Integration of PXE-based Desktop Solutions into Broadband Access Networks

Tiago Cruz1, Paulo Simões1, Fernando Bastos2, Edmundo Monteiro1 1DEI-CISUC, University of Coimbra 2PT Inovação Coimbra, Portugal Aveiro, Portugal {tjcruz, psimoes, edmundo}@dei.uc.pt [email protected]

Abstract — Presently there is a lack of remote desktop user data and access applications in the cloud. Netbooks, management solutions for domestic and SOHO users connected tablets and some smartphone platforms are now specifically to broadband access networks. This contrasts with the enterprise designed as thin computing devices. LAN environment, where there are several standards, resources At the present evolution stage, even if many users could and frameworks for PC or thin-client management. Among these, already permanently live and work on a cloud environment, one specific remote boot technology – the Preboot eXecution Environment (PXE) [1] – is now the basis for a wide array of traditional applications are still the norm on many usage LAN-wide desktop management applications. categories. As an example, even if some office and In this context, integrating PXE-based solutions into productivity suites are already offered as a service (e.g. broadband access networks would allow novel management Google Docs [2], Zoho [3]), they remain somewhat limited in paradigms, targeting not just domestic end-users but also comparison to their traditional, locally deployed counterparts, telecommuters working from their homes and small businesses in terms of features, functionality and usability. Also, some which are too small for local deployment of full-fledged traditional applications are starting to embed support for cloud enterprise desktop management platforms. service components (e.g. Microsoft Office suite [4]) but In this paper we propose a solution that brings the benefits of without replacing the traditional desktop computing model by managed desktop computing to home users, telecommuters and cloud computing. Instead, these two approaches will likely small businesses by integrating PXE technologies into broadband coexist, cooperate and merge with each other. access network environments. In addition, we also propose a The mainstream desktop device is still the standalone PC, desktop services delivery model capable of efficiently providing a secure and quality managed desktop experience to domestic and with a Total Cost of Ownership (TCO) that may largely SOHO end-users, using a PXE-based thin-client platform for exceed its initial acquisition cost, when including maintenance broadband environments that can replace a full-fledged PC and indirect costs. Organizations with dozens, hundreds or whilst maintaining most of its benefits. thousands of PCs feel this problem in a much bigger scale. For them, the industry created specific standards and tools for Keywords — PXE, Access Networks, CWMP/TR-069, DaaS enhanced desktop management. Managed PCs and thin-clients are both a result of those efforts. I. INTRODUCTION Yet, most of those technologies were developed for Regarded as the logical evolution beyond the centralized corporate LAN environments, leaving out domestic, Small (mainframe-based) and client-server paradigms, cloud Office Home Office (SOHO) users or even small computing is a somewhat vague term (more of a metaphor) organizations served by commodity broadband Internet that encompasses a wide array of technologies and concepts services. For these situations, existing alternatives are limited: that work together to allow the delivery and consumption of • Unmanaged standalone PCs, with a significant TCO services hosted and supported by remote data centers overhead and unable to be remotely diagnosed or recovered (providing dynamically scalable and often virtualized from bare metal, in case of critical failures. computing resources) to another service or an end-user, • generally using a web browser as a universal client. Standalone Intel vPro–certified [5] PCs with embedded out- of-band desktop management capabilities. However, vPro However, the fundamental cloud computing concept of is targeted towards conventional PCs and is only available delivering everything-as-a-service is heavily dependent on the on limited hardware and firmware combinations. existence of reliable and capable data pipes connecting • providers to service consumers. As such, cloud computing In the case of telecommuters or remote branches of larger owes much of its success to the increasingly available high- organizations, the use of remote desktop protocols – such as speed commodity broadband access networks (fixed and Microsoft’s Remote Desktop Protocol (RDP) [6], Citrix mobile) without which it would be an unfeasible proposition. Independent Computing Architecture (ICA) [7] or Virtual Network Computing (VNC) [8] – over SSH [9], SSL/TLS Also, the widespread availability of broadband network [10] or VPN tunnels on PCs or thin-clients. However, access, together with cloud services, spawned a new breed of depending on the VPN technology, thin clients can be thin-computing devices that heavily rely on such services. tricky to configure – alternatively the VPN client could be Instead of using the traditional model – where data and configured on the broadband router, an operation that might applications reside on the device itself – those devices store also require technical skills lacked by most users.

• Web appliances. However, despite recent developments, these appliances are still unsuitable for many applications and may represent, by themselves, a management problem.

