Friday Jun 20, 2008

Sun Ray 270 with Wireless VPN Access


We were challenged recently to demonstrate the capabilities of our Sun Ray 2 technology with the embedded VPN feature to several customers that required wireless networking.  So here is what was done to showcase this technology.


We had on hand a Sun Ray 270 thin client which had the latest firmware that allows configuration of the integrated VPN.  We employed the help of a LinkSys Wireless-G Access Point  model number WAP54G revision 3.1 with firmware version  V3.04, dated December 27, 2007.  The WAP was configured via the web interface to function as a "access point client" prior to connection to the Sun Ray 270.   By doing so it allows a hard wired Ethernet device to plug in and participate on a wireless network.  To put the WAP in "access point client" mode a MAC address of the remote access point is required.  The LinkSys WAP web interface has the facility to conduct a site survey to determine existing access points and allows for the selection of a remote access point.





Here are the steps taken to get connected.
  • Insure you have a Sun Ray 2 or 270 thin client with the latest firmware with VPN capabilities.
  • Get and configure a wireless access point (WAP) via another computer.
  • Verify connection to the wireless network with that computer. 
  • Connect the WAP to the Sun Ray.
  • Power on the Sun Ray
  • If previously configured to access a VPN you will be prompted for a username and a one time password generated via a secure id device.











  • Your internal login screen will be displayed.
  • If you have deployed smart cards insert it at this point.



  • If a previous session exists you will be displayed a lock screen, Enter your password.
  • The Sun Ray should come to life and your desktop through the VPN should be displayed with the applications you had previously started.




-- Frank




Posted on: Jun 20, 2008

Posted by: FrankWickham

Category: Security

Tags:

Permanent link to this entry | Comments [0]

Thursday May 08, 2008

Sun Ray 270 with VPN Access

 

I just received a brand new Sun Ray 270 thin client.  I have been using one at home since January 2007.   I have had one on my desk since 2000 and have used them in many of the Sun Offices across the US.   The purpose of this new unit is to replace an aging Sun Ray 150 which had been used for years to show off Sun Microsystems thin client technology at various marketing events.   We also use a  Sun Ray 150 in our conference room for customer meetings and product briefings.


One of the new features of the  Sun Ray 270 is the built in VPN capabilities. It is enabled through the latest firmware release.  To deploy a remote Sun Ray used for access into Sun's internal network a CISCO 831 router with VPN access was required.  With the latest firmware the VPN client is now integrated into the Sun Ray platform.  No longer is the costly external CISCO 831 router required.

The unit arrived without the latest firmware so the hunt was on to locate the commands to apply it.   I realized my new unit was down a revision by the absence of the advanced commands such