What Is a Thin Client?

A thin client is a basic computing device that runs services and software from a centralized server. Most people are familiar with desktop computers with software installed on a local drive that interacts with local hardware, all controlled by an operating system. With a thin client, only a monitor, network card, mouse, and keyboard are available to the end user, and other hardware and services run on the network.

In terms of cybersecurity, thin clients are often more secure than typical PCs because they’re incapable of running software unless it has been authorized at the server level. This means that if multiple users—connected to the same server—were to accidentally begin a download of different kinds of malware, the server’s firewall would block each thin client. They could all be blocked by the same firewall protecting the server each thin client is connected to. Additionally, thin clients can be more manageable because all upgrades, security policies, and more can be managed in the data center instead of on the endpoint machines.

Thin clients function as access points to a centralized server. They rely heavily on the server for computational tasks, primarily displaying processed data and sending user inputs back to the server. Here are the fundamentals behind how thin clients work:

• Centralized server: A centralized server is at the core of the thin client model. This server runs applications, processes data, and stores files. It’s a powerful system designed to handle multiple user requests simultaneously.
• Network connectivity: Thin clients connect to this centralized server via a network, usually through a local area network (LAN) or over the internet. The quality and speed of this connection are crucial since they affect the user experience.
• Minimal local processing: Unlike traditional PCs, thin clients perform minimal processing on the device. They primarily display information processed on the server and send user input (like keyboard strokes and mouse movements) back to the server.
• Standard protocols: Thin clients communicate with the server using standard protocols. Common ones include ICA (Independent Computing Architecture) from Citrix or RDP (Remote Desktop Protocol) from Microsoft. These protocols ensure efficient and secure communication between the client and the server.
• Stateless operation: Most thin clients are stateless, meaning they don’t store user settings or data locally. When a user logs off, the device returns to its default state, making it secure and easy to manage since there’s no user data to manage or protect on the device itself.
• Remote desktop environment: When users interact with a thin client, they access a remote desktop environment. The server provides each user with a distinct session that feels like a typical desktop experience, even though the actual processing is happening on the server.
• Updates and maintenance: Since the primary software and data are stored on the central server, updates, patches, and maintenance are centralized. So, when IT teams update the server, it applies to all connected thin clients, simplifying management and ensuring consistency across all devices.

This functionality is advantageous for security, management, and cost but also relies on stable network connectivity and a robust central server for optimal performance.

Organizations that move to a thin client environment can realize several benefits. Most benefits affect large enterprise organizations where equipping employees with desktop computers exhausts much of the IT budget. The costs of deploying new desktops and mobile devices for each new employee can be millions for a large organization. Thin client computing reduces much of the overhead necessary for desktops, including costs in IT support, replacement parts, upgrades, and recycling.

Benefits of using thin clients include:

• Centralized IT: Because a thin client must pull its software and operating system from the network, IT controls allowable applications running on the system. A list of available software is typically offered to network users, who can install it in their virtual environment when needed. An administrator must approve any unapproved software and make it available on the centralized server.
• Easy manageability: Only basic hardware must be replaced when a thin client fails. If software is the issue, the administrator can reconstruct the user’s virtual environment instead of troubleshooting incompatible software or operating system failures. Updates and security patches can be deployed to every thin client environment without installation across desktops and devices that remain unpatched until the user connects them to the network.
• Enhanced security: With no local storage or operating system, an attacker cannot exploit a user’s thin client in the same way they can a desktop. Some exploits are rendered useless in a thin client environment. Since the local drive is data-less, there is no data for malware (e.g., ransomware) to breach. Viruses that corrupt a master boot record (MBR) would not affect a thin client. So, a thin client neutralizes much of the risk associated with user desktops.
• Improved productivity: Today’s thin client environment lets users work anywhere one is available in the office. Most thin client environments use data centers that house centralized servers, which frees the organization from housing massive servers in network closets. That frees up room for more users on thin-client hardware. Users can access their virtualized profiles on their own mobile devices so that organizations can offer remote work with access to productivity tools.
• Cost savings: The most significant benefit is cost savings. Thin client computing hardware is much cheaper than an entire desktop, and supporting a thin client requires less IT staff overhead. Instead of continually replacing hardware upgrades and broken desktop equipment, an organization needs only to replace monitors, mouses, and keyboards.
• Remote work solution: Allowing employees to work at home benefits the organization, given available hardware and resources. In a thin client environment, the user’s virtual desktop is available on their own devices. Users authenticate into the network and access their virtual desktop from a laptop or home desktop. The virtualized desktop infrastructure (VDI) leaves all software and data on the network but allows users to be productive from home.