Part of these problems might be addressed using remote boot Figure 1: PXE boot ROM API. technology. Until recently, network boot over access networks PXE-compliant Boot ROMs provide the means to control the was unfeasible due to bandwidth limitations. However, with boot process in order to download and execute either a full- broadband access networks bandwidth steadily increasing, this blown OS or just a small pre-boot management agent for restriction is disappearing, shifting the focus to the remaining diagnostic or pre-staging purposes. Through the use of PXE it obstacles – like the fact that PXE [1], the standard remote is possible to configure a desktop PC boot sequence to be network boot protocol, uses mechanisms such as the Dynamic preceded by a PXE boot attempt before using local mass Host Configuration Protocol (DHCP [11]) and the Trivial File storage devices, making it possible to download and boot a Transfer Protocol (TFTP [12]) in ways that make it unsuitable remote OS or a remote agent (in order to initiate maintenance for naked use over access networks or WAN links. tasks) or to proceed with the normal boot sequence from local In this paper we propose a solution for integrating PXE storage. Alternatively, it is possible to configure PXE boot to technology on broadband access networks, in order to allow be attempted only in case of local storage device failure (as a for better management of existing desktops and to enable the recovery mechanism). The operation of a PXE boot ROM creation of completely stateless thin-client devices capable of follows a simple three-stage process (Figure 2): securely booting a remote OS over broadband links. • IP subsystem initialization. The PXE Boot ROM gets a First we present a solution to overcome PXE limitations on valid IP via the DHCP protocol (1,2), together with DHCP access networks. In this perspective we also discuss how to option tags that identify the presence of PXE support at the integrate PXE support in the Internet Service Provider (ISP) DHCP server level, together with the location of the TFTP management infrastructure – making use of the CPE WAN server and the file name of the NBP to be downloaded. Management Protocol (CWMP) [13] to control PXE-related • TFTP download of the NBP (3,4), using TFTP. service parameters on the user’s access router. Next we • discuss application models for this solution, presenting Execution of the downloaded NBP agent (5,6,7). specific use cases where it can be used to remotely manage desktops, providing boot support for install, recovery or update procedures. We also discuss how to implement a completely stateless thin-client – thus enabling a complete end-to-end Desktop-as-a-Service model (DaaS) based on remote desktop technologies and boot-time downloaded OS. The rest of this paper is organized as follows. Section 2 discusses the PXE protocol and its usage on access networks. Section 3 discusses how to integrate CWMP-based access network management with PXE-enabled desktop management. Section 4 addresses application scenarios and Section 5 discusses implementation and validation. Section 6 Figure 2: PXE Agent Download Process. discusses related work and Section 7 concludes the paper. B. The problem with PXE on access networks When originally conceived, using PXE outside LAN II. INTEGRATION OF PXE ON ACCESS ENVIRONMENTS environments was not envisaged, since the download latency PXE is a Network Boot firmware extension for PC BIOS would be too high, even for small boot agents with limited created in the context of the Intel Boot Initiative. Supported by functionality. Meanwhile this assumption has been challenged most Network Interface Cards, it is a de facto standard for by broadband Internet access technologies like Asymmetric network boot. It was originally conceived as a special piece of Digital Subscriber Line (ADSL) and Gigabit Passive Optical firmware (the PXE boot ROM) that allowed to use the network Networks (GPON) [15]. Yet, other problems remain: adapter to download and execute an agent – the Network • PXE integrates with DHCP in a way that makes it a LAN- Bootstrap Program (NBP) – over a LAN at boot time, for specific protocol. Besides depending on DHCP to get a deployment, diagnostic or bare metal recovery. However, PXE valid IP address, it also receives PXE-specific information can also be used to support completely stateless thin-clients from the DHCP server, in the form of DHCP option tags [14] whose operating environment is downloaded from the passed to the boot ROM upon initialization. In access network when powered up, instead of using local firmware. networks the ISP DHCP server only manages IP addresses A. PXE operation model up to the domestic router – the customer LAN is managed PXE boot ROMs offer a set of APIs that allow NBPs to use by the internal DHCP server of the domestic access router. network resources independently of the network adapter • TFTP (used to download the NBP) is unsuitable outside hardware, through a Universal Network Device Interface LAN environments for a number of reasons. First, TFTP is (UNDI) API, complemented by UDP and TFTP APIs (Fig. 1).

