Server-based computing with the free X2Go terminal server
The open source X2Go project is rapidly approaching version 3, which adds features such as new clients and seamless windows.
X2Go  is a free, fast, and flexible terminal server for any client that supports modern authentication technologies, such as card readers, USB tokens, centralized user management via LDAP, and authentication tools integrated in the KDE system management system.
The X2Go project was inspired by the Sun Ray product line , which has impressed thin client fans since 2006. The second Sun Ray release included lean devices that lets users log on using a smartcard to work on a centralized terminal server  .
In addition to the multimedia extras and security features integrated into the Sun Ray products, a session management system, dubbed "Hot Desktop Mobility" or "Hot Desking" by Sun, was probably the sexiest feature.
When user A removes his chip card from the internal card reader, the software automatically interrupts the session, freeing up the thin client for the next user. If A then inserts his smartcard into the reader on any other machine, the server immediately offers him the interrupted session.
Of course, Linux users were very much interested in a similar all-round system that, in contrast to Sun Ray, did not rely on special hardware, and it was just a question of time until the open source community delivered the goods.
Oleksandr Shneyder and Heinz Gräsing, system administrators with the City of Treuchtlingen, Germany, spent much of their leisure time developing a free terminal server that supported laptops and arbitrary clients, in contrast to Sun's model. Thanks to an intelligent combination of GPL'd software and their own developments, the team came up with a convincing answer: X2Go.
The developers integrated tools such as PXE boot and Debootstrap , NoMachine's free NX libraries , and tools like FUSE  and SSHFS  with desktop utilities and extensions for Gnome and KDE. PAM libraries add smartcard support and USB stick-based authentication to X2Go (Figure 1).
Thanks to the NX server's ability to suspend and resume sessions, version 2 was the first to support Sun Ray-style sign-on.
X2Go is now deployed on the clients and servers developed for Linux4Afrika  in Tanzania and Mozambique and Linux4Paraguay in Paraguay, as well as in many German schools (see the "Linux4Afrika and X2Go" box).
Linux4Afrika and X2Go
In Spring 2008, the Linux4Afrika  project, by the Freiburg, Germany-based NGO FreiOSS.net, moved from Edubuntu to X2Go. Hans-Peter Merkel, one of the project's leaders explains the move:
"The new X2Go version of the Linux4-Afrika sample server has put the association in a position to support networks larger than the typical classroom solution. LDAP integration is a very good solution for extending our project from schools to universities. Additional authentication tasks occur here in daily operations. Physical Linux clients can now log on to the Linux4Afrika LDAP server; packages from the standard repository allow for this with just a few configuration changes. Of course, deployment in this kind of environment necessitates operations in a heterogeneous operating system landscape. For this reason, the developers are currently working hard on integrating Windows clients.
"With most of our users preferring the Gnome desktop, Heinz Gräsing's team responded quickly to requests and implemented modifications for local device support in Gnome.
"The latest offshoot of the Linux4Afrika project in South America, Linux4Paraguay, will be the first to benefit from X2Go technology. At the end of 2008, Mozambique and Ethiopia will be the first to receive the new sample solution."
Brand New: Version 3
Version 3 will probably be available for production use by the time this issue hits the newsstands. The project is Debian oriented, so the X2Go developers are waiting for the stable version of Lenny before they go stable.
Four new features on the list outshine the numerous bug fixes and detail improvements: Besides Windows, Mac OS X, and Linux, they now have a mobile client for the open source Maemo  platform for Nokia phones and the long-anticipated Gtk client, including Gnome integration. The fourth addition is the ability for users to run individual applications without a desktop (Figure 2), just as on Citrix.
Although the Qt client supports all the new functions, the developers are still smoothing off some rough edges. For example, the newly implemented USB authentication is not quite finished. If you need this, you might want to wait until the developers have completed security features like timestamps, client IDs, and changing tokens before you update.
The next item on the to-do list is a web service for individual X2Go modules that will allow users to access files, sound, applications, or the complete desktop of a Linux machine over the Internet.
As the X2Go developers revealed at Ubuconf, they envisage a kind of private cloud computing dubbed Pccloud some time in the future; the cloud would use profile data to synchronize the session with the individual environment, including applications and data from online storage.
An X2Go USB stick is also planned as a portable Windows application.
X2Go seeks to create an open – but complete – terminal server environment, which explains the many software additions to the distribution. Additions include mechanisms for distributing the client filesystem via PXE boot, a login manager, administrative plugins for the KDE control center, and tools. NX compression methods allow for sessions over low-bandwidth links.
Buy this article as PDF
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm