so it gives organizations the ability to offer working from home and access to productivity tools while traveling.
- Cost savings: The biggest benefit is cost savings. Thin client hardware is much cheaper than a full desktop, and supporting a thin client requires less IT staff overhead. Instead of hardware upgrades and continually replacing broken desktop equipment, only a monitor, mouse, and keyboard are regularly replaced.
- Remote work solution: Allowing employees to work at home is beneficial to the organization, but the hardware and resources must be available. In a thin client environment, the user’s virtual desktop is available on their own devices. Users authenticate into the network, and their virtual desktop is accessed from a laptop or home desktop. The virtualized desktop infrastructure (VDI) leaves all software and data on the network but allows users to be productive from home.
Thin Clients v. Fat Clients
The term “fat client” is rarely used, but it’s a term to differentiate a thin client from a standard desktop with CPU, memory, disk drive, and other standard hardware in a PC. Thin clients work with a centralized server for their working environment, but a fat client is a standalone machine that can run with or without a network connection. On a fat client, users can install any software, but thin client environments are restricted to only approved applications, and space is limited to only storage configured by administrators.
Thin Client Use Cases
In a small business, it might not be beneficial as there would need to be the right staff to support the system, and not every IT employee is familiar with virtualized work environments. The best use case is an organization with a large workforce, many of whom work from home, and employees travel to several offices. A thin client environment could also be beneficial if the organization has a large office building where departments are located on different floors or separate buildings.
With thin client machines scattered across offices, an employee can simply log into the system from any machine and gain access to their virtual desktop. VDI environments remove the need for assigned cubicles or offices and let employees work from anywhere within the building. IT has little overhead to deploy new machines as most of them are plug and play with little configurations required.
Case studies are often created to understand the differences between thin clients and fat clients to determine which environment benefits businesses. Penn State researchers conducted several case studies to find what types of organizations benefited from thin clients. They discovered that thin clients were much more beneficial than standard desktops in a college institution.
Thin clients were used in labs and libraries across the campus. The first benefit was IT could control student computer environments and provide users with a single password system using LDAP in a heterogeneous network environment (Unix and Windows). Thin clients were also provided to professors to make it easier for them to access familiar teaching tools in the classroom. Libraries with thin clients provide customers with the ability to access the internet without the security issues that public desktops would introduce.
Thin Client Security
Aside from cost savings, many organizations use thin clients for the added cybersecurity. For instance, when a public library offers internet access, malware, and many other risks associated with public internet browsing threaten the network. Attackers often target public Wi-Fi access with man-in-the-middle (MitM) attacks, malware, phishing, and numerous other threats. Instead of leaving the public network vulnerable to attacks, thin clients, with only a browser available to users, limits risk and reduces the attack surface of the network.
Thin client security offers:
- A centralized authentication mechanism: Most large enterprises have a heterogeneous network environment where Linux and Windows servers are used for different services. Forcing users to use several credentials increases risk as attackers have more opportunities to gain access to usernames and passwords. With a thin client environment, users only have one username and password pair.
- Centralized configuration: A common human-error vulnerability that often gets overlooked is misconfigurations. With centralized configurations, administrators need to set up accounts and the environment in one location, reducing the chance of a mistake.
- Cloud capable: Virtual environments work well in the cloud, where providers offer plenty of storage space and give users the ability to access their desktop environment from anywhere. Cloud environments are also more secure and provide better monitoring, firewall infrastructure, and logging features to identify attacks.
- Web-based management: Organizations can use thin clients to provide access to the internet with better security than a desktop. Thin clients are often used in organizations such as libraries or internet cafes where the security of your system is vulnerable to numerous strangers on the system.
- Reporting: VDI systems include reports and dashboards that let administrators see user activity, storage usage, and configuration management across the environment. Better logging and monitoring help administrators keep the network safe.
The above list consists of the major security benefits in a VDI environment, but there are a few technical reasons why thin clients are more secure. Thin clients and a VDI environment have write-protected disk drives, no local storage for malware, and only allow administrators to access environment settings and backups of the desktop environment in case of failure. These combined technical aspects greatly reduce the attack surface and risk should the organization be the target of an attacker.