frequently blocked on edge routers, requiring some sort of Operator Access VPN or tunnel to operate. Second, it is based on UDP and infrastructure router Domestic/SOHO implements a very simplistic transport and session support, LAN without any windowing mechanism, operating in lock-step Management NBP agent downloaded mode with only one packet (acknowledgement or data) on servers via HTTP(S) the network at any time (the exception being the Microsoft Desktop pipelined TFTP service [16]), resulting in low throughput PC DHCP DHCP+PXE over high latency links. Third, redundancy or load Server balancing is difficult to achieve using TFTP – there are no recovery mechanisms if a boot server is down. Finally, Figure 3: PXE operation on broadband environments. TFTP has no authentication mechanisms and, depending on In our approach, the original PXE boot ROMs were replaced the implementation and protocol version, can be limited to with gPXE. However, it is also possible to deliver gPXE as a a 32MB or 4GB file size. NBP agent from the local router itself via TFTP chain loading, • PXE is not secure. PXE does encompass the Boot Integrity keeping the legacy PXE ROM untouched. Since the gPXE Services (BIS) [17], which supposedly provide server binaries are very small (around 30KByte), they do not impose verification and validation. However, BIS in not supported a significant overhead penalty in terms of performance or local by most PXE implementations, making it possible to flash storage on the local broadband router (Figure 4). impersonate the server and provide tampered boot images. Either way (native gPXE or chainloaded gPXE), all related C. Enabling PXE over broadband access networks services (such as DHCP) and parameters must be correctly embedded and configured on the broadband router. This Enabling PXE over broadband access networks implies – in implies some kind of configuration framework enabling the addition to the provision of application frameworks such as the ISP to remotely enable and manage PXE support on the ones that will be discussed in Section 4 – addressing each of broadband router. The next section will deal with this topic. the problems already identified: • DHCP integration can be solved by dynamically configuring the customer LAN DHCP server on the broadband router to deliver the correct BOOTP option tags [18], even if pointing to a boot file located on a remote server outside the customer LAN (Figure 3). • TFTP can be replaced by the Secure Hypertext Transfer Protocol (HTTPS). The idea of replacing TFTP by HTTPS is not novel, even if so far with LAN environments in mind. One specific network boot loader (gPXE [19], from the Etherboot Project) already provides this feature as an Figure 4: gPXE Chain Loading using a Standard PXE Boot ROM. option, supporting PXE with TFTP or HTTPS. gPXE can be used as a drop-in replacement for an existing boot ROM III. EMBEDDING PXE SUPPORT ON (by flashing it over the existing PXE firmware). CWMP-BASED MANAGEMENT FRAMEWORKS Alternatively, gPXE can also be chain loaded by legacy It makes no sense to have PXE-support over access PXE boot ROMs (thus implying no firmware or hardware networks if there is no supporting infrastructure on the other modifications) or executed from an USB stick. side (ISP and/or third-party provider). According to the HTTPS solves several problems at the same time. Since it application scenario, this infrastructure encompasses is based on TCP sockets it is more reliable than TFTP over connectivity, boot services, desktop management services and broadband links, which are prone to higher bit-error rates remote desktop services. This makes it necessary to coordinate than LAN connections. Second, it becomes possible to PXE with the management framework used by the ISP. achieve load balancing on HTTPS/PXE boot servers using Modern broadband access routers are multi-service mechanisms as simple as DNS round-robin. Finally, gateways capable of delivering services such as DHCP, NAT, because gPXE allows for a chain of boot URLs to be firewall or DNS caching to the internal LAN. These devices, passed on, it is possible to implement a redundancy which constitute a category of Customer Premises Equipment mechanism that allows for the PXE ROM to sequentially (CPE), are gradually including management interfaces, attempt booting from a series of boot servers. allowing operators to remotely provision and configure them. • PXE Security might be enhanced with HTTPS, to guarantee They also perform the role of DHCP servers for internal the security of the downloaded stream (avoiding the use of LANs. Since PXE depends on DHCP, it is necessary to take a VPN technologies and using SSL instead). The PXE step further and incorporate support for PXE broadband boot process is still somehow vulnerable during the initial stages into those devices, preferably using the standard management (carried inside the domestic/SOHO LAN and based on protocols already in place. DHCP), but at least there are no additional security risks The Broadband Forum CWMP [20], also known as TR- introduced by accessing a server across a public network.

