I am going to assume this is an artificially crippled piece of sh*te rather than something we can install a minimal operating system on right?
Locked bootloader, doomed to fail like Windows RT?
Microsoft is having a go at the terminal market with a device purpose-built to connect to Windows 365, imaginatively named "Windows 365 Link." Two monitors showing a Windows 11 desktop connected to a Windows 365 Link device Windows 365 Link – Pic: Microsoft Now in preview, the device is fanless and does not run any local …
From The Verge; Windows 365 Link is secure by design, using all of Microsoft's previous work of locking down Windows and even the Xbox xonsole to keep hackers out. That means it won't run anything local on-device other than a lightweight OS that's designed to get you into a Windows 365 cloud PC as quickly as possible.
So it sounds pretty locked down. Hard to say until hackers get their hands on them, but it sounds like they've put a fair amount of effort into preventing them from being repurposed.
Which makes sense. There is only one reason for someone to buy these. They have to be so restrictive that they don't want their users to be able to do anything and they have to have decided that Azure virtual desktops are the right way to get what they want. They won't be buying these for price; you can get a perfectly capable small desktop for a similar or lower price and, if you just want a terminal, you can get a less powerful computer and use it as a terminal for less money. Therefore, you have to be actively paying for it being locked down, so it makes sense to lock it down in the design.
I'm sure someone will try to hack it and possibly succeed, but I bet they will try in a few years when one of these is discarded. It makes no sense at all to buy one even if you could hack it because you could pay less for more hardware with no hacking required to use it as you like.
If it's not a full featured computer, and it's not saving you money on licenses or power over a standard SFF PC or laptop....WTF is it for?
I can imagine a use case for someone who wants a very high spec PC which will only be used for a limited time each month - buy one of these boxes and spin up a VM in Azure as an when needed. The TCO would be less than buying an equivalent physical high-spec machine.
However....if that's your use case then your almost certainly the sort of person with some other sort of laptop/desktop kicking around that you can use for the same thing, so no compelling argument to buy one of these new boxes.
It's for businesses that are exclusively using virtualization for employee desktops. With a traditional thin client a user has to log in, wait for it to load, launch the Windows app, and log in again to AVD. Plus, a thin client has an OS (that will never be used except to launch the Windows app) that needs to be kept up to date and can get viruses it can spread across the network. It makes device management a lot easier and makes it easier for end users who can't tell the difference between a local desktop and a VM. You just log in and go. When I did IT there were so many people that would have an issue on their VM, restart their thin client, and wonder why everything was the same when they logged back into their VM.
This isn't even the first of this style device on the market. Multiple manufacturers make "zero" clients that do nothing but connect you to VMware. This is just an AVD zero client.
Surprised they are selling it this way, the phone model would be better, throw it in with a slightly higher 365 subscription locked in for 2 or 3 years. Would probably make more money that way although the upfront costs would be higher but MS has no shortage of cash to invest.
"We reinvented thin-client terminal servers again!"
I'm sure that Citrix are grateful / fuming at the competition.
Next I think we should consolidate everything that we previously decentralised and then we should reinvent Active Desktop yet again because people are bored of Metro already.
We have over a hundred thin clients in a single factory site, all running IGEL OS.
Splendid stuff. More secure and much less troublesome than using computers at the shop floor. Management is simple.
Citrix is fine. Citrix the company is not! The Citrix app virtualization works very well. Netscalers too.
These Microsoft terminals are nothing special. Similar Thin-Zero clients are available from all Dell-HP-Lenovo so what's with the brouhaha??
IGEL. That was the product I couldn't remember the name of. A few years and a few jobs ago certainly, but I knew some very happy IGEL customers who were sweating old assets for additional years using it. No experience of it myself but they spoke very highly of it.
Similar Thin-Zero clients are available from all Dell-HP-Lenovo so what's with the brouhaha??
My guess is that these remove the need to administer the thin PCs yourself (however little you have to do) - I bet Microsoft will happily plug them all into an Intune instance and make sure the OS is up to date, has the latest connection profiles for Azure Virtual Desktop (AVD) etc, and they'll take the responsibility for their security too.
So if you're in IT you basically have to register the terminal to your organisation, put it on a desk somewhere with an internet connection, and forget about it, except for hardware calls. With a thin client from another manufacturer you'd have to make sure the OS was regularly updated yourself, that it could connect to whatever it was connecting to (if they even support AVD connections rather than spice or VNC or citrix virtual desktop or whatever), and that it was kept as secure as possible within your org's network.