While thin clients provide security, management, and cost savings, they can introduce challenges that organizations and end-users should consider.

• Network dependency: Since thin clients rely on a connection to a central server, any network interruption can make the thin client non-functional. Reliance on continuous network connectivity can be problematic in areas with unstable networks.
• Server bottlenecks: Many users simultaneously accessing the centralized server can cause performance bottlenecks. So, servers must be robust and well-maintained, and even then, there can be moments of slowdown during peak usage.
• Limited local processing: Thin clients are unsuitable for tasks requiring high local computational power. For applications like intensive graphic design, video editing, or gaming, the thin client model might not be the best choice.
• Infrastructure costs: Initially, setting up a robust and reliable server infrastructure for thin clients can be expensive. There are costs for high-performance servers, redundant systems for reliability, and regular maintenance.
• Latency issues: Even with high-speed networks, there can be noticeable latency, especially when accessing graphic-intensive applications or when used in real-time tasks.
• Limited flexibility: Since the software is centrally managed, users might not be free to install or customize applications to their preferences. This can be a challenge in environments that require individual customization.
• Potential single point of failure: If the central server fails, it can disrupt all the users connected to it. To mitigate this risk, redundancy and failover solutions are required, which can increase costs.
• Compatibility issues: Not all software or applications may be compatible with thin client environments, especially those that require high local resources or specific hardware integrations.
• Bandwidth consumption: In setups where many thin clients operate concurrently, the collective bandwidth requirement can be substantial, especially if users perform data-intensive tasks.

An organization can mitigate these pitfalls with proper planning, infrastructure setup, and a keen understanding of user needs and requirements.

The term “thick client” is rarely used, but it’s a term to differentiate a thin client from a standard desktop with CPU, memory, disk drive, and other standard PC hardware. Thin clients work with a centralized server, but a thick client is a standalone machine that can run with or without a network connection. Users can install any software on a thick client environment, but thin client environments are restricted to only approved applications, and space is limited to only storage configured by administrators.

The key differences between thick clients and thin clients include:

• Processing power: Thick clients have more processing power than thin clients, enabling them to run more complex applications and perform more tasks locally. Thin clients, on the other hand, rely on a network connection for data processing and don’t perform much processing on their hardware.
• Network dependence: Thin clients require a network connection to function properly, while thick clients can operate without a network connection.
• Customization: Thick clients are highly customizable, and users have more control over installed programs and specific system configurations. Organizations often use thick clients so that employees can work offline. Thin clients, on the other hand, are more standardized and less customizable.
• Security: Thin clients can be more secure than thick clients because the thin client is incapable of running software unless authorized at the server level. Thick clients are more vulnerable to security threats and are generally considered less secure than thin clients.
• Manageability: Thin clients can be easier to manage since upgrades, security policies, and more can be managed from the data center instead of on the endpoint machines. Thick clients require more maintenance and licensing costs.
• Cost: Thin clients are less expensive than typical PCs because they lack a hard drive and often use less powerful processors than PCs. Thick clients are more expensive than thin clients because they require more hardware and software.

Thin clients provide flexible and centralized computing solutions that are particularly beneficial in specific scenarios. Here are some key use cases where thin clients thrive:

• Large workforces: Especially beneficial for organizations with many employees across multiple locations or buildings.
• Remote and hybrid work: Ideal for companies with a significant number of employees working from home or frequently traveling.
• Flexible workstations: In environments where an organization wants workstation mobility, employees can log in from any machine and access their virtual desktops.
• Virtual Desktop Infrastructure (VDI): Common in VDI environments, users can bring their own devices and connect to a central server to access data and applications.
• Centralized management: Perfect for settings like schools or call centers that need uniformity and central control.
• High-security environments: Suitable for sectors like finance or government where data security is paramount due to the lack of local data storage.
• Cost-effective scalability: Beneficial for organizations aiming to expand workstations without significant additional costs.
• Energy efficiency: Advantageous for entities aiming to reduce their energy consumption, as thin clients typically consume less power than traditional PCs.