069 (Technical Report 069), is the current de facto standard IV. APPLICATION PARADIGMS for CPE management in broadband access networks. CWMP The increasingly available bandwidth on broadband access is not intended for management of the internal LAN (like networks – together with PXE support and CWMP-PXE Universal Plug-and-Play [21]) but rather to allow the ISP to integration – enables ISPs and service providers to deliver a manage devices located in customer premises, such as access whole new class of services over broadband, designed to routers, set-top-boxes and IP phones. minimize desktop TCO while fulfilling users’ needs. In this CWMP is based on a customized version of SOAP [22], Section we discuss three possible application paradigms. and the CWMP remote management server – operated by the ISP – is designated as the Auto-Configuration Server (ACS). A. Managed PCs A discussion of CWMP and some of its potential application The first scenario corresponds to the usage of classic PCs fields is available at [23]. with locally stored data and applications. In this context, CWMP can be used by the ISP to configure all PXE- enabling PXE over broadband access networks makes it related parameters on the CPE, enabling the provider to possible to provide new services: configure which agents and/or which boot images each • Small Businesses may subcontract PC management to third managed desktop may use and download upon boot. Specific party providers, which, using servers located in remote data PXE service entries can be added to the CWMP data model, centers, may provide a number of PC management services: allowing the ACS to configure PXE parameters on each bare metal recovery of OS images, automated OS upgrades managed CPE. It is possible to include relevant PXE and and remote diagnostics. In this context PXE drastically cuts managed desktop attributes in the home gateway CWMP data operations costs, since the need for on-site interventions is model through the use of the dynamic TR-106 extensions strongly reduced and there is no need to place one server on discussed in [23]. Following this approach, for each managed the premises of each customer. device (thin client or PC) a PXEdevice service entry might be • Large corporations may use this model to manage PCs of added to the TR-106 data model, containing: their telecommuters and small remote offices, as an • The identification of the device. alternative to the current VPN-based solutions. • Its MAC address (optional – for DHCP static leases only). • ISPs might start bundling managed PCs to their commercial • Its IP address (optional – for DHCP static leases only). offers, addressing both domestic and small business users. Many ISPs already include bundled PCs in their offers • Its specific BOOTP DHCP option tags (option tag 66 - boot (desktops, netbooks), and in that context adding PXE- server and option tag 67 - filename). enabled management mechanisms to those PCs would The CWMP agent of the access router uses this data to reduce after sales costs and increase customer satisfaction. reconfigure the embedded DHCP server, so that it can provide the information to the PXE boot ROMs (through option tags). B. Desktop-as-a-Service and thin-client computing To enhance PXE operation, an ISP may also use CWMP to Thin Clients are well known in enterprise LANs. Being configure a private virtual circuit pipe in order to offer QoS little more than appliances based around low-cost commodity assurance to PXE, related management traffic and remote hardware, bundled with a remote desktop protocol client desktop services. This makes it possible to establish SLA embedded in firmware, they are in many ways the modern agreements between ISPs and third-party providers of desktop counterparts to the old dumb terminals. services (commercial providers or private companies serving When properly managed, enterprise thin-client computing their own telecommuters and remote offices) to allow end-to- has considerable TCO savings in comparison with typical PCs end differentiation of desktop service traffic, for security [24]. Thin-clients are less prone to critical hardware failures, and/or QoS purposes. Depending on the circumstances the ISP consume less energy and produce less noise. Since data and might provide just simple management support (using its applications reside in remote servers, there is no locally stored CWMP platform to configure PXE parameters at the user state information to save and backup in case of replacement. access router), QoS-enabled virtual channels or security The entire management burden (backups, software and OS services (e.g. ISP-assisted VPNs). Figure 5 illustrates this updates, etc.) moves to server level. scenario, both for managed PCs and for thin clients. The recently coined DaaS concept – an offspring of thin- client computing and virtualization – applies to the delivery of a desktop environment as a subscribed service [25]. DaaS delivery models can be classified in three categories: • Hosted desktop session. This is roughly the same concept that has been used for years in traditional thin-clients. A remote server (e.g. a Microsoft Windows Server with licensed Terminal Services [26] or a Nomachine NX [27] infrastructure with a X/Windows [28] or Windows Server backend) provides simultaneous remote sessions over a Figure 5: PXE-based broadband desktop management. specific remote desktop protocol, on a shared server.

• Hosted virtualized PC/desktop instance. Instead of sharing The concept may be further extended, by using a mix of a server instance, complete desktop PC instances are self- local applications (delivered on the OS image), remote contained and virtualized on specific platforms (e.g. applications (accessed using remote desktop protocols in VMware ESX hypervisor platform [29]) or physically application delivery mode) and browser-based applications hosted in datacenters, as blade PCs. that use local processing power for media handling without • End-device local virtualization. Virtualized desktop stressing the network. instances run locally on the end-device (a PC), on a locally The “end-device local virtualization” DaaS model fits deployed hypervisor. The desktop instance image may be perfectly in this paradigm. An important benefit from the streamed or kept on local storage, using disconnected proposed “empty shell” approach relates with stability and computing capabilities in the later case to resynchronize security: since the terminal device stores no operating user data and applications when the client device is back on firmware, if the image of the operating environment becomes a suitable corporate network – Citrix XenDesktop [30], for corrupted (either by failure or by security attacks) the next instance, supports this operation model. Although reboot will simply load a new image, supplied by the provider. developed for corporate LAN environments, this approach This way, enabling PXE over broadband access networks may also become suitable for commodity broadband access extends the range of such devices beyond enterprise LANs. networks, with the increasing available bandwidth. Broadband users might also benefit from DaaS, replacing V. IMPLEMENTATION AND VALIDATION COMMENTS standalone PCs with thin clients. This way desktop computing A proof-of-concept prototype was implemented, using an becomes a secure and managed commodity service. extensible CWMP management platform previously In this context, instead of using conventional thin-clients developed by the authors [23] and gPXE [19]. This prototype with specific connectivity protocols (e.g. RDP, NX, ICA or was then integrated in a testbed emulating the ISP CWMP PCoIP [31]) pre-loaded in the firmware, PXE might be used to management server, the customer premises LAN and the build a generic “empty shell thin-client” without local service provider infrastructure. In order to mimic the firmware (downloading its entire operating environment from conditions and restrictions imposed by the broadband access a provider at boot, instead of relying on internal firmware). link, a transparent Dummynet bridge [36] interconnects the This type of thin-client does not require firmware updates or customer with the ISP and the DaaS provider. replacement to support protocol updates or migration. The access router is a linux system with two network This results in increased flexibility and manageability, interfaces, supporting NAT, a CWMP agent and the ISC since even the lightweight operating environment of the thin DHCP service [37] configured to assist PXE boot. client is downloaded at boot time. This operating environment The thin client is a proof-of-concept “empty shell” built is assembled by the DaaS provider – which, as already around cheap, of-the-shelf components similar to those mentioned, might correspond to the ISP itself or to third-party normally found on commercial thin-clients (x86 1.2MHz providers – according to the needs of each customer profile. CPU, 1GB RAM, embedded LAN, audio and graphics). This means that using a common hardware base it is easy to On the DaaS provider side there is an HTTP boot server dynamically customize the experience of each user. for “remote” PXE. There is also a group of servers providing C. Autonomous “Empty-Shell” Appliances desktop environments based on RDP, Nomachine and PCoIP. These servers had no direct role in the experimental Until recently, conventional remote desktop protocols used measurements we present in this paper (specifically focused on hosted environments were not media-friendly, especially on PXE and the desktop boot process) but showcase the with video streams [32]. A new generation of protocols application paradigms discussed on Section IV. designed to overcome those limitations – such as ICA/HDX [33], PCoIP or RDP 7 [34] – has finally made possible to deliver a PC-like desktop experience on thin-clients (as discussed on Section V, however, those new protocols are not equally suitable for hosted DaaS services over broadband). As an alternative, the already mentioned “empty shell thin- client” paradigm may enable a particular variation of the concept where some applications are locally downloaded together with the OS at boot time (packed inside the PXE- downloaded boot image) while the user personal data are Figure 6: Experimental Testbed. stored on cloud storage services. This scenario is inline with A. Adjusting Dummynet to emulate the access network the advent of so-called “Cloud OS” proposals, like the upcoming Google ChromeOS [35] – where applications are In this study we established as reference a set of typical supposed to run inside a browser. This approach is also media- commercial offers based on ADSL and GPON. In order to friendly from the ground up, provided that media support is adequately emulate the access network conditions, technology included on the OS image (and associated browser). and protocol overhead were taken into account.

In the case of ADSL it was assumed ATM-based the thin-client using DHCP tags provided by the DHCP encapsulation. Considering the use of PPP over Ethernet service embedded on the emulated broadband access router (PPPoE) [38] this results in Ethernet frames on the ATM over located in the user premises. The ISP previously defined these ADSL data link layer. After PPPoE, next encapsulation stages tags, using the ACS Server and CMWP agent of the router. add overhead as follows: Performance measurements encompass four phases: • First, there is RFC 2684 encapsulation (PPP over ATM • Hardware power-on-self-tests (which do not depend on the AAL5 [39]), with up to 10 octets overhead. network and take around 15 seconds for all cases). • Next, the packet is placed on an AAL5 Common Part • PXE initialization elapsed time. Convergence Sub-layer (CPCS) Protocol Data Unit (PDU), • Download of the MiniOS image. which accounts to an extra 8 octets header. A CPCS PDU • And boot of the MiniOS image (which does not depend on can have a payload of up to 65535 bytes, padded to fit on the network and takes around 43 seconds for all cases). 