I can safely say that it will and won't depending on how big a user you are, whether there's an offer on, whether it looks like you might leave MS, whether there would be a revenue drop to MS if you switched to this strategy or whether you asked on a Tuesday or a Thursday.
Warning icon as you'll need to be wary.
...of any of those tiny form-factor n100 boxes that you can get basically everywhere these days, which can run a real operating system and drive a pair of 4K displays.
Which does rather leave one asking "Why?". I mean, do in fact use said little N100 boxes as terminal service machines, but they can also boot Ubuntu.
In fact that's how I use them as terminal service machines. Log in with your regular network credentials, run the "terminal services" application, get presented with a list of remote machines you can use to do heavy compute on if you need to - alternatively all your email and web browsing needs can be met right here. In fact the vast majority of non GPU related needs can be met right here, because it's a fucking 3GHZ machine with 16G of ram. For $175.
I wonder if the issue here is security? If the machine contains next-to-nothing that's capable of running anything on the machine itself, then the machine has quite a high implicit level of security - even if some ne'er-do-well can get physical access to the machine then so long as it's powered off they can't molest it. Pound-for-pound those small form-factor boxen offer more features but for some users the absence of features could be seen as worth paying for,
I'd be willing to buy that argument except for the way that it's going to be 100% proven false when we get our hands on the things. If you baked everything it was capable of doing into hardware - proper vt220 terminal style - then you could argue that it'd be very secure. But they're not going to do that, are they? Because to actually connect to the internet and Microsoft's cloud services it's going to need a fairly deep software stack, and that software stack will contain bugs, and that means they're going to release patches.
I absolutely guarantee that in there will be a totally normal - albeit possibly arm based - machine running a stripped down version of Windows itself. Sure, it might have secure boot turned on, it might have a properly signed software stack - but we can already do that on a normal machine. What we won't find in there is the entire set of software necessary to make it work baked into an eprom. Hell, the software stack necessary to detect the proper resolution and colour depth of whatever monitors happen to be attached to it is too complex to be hard-coded into firmware with any degree of confidence that it'll work properly long term.
As per the article, this is aimed at the Enterprise sector, and does not run local apps and has no local storage. It has the ports for comms and USB devices, so i assume ??? that moving data from the Cloud to a local USB drive may be possible.
To me, as others have mentioned Citrix, this is for further control on what the employees can do, whilst paying a monthly fee to ensure that the OS is up to date security wise, as it is on the Cloud.
Whether the device is under a maintenance agreement whilst you are renting the OS, is not clear, but if it is, then that is the hardware aspect removed from business costs.
Microsoft are asking the "enterprise" customers to put full faith in their ability to maintain the system for 24/7 and 365. He he.
Only obvious snag is that if the comms goes down, then no one can work.
Yes. That's kinda my point.
It's double the price of a much more useful device that can do everything this does, and more. If I were so inclined I could have locked the machine down even more such that all it let you do was terminal services stuff, but the only case I can think of where that would be desirable is if I were really worried about the end users copying files on and off the remote endpoints. That's a really niche case, and again, one that's already covered by cheaper commodity hardware.
And the OS on this... thing... is still going to need patching because this is way too complex a device to be totally static.
This i perceive is Microsoft offering a piece of hardware and service, where the enterprise just has to rent the service with all the hard work of maintenance and support done for them.
I get that the product is costly, but enterprises may through "accounting" determine that the cost is acceptable for the gains elsewhere.
If it is a thin client, and no local storage, then all apps are in the cloud, and hence they are downloaded as is the OS at boot time ?
The company has full control on who can do what. Which may appeal to many enterprises.
Thing is, it has local storage. You, the consumer, may not be allowed to use it but it must have it. It's own operating system needs to live there. At minimum there's got to be something on this thing that does enough management of network interfaces to get the thing online so it can pull disk images. In the modern corporate environment it'll at least WPA-2/3 type wifi to get an internet connection, and in a lot of places you'll need some sort client that relies on connect then authenticate webauth like workflows. To bring something like that up you need enough brains to detect and configure the display - unless it comes with a known type of display - which for $350 it doesn't, and by the looks of it it supports wireless input devices, so now we're looking at a bluetooth stack too likely as not.
It's all a reasonable amount of things to stash in an initrd type filesystem so it's not like it's going to need a lot of local storage, but it'll need some and it can't be read-only because it'll need to get security patches just like any other initramfs would. The only way around that would be to allow it to PXE boot - which no one in their right mind is ever going to allow over the internet.
I just read the preview link, and it does indicate that for seconds boot up that it must have a resident OS to run Webex or Teams, though the wording
"Windows 365 Link will be simple to manage using Microsoft Intune alongside other PCs, with a small Windows-based OS footprint with minimal applicable configuration policies"
Looks like a cut down version of Windows ?
"The company has full control on who can do what. Which may appeal to many enterprises.”
It’s more likely that Microsoft has full control on who can do what on ‘your’ devices*!
Not too sure that this will appeal to many companies - but you never know!
* for some definitions of ‘your devices’ - hint, they’re not!
It's kind of cheaper and prettier than a 1960s terminal, but the subscription is a killer. Also your average Internet connection might be less secure and reliable than a leased line.
How reliable is MS service compared to time shared services before 1980, or your own kit?
Anyone using this is daft.
1960's terminals were mostly hard copy, big, bulky, and noisy (there were electric motors driving the print mechanism, like the drive motor in an IBM Selectric hard copy terminal that ran all the time it was turned on).
Lear Siegler are credited with the first video terminal in 1972 (although the 3270 terminal from IBM is dated 1971 - both dates from Wikipedia), but they were all very bulky things.
They began to become rather less intrusive on a desk in the mid-'80s when DEC produced the VT220, and other manufacturers such as Wyse started producing rather more sleek devices with the logic provided by microprocessors and ASICs, on a single board that reduced the size of the terminal to not much larger than the size of the tube and the keyboard.
Even the most sleek terminal would dwarf the size of a modern thin-client or NUC, although modern screens have more area, but have considerably less depth.
Hmm. I could not really believe what I wrote above, and Wikipedia itself contains references to the Univac Uniscope and the IBM 2260 (https://en.wikipedia.org/wiki/Computer_terminal), both in 1964, and several other manufacturers appear to have had terminals before LSI.
Don't know what the Lear Siegler claim is all about.
Blooming heck! The IBM 2260 did not have RAM. It used an acoustic delay line to hold the screen buffer!
It doesn't seem that stupid to me. Microsoft already has locked-down OS information from the various Windows kiosk projects. They already have all the peripheral management code as part of Windows, which they're still using on this client. The software work involved in making these is probably pretty small. Meanwhile, the price they're selling this at can manage a huge profit margin and, even if it didn't, it can only (unless you can hack it) be used with a subscription service that really obviously makes them tons of money because virtual desktops are a lot more expensive than the hardware alone would justify.
At worst, they don't sell many of these and have a bunch of them sitting in a warehouse, but they come out about even. At best, they get some free profit. I don't think a tax loss is their plan.
I wonder what's actually in it? ARM? Some wheezy Celeron thing? Surely not a RISC-V. Not that it matters if they're going to be asshats and lock it down. And given it costs more than just buying a computer. But there was some fun in the distant past booting full oses on Wyse X Terminals (which were later repurposed by Wyse to do Remote Desktop Protocol instead, or capable of both.)
An HP thin client, equipped with a PCIe wireless card (salvaged from an EETV set top box) and an SSD, running Devuan, is my primary always-on server. Powerful enough to do most of the background stuff, low powered enough so it barely registers in the energy monitor and completely silent.
The benefit of this over a Raspberry Pi is that it's an x86-64 system with a SATA M.2 slot, so is not running from an SD card or USB attached storage, and was cheaper than an RPi 4 with a storage hat and suitable case, let alone this thing.
The way I see it, this is Microsoft's way of introducing Windows as a Subscription.
Start first with a thin client with a yearly fee. And then the pricing creep will begin. Next, a $10 fee per year to use Windows with a local account at any time -- waived if you subscribe to Office 365. Oh wait, now it is an additional $10 per year for security updates, but if you subscribe to Office 365 that fee is waived. Oh wait, that fee is now it is $30 per year, but if you can still avoid the fee by paying for Office 365. Oh wait, the price for Office 365 just went up by $20. Good news, we've lowered the price of Microsoft 365 back to $99/year, and now it is mandatory to even use Windows at all, what a deal! Don't even bother switching to Linux, the cost to retrain your employees will exceed the cost of Microsoft 365. You were going to license it anyway, so just pay up.
That is the holy grail for Microsoft, making you pay just to use your computer.
There are two problems with this device: Price & Price.
Firstly, the price of the hardware seems high. I wonder if anyone looked over at a RaspberryPi and asked "What are we doing better than the Pi hardware for three times the cost?"
Second, the price of the cloud Windows is eyewatering. Our MS account team suggested it and once we saw the price we ran away. It would be cheaper to buy a new laptop every year than pay for their subscription license.
Some background on a similar use case? I now live in a retirement village and play with Pis for fun, but not profit, and do a couple of pro bono projects. We connect to the internet using fibre with DSL to our homes. Since a recent equipment upgrade are consistently getting speeds of 90+Mbps for downloads and 50+Mbps up.
A while ago the 10 year old Windows 10 HP PCs in our library became very slow and unreliable. I replaced them with 4GB Pi 4Bs running Raspberry Pi OS, Libre Office, Chromium and a few utilities. I noted that the residents used the Pis for light work like general research, webmail, and printing files; but hardly ever used LIbre Office. The system is reset when the user logs out. When the Pi5 came out we thought that we would see about an upgrade.
Our findings, after a bit of research and use testing, were that a simple Pi5 based system worked well. I removed Libre Office and tried a number of systems using 4GB and 8GB Pi5s with different combinations of microSD and SSD cards with typical and heavy web based loads. For typical use 4GB of memory was adequate when running Chromium with 10 open tabs (usually with zero swap and ~1Gb free memory). For heavier use with Chromium and Firefox both running with 10 open tabs and each browser running a Youtube video 8GB performed better, as the extra memory avoided swapping. For this use we found that there was little point in using NVMe SSDs although they performed excellently (I had access to to several from 256GB to 2TB) - They all required fan cooling. The new Raspberry Pi 256 and 512GB cards worked well, but we found little reason to run them with the higher pciex1_gen=3 lane speed. Boot up times were only slightly faster for SSDs at ~13 vs 15 seconds. The time to open Chromium 3 vs 4 seconds. Cases we used were the standard (black) Pi plastic with standard fan or Active Cooler; Argon 40 with standard or NVMe plastic bases; and a couple of passive cooled cases.
I was surprised at how well the FLIRC passive case worked - Yesterday I ran Chromium with 15 open tabs including 2 large spreadsheets and 2 complex word processor documents with the web versions of MS Office, Google Documents, and Apple's iCloud. The temperature went from 43 to 56 C over 2 hours when I opened each document, made small changes and saved them locally or on the web, whilst also running a Youtube video album in the background. Clock speeds went from 1.5GHz (idle) to 2.4GHz flat out with no sign of throttling. In real terms, the performance was not that different from my iMac M3 for web tasks.
Costings: Pi5 4GB US$60; 8GB $80; Pi 256GB SSD $36.25; Raspberry Pi microSD 32/64GB $11/13 (excellent performance so far); Pi plastic case $10; Active cooler $6.45; Pine NVMe HAT $9 (it fits inside the standard case); 27W power supply $13.60; and FLIRC passive case $23.
My recommendations for similar use: Pi 5 4/8GB, 64GB microSD, 27W power supply, and FLIRC case = $110-$130 - Plus keyboard, mouse and screen (we already had those from HP PCs). If I was still in paid employment I would have costed in a few days for software customisation, corporatising/prettifying and testing, etc. So half the cost, lower power bills, and easy management?
I think the point here is that orgs could do everything you've just done themselves, but it would cost them in maintenance & staff time to set everything up. The Microsoft sales pitch here is going to be "we do everything for you so you only need to employ desktop support technicians and M365 admins now" - so no more dealing with corrupt OSes doing odd things, no more users complaining that Outlook won't run because their PSTs are too big, no more endless cycle of patch testing and patches messing up your machines, Microsoft do all of that for you now (including the messing up machines and then the fixing of them).
All you have to do is register the terminals to your Intune account, pay for each user to have an Azure Virtual Desktop (AVD), and set your management policies for everything in M365 and that's it. In theory you could have a consultant do that (hey, Microsoft sell consulting services too!) and you need not employ any IT staff at all.
Yes. One thing that MS seems to have forgotten is that they became important by looking after corporate IT staff. If we accept that one's importance in an organisation is proportional to budget and number of staff, MS Windows/Office tended to need a lot of staff and a big budget. Before I retired, I noticed that MS were effectively abandoning smaller companies. I wrote a SQL Server based shrink-wrap product that we sold to companies in the $2 - 20 million turnover range. The MS Small Business Server was an easy recommendation as we could offer the customer Exchange and File Server for 5-50 users for a small increase in cost compared to a SQL Server box and licences. MS crippled and killed SBS as they drove everything online. This has now spread to larger enterprises.
A very long time ago, I worked on the assumption of needing one support person for 2,000 mainframe users, one person for every 200 mini/unix users and one low level support person for every 10-30 MS-DOS/Windows users. A cynical person might very well think that many senior IT people would prefer a MS environment, but I couldn't possibly comment. I might observe that the typical corporate Windows SOE is so locked down that it resembles a prettier GUI version of the terminals/big box systems that I started with.