Conversely, thin clients might not always benefit small-to-medium-sized businesses unless there’s adequate IT support familiar with virtualized work environments.

Thin clients are utilized in various environments, particularly where centralized management and security are critical. Here are some common examples of thin clients:

• Zero clients: A type of thin client that has minimal firmware. It does not have a full operating system but boots from the network every time, connecting directly to a central server for virtually all of its functions.
• Chromebooks (in certain configurations): While many Chromebooks can run applications and process data locally, they can also run applications directly from the cloud or a central server, effectively functioning as a thin client.
• Terminal Services clients: Computers or devices that connect to Microsoft Terminal Services or Remote Desktop Services, which allows them to remotely access a Windows environment and run applications from a central server.
• Wyse terminals: One of the best-known brands in the thin client market. These devices come in various configurations but connect to a central server for most of their computational tasks.
• Citrix receivers: Devices set up to connect to Citrix environments. Citrix provides solutions to centralize applications, desktops, and data to deliver to end-users on various devices.
• Virtual Desktop Infrastructure (VDI) clients: VDI is a technology that hosts a desktop environment on a centralized server in a data center and delivers it to end-users over the network. VDI clients, thus, are the devices on the user’s end that connect to this environment.
• Mobile thin clients: These portable devices, like laptops or tablets, are optimized to connect to centralized servers. They usually have minimal local storage and processing capabilities but are designed for mobility.

Thin clients can offer significant advantages by centralizing data and applications, which can simplify security management and reduce potential points of attack.

Case studies are often created to understand the differences between thin and thick clients to determine which environment benefits businesses. Penn State researchers conducted several case studies to find what types of organizations benefited from thin clients. They discovered that thin clients were much more beneficial than standard desktops in a college institution.

Labs and libraries across the campus used thin clients. The first benefit was IT could control student computer environments and provide users with a single password system using LDAP in a heterogeneous network environment (Unix and Windows). Thin clients were also provided to professors to make it easier for them to access familiar teaching tools in the classroom. Libraries with thin client computing provided students with the ability to access the internet without the security issues that public desktops would introduce.

Kindred Healthcare, the largest provider of post-acute care services in the U.S., uses thin clients for both its home health division and nursing and rehabilitation centers to enhance patient and family experiences. Thin clients provided mobility for practitioners and caregivers to move from station to station and from patient to patient with minimal risk of a data breach or HIPAA violation. Data privacy is protected through single-sign-on capabilities as well as HIPAA-compliant security protections.

Aside from cost savings, many organizations use thin clients for added cybersecurity, like when a public library offers internet access. Malware and other risks associated with public internet browsing threaten the network. Attackers often target public Wi-Fi access with man-in-the-middle (MitM) attacks, malware, phishing, and numerous other threats. Instead of leaving the public network vulnerable to attacks, thin clients, with only a browser available to users, limit risk and reduce the network’s attack surface.

Thin client security offers:

• A centralized authentication mechanism: Most large enterprises have a heterogeneous network environment and use Linux and Windows servers for different services. Forcing users to use several credentials increases risk as attackers have more opportunities to gain access to usernames and passwords. With a thin client environment, users only have one username and password pair.
• Centralized configuration: A commonly overlooked human-error vulnerability is misconfiguration. With centralized configurations, administrators set up accounts and the environment in one location, reducing the chance of a mistake.
• Cloud capable: Virtual environments work well in the cloud, where providers offer plenty of storage space and allow users access to their desktop environment from anywhere. Cloud environments are also more secure and provide better monitoring, firewall infrastructure, and logging features to identify attacks.
• Web-based management: Organizations can use thin clients to provide access to the internet with better security than a desktop. Organizations like libraries or internet cafes typically use thin client computing where security is vulnerable to numerous strangers on the system.
• Reporting: VDI systems include reports and dashboards that let administrators see user activity, storage usage, and configuration management across the environment. Better logging and monitoring help administrators keep the network safe.

The above list illustrates major security benefits of a thin client, but several technical reasons make thin clients more secure. Thin clients and a VDI environment have write-protected disk drives, no local storage for malware, and only allow administrators to access environment settings and backups of the desktop environment in case of failure. These combined technical aspects greatly reduce the attack surface and risk should an attacker target the organization.