48-byte ATM cells. • The gPXE TCP/IP stack was tuned in order to better scale When converted to an ATM fixed-size cell (using AAL5), with increased bandwidth in broadband scenarios. Due to the stream is broken into multiple cells of 53 bytes (48 memory space and other constraints, the gPXE TCP stack bytes of data and 5 bytes of header information). This lacks features such as out-of-order packet recovery, selective accounts for the “ATM cell tax” around 10.4%. ACK, window scaling or congestion control, which together Since its value is not fixed and varies with packet size, with a default TCP window size of 4KB make the download average overhead must be estimated with base on a packet size performance very dependent of link latency. To deal with this distribution. For a uniform packet size distribution on shortcoming, the TCP window size was increased to 32KB, PPPoE/LLC without FCS MAC, Aken [40] estimates an enough to cope with broadband scenarios but short from the efficiency value of 83.5%. This value was adopted as the optimal size of approximately 61KB (due to intrinsic reference for our ADSL test cases. limitations of the current implementation of gPXE). In the case of GPON it was assumed the use of GPON Performance measurements (Table 2) clearly show that Encapsulation Method (GEM) [41]. GEM supports a native PXE over broadband access networks is viable, both from a transport without an added encapsulation layer, with an functional point of view and from a usability perspective: for estimated efficiency of 93% (calculated assuming collected GPON users the elapsed time from power-up to a fully data with a distribution of 53.3% for 64-byte, 28.1% for 512- operational desktop is similar to the 100Mbps LAN reference. byte and 15.6% for 1518-byte packets). For testing purposes, Even users using slow ADSL 4Mbps connections have native IP traffic was assumed (straight IP over Ethernet, tolerable performance: 2 minutes and 28 seconds from power- without PPPoE, as used by some GPON providers). up to a fully usable desktop, compared to 1 minute and 12 Table 1 lists the effective bandwidth, round-trip latency seconds of the reference LAN scenario. This happens since and packet loss parameters defined for each test scenario. For differences in MiniOS download times are attenuated by long ADSL emulation the Dummynet uplink and downlink queues network-independent phases, such as hardware power-on-self- were set with a depth of 10 and 30 packets, respectively. Also, tests and MiniOS boot (it should be noted, however, that an MTU of 1492 was configured to reproduce PPPoE-induced bigger OS images might degrade this ratio). fragmentation. For GPON emulation the uplink and downlink TABLE II. PXE PERFORMANCE OVER ACCESS NETWORKS queues were configured with a depth of 40 packets. (average of 10 PXE MiniOS Total time Standard TABLE I. BROADBAND TEST REFERENCE SCENARIOS experiments) initialization Download since power up deviation Nominal Effective LAN 100Mbps 00:07 00:06 01:12 0.09s RTT Pkt. bandwidth (bps) bandwidth (bps) ADSL 4Mbps 00:08 01:22 02:28 0.48s Latency Loss (Down/Up) (Down/Up) ADSL 8Mbit 00:08 00:44 01:50 0.89s 4M 512K 3.34M 427.5K 20ms 0.1% ADSL 16Mbit 00:08 00:32 01:37 0.39s 8M 512K 6.68M 427.5K 20ms 0.1% ADSL ADSL 24Mbit 00:08 00:30 01:36 0.64s 13.36M 16M 1M 835K 20ms 0.1% GPON 20Mbit 00:07 00:15 01:20 0.48s 24M 1M 20.04M 835K 20ms 0.1% GPON 100Mbit 00:07 00:07 01:13 0.34s 20M 2M 18.6M 1.86M 5ms 0% GPON 100M 10M 93M 9.3M 5ms 0% C. Considerations about hosted DaaS models and protocols B. Experimental Measurements The performance study discussed in Section V.B is directly To test PXE over broadband, a proof-of concept mini OS focused on the boot process, where PXE plays a direct role. was created, with a compressed payload around 30MByte Nevertheless, the success of the application paradigms (kernel and file system). It is based on the Slitaz Linux proposed in Section IV also depends on runtime performance Distribution [42], including a browser, a media player, basic and the quality of the user experience, when using remote tools and desktop clients for RDP and Nomachine. This mini desktop services over broadband access networks. OS is downloaded by the thin-client at boot, via PXE. The feasibility of delivering hosted DaaS services over The Mini OS image is deployed on the HTTP boot server broadband depends on variables such as the adopted model, (Figure 6). Its location is advertised to the PXE boot ROM on application usage and, particularly, network performance (with bandwidth and latency coming on top). Apart from

bandwidth, latency is crucial when evaluating remote desktop TFTP by HTTPS), gPXE does not address PXE over access performance because it accounts for a considerable part of the networks, lacking for instance the integration with CWMP overall desktop session response time, which ideally should be management for remote configuration of PXE parameters. below the human perception threshold of 50-150 ms [43]. Intel Active Management Technology (iAMT), which Classic remote desktop protocols (like ICA, RDP until constitutes the core of the vPro Management Engine [5] may version 6.1 or NX), originally designed for use in session- be an alternative for centralized remote management of based hosted environments, had very limited multimedia conventional standalone desktop PCs over broadband, since it handling capabilities (low-rated, unidirectional audio with no supports roaming communications and integrates with several support for video streams), being only suited for DaaS management technologies, including PXE. However, it is only delivery on business environments. Meanwhile a new supported on a very limited subset of business-oriented PCs generation of protocols (e.g. ICA/HDX, RDP 7) delivers a with specific firmware and intel-only hardware, excluding the more complete desktop experience for both session-based and majority of existing PCs and, more important, practically all virtual instance hosted models, with features such as thin-clients. iAMT also requires specific infrastructure support bidirectional audio and media redirection for local rendering. to handle roaming users, though a management presence agent In some cases, as with RDP 7, newer protocol versions on the corporate firewall. Moreover, it raises concerns because perform significantly better on high-latency links, while most users are not able to detect remote access to their PCs via consuming less bandwidth and offering increased iAMT, turning a management tool into a potential backdoor. functionality. By using techniques such as request-reply While thin-client computing has been employed primarily round-trip elimination, adaptive bandwidth usage, caching or on enterprise LANs, a few providers attempted to provide progressive build (providing lossy-compressed images which similar services over WAN [44-45], either for selected are progressively built to a full lossless state), those protocols applications or complete desktop environments, by using are narrowing the gap between traditional standalone PCs and conventional remote desktop protocols. In the same line, some remote desktop computing. In some cases (e.g. ICA/HDX) organizations rolled-out their own remote desktop support explicit support for remote office DaaS delivery is provided, infrastructures, for telecommuters and remote branches [46]. using a branch repeater appliance that uses caching techniques However, there are few independent studies comparing the and de-duplication of data for hosted applications and local performance of thin-client solutions on such environments. staging for streamed applications, thus being able to improve Howard [47] analyzed the performance of several hardware scalability and delivery speeds, whilst decreasing bandwidth thin-clients using the i-Bench benchmark suite, albeit centered usage on normal desktop sessions and increasing the number on server-side performance and foregoing client-side of simultaneous users supported on a single WAN connection. performance. Nieh [48] and Yang [32] compared the We are currently conducting a comparison of remote performance and efficiency of thin-client protocols, analyzing desktop protocol performance on broadband environments. their performance relation with network bandwidth by using Although this study falls outside the scope of this paper, it slow-motion benchmark techniques to assess loading latency should be mentioned that its preliminary conclusions show for visual elements. Lai [49] studied thin-client WAN that not all protocols might be equally suitable to DaaS performance, including efficiency with packet loss and high delivery over broadband access networks. While RDP 7, latency situations, finding no significant impact until a 4% ICA/HDX and PCoIP seem capable of delivering a near- packet loss level was reached, well above typical commodity complete PC experience to the end user – with perfect network broadband ratios. These studies also confirmed shortcomings conditions – they behave differently on broadband on media usage (especially video) with classic RDP and ICA environments, with PCoIP performing better on low-latency, protocols. Nevertheless, a deeper analysis on the effects of high-bandwidth situations and ICA/HDX on the opposite. congestion and loss on thin-client performance was left to Classic RDP (up to 6.1), ICA and NX are adequate to business further study. usage (where media support is not a critical issue) with the later two performing well on high latency links. The ongoing VII. CONCLUSION AND FUTURE WORK study also suggests that, for accessing hosted DaaS services, In this paper we proposed a framework for using PXE on QoS traffic prioritization and bandwidth management can commodity broadband access networks. This framework make a significant difference in terms of user experience. makes it possible to provide a number of desktop management solutions (previously limited to enterprise LANs) to small VI. RELATED WORK businesses, telecommuters and domestic users. To the best of our knowledge this is the first proposal to First we identified the limitations of using PXE outside extend PXE – or equivalent remote boot protocols – over enterprise LANs and discussed how to overcome those broadband access networks. In this context, the closest related limitations. Next, we discussed the integration of PXE support work is probably the Etherboot Project, with gPXE [19], in a CWMP management framework, allowing for centralized which has been actively trying to extend PXE functionalities management of PXE boot support at the ISP level, with in multiple directions. Nevertheless, despite implicitly remote configuration of protocol-related attributes and other including some building blocks (such as the replacement of properties – such as virtual circuits for QoS provisioning of

PXE and remote desktop session network traffic. This also [14] T. Cruz, P. Simões, "Enabling PreOS Desktop Management", Proc. of eliminates the need to involve users in the configuration the IM’2003 (IFIP/IEEE Int. Symposium on Integrated Network Management), Colorado Springs, May 2003. process, therefore reducing the potential of service disruption [15] ITU-T, “Gigabit-capable passive optical networks (GPON): General by misconfiguration or undesirable tweaking attempts from characteristics Amendment 1”, Recommendation ITU-T G.984.1, 2009. inexperienced users. In this context, we also discussed how [16] T. Gorman, “Windows Deployment Services Technical Reference”, this approach integrates with the ecosystem constituted by Micrososft Corporation, March 2009. [17] Intel Corporation, “Boot Integrity Services Application Programming end-users, ISPs and (possibly third-party) providers of DaaS Interface Version 1.0”, December 1998. and/or desktop management services. [18] S. Alexander, R. Droms, “DHCP Options and BOOTP Vendor Extensions”, IETF RFC 2132, March 1997. Then we discussed potential application paradigms for this [19] H. P. Anvin, M. Connor, “x86 Network Booting: Integrating gPXE and ecosystem, including managed PCs, DaaS, Thin-Client PXELINUX”, 2008 Ottawa Linux Symposium. computing, and autonomous “empty-shell” appliances. [20] Broadband Forum, “CWMP XML Schemas and Data Model Definitions” Finally we addressed implementation issues and provided [21] Universal Plug and Play (UPnP) Forum, “UPnP Device Architecture an experimental study focused on validating the use of PXE 1.0”, July 2006. on broadband access networks – addressing performance and [22] W3C Consortium, “SOAP Version 1.2 Part 1: Messaging Framework functional validation. Complementing that experimental study, (Second Edition)“, April 2007. [23] T. Cruz et al., "CWMP Extensions for Enhanced Management of we also discussed the performance of remote desktop Domestic Network Services", Proc. of LCN’2010 (The 35th IEEE Conf. protocols over broadband access networks – a fundamental on Local Computer Networks), Denver, USA, September 2010. requisite for the previously identified application paradigms. [24] E. Davis, “Green Benefits Put Thin-Client Computing Back On The Desktop Hardware Agenda”, Forrester Research, March 2008. Overall, the proposed PXE extension to broadband [25] J. Fisher, ”Desktone and Desktops as a Service (DaaS) – Transforming networks – when combined with the proposed DaaS service the Corporate PC”, Desktone Inc., April 2008. models and thin-client solutions – provides increased security, [26] Microsoft Corporation, “Technical Overview of Windows Server 2008 total protocol independence and dynamic provider-driven Terminal Services”, January 2008. [27] S. Regis, “Introduction to NX technology”, July 2009. customization. This CWMP-managed, PXE-enabled DaaS [28] B. Schleifer, “FYI on the X Window System”, IETF RFC 1198, 1991. model brings together the benefits of thin computing desktop [29] VMware Inc., “Getting started with ESX”, 2009. solutions and broadband environments, while promoting an [30] Citrix Corporation, “XenDesktop Modular Reference Architecture”, integrated view of the service, involving the multiple January 2010. [31] A. Black, “PCoIP Display Protocol: Information and Scenario-Based providers to deliver the services to the end-users. Network Sizing Guide”, 2010. Plans for future work include studying support of PXE [32] S.Yang et al., “The Performance of Remote Display Mechanisms for over wireless broadband and the already mentioned Thin-Client Computing”, Proceedings of USENIX 2002 Annual Technical Conference, Monterey, USA, 2002. performance study, comparing the behavior of remote desktop [33] Citrix Corporation, “Optimizing HDX Technologies for XenDesktop 4 protocols in fixed and mobile broadband access networks. Whitepaper, Revision 1.0”, March 2010. [34] Microsoft Corporation, “Remote Desktop Connection Protocol ACKNOWLEDGEMENTS Performance and Improvements in Windows Server 2008 R2 and Windows 7“, January 2010. This research work was partially funded by Fundação para [35] S. Pichai, “Introducing the Google Chrome OS”, http://googleblog. a Ciência e Tecnologia (FCT grant SFRH/BD/29118/2006) blogspot.com/2009/07/introducing-google-chrome-os.html, July 2009. [36] M. Carbone, L. Rizzo, “Dummynet revisited”, SIGCOMM CCR, Vol. and by PT Inovação, in the context of the S3P Project. 40, No. 2, November 2009. [37] Internet Systems Consortium, “What is ISC DHCP?”, REFERENCES http://www.isc.org/software/dhcp/about [1] Intel Corporation, “Preboot Execution Environment (PXE) specification [38] L. Mamakos, “A Method for Transmitting PPP Over Ethernet (PPPoE)“, version 2.1”, September 1999. IETF RFC 1516, February 1999. [2] Google Docs, http://docs.google.com [39] D. Grossman, J. Heinanen, “Multiprotocol Encapsulation over ATM [3] Zoho Corporation , http://zoho.com Adaptation Layer 5“, IETF RFC 2684, September 1999. [4] Microsoft Corporation, “Office Web Apps”, http://www.microsoft.com [40] D. Aken, S. Peckelbeen, “Encapsulation Overhead(s) in ADSL Access /office/2010/en/office-web-apps/default.aspx Networks”, Thomson SA, June 2003. [5] Intel Corporation, "Intel vPro Technology Reference Guide, Rev. 2.1", [41] International Telecommunication Union, “Gigabit-capable passive February 16, 2010. optical networks (GPON): General characteristics, Amendment 1”, ITU- [6] Micrososft Corporation, “Remote Desktop Protocol: Basic Connectivity T G.984, October 2009. and Graphics Remoting Specification”, Revision 19, June 2010. [42] Slitaz GNU/Linux, http://www.slitaz.org. [7] J. Harder et al., “Technical Deep Dive: ICA Protocol and Acceleration”, [43] B. Shneiderman, “Designing the User Interface: Strategies for Effective July 2009. Human-Computer Interaction, 2nd Ed.” Addison-Wesley, 1992. [8] T. Richardson, “The RFB Protocol Version 3.8”, RealVNC Limited, [44] Desktone Inc., http://www.desktone.com/ November 2009. [45] SCC Inc., http://www.scc.com [9] T. Ylonen, C. Lonvick “The Secure Shell (SSH) connection protocol”, [46] Microsoft Corporation, “How MSIT Uses Terminal Services as a IETF RFC 4254, January 2006. Scalable Remote Access Solution“, Technical White Paper, Feb. 2008. [10] T. Dierks, C. Allen, “The TLS Protocol”, IEFT RFC 2246, Jan. 1999. [47] B. Howard, ‘‘Thin is back’’, PC Magazine, Ziff Davis Media, April [11] R. Droms, “Dynamic Host Configuration Protocol”, IETF RFC 2131, 2000. March 1997. [48] J. Nieh et al., “Measuring Thin-Client Performance Using Slow-Motion [12] K. Sollins, “The TFTP protocol (Rev. 2)”, IETF RFC 1350, July 1992. Benchmarking”, ACM Transactions on Computer Systems, Vol. 21, No. [13] Broadband Forum, “TR-069 - CPE WAN Management Protocol 1, February 2003. specification v1.1, Amendment 2”, December 2007. [49] A. Lai, “On the Performance of Wide-Area Thin-Client Computing”, ACM Transactions on Computer Systems, Vol. 24, No. 2, May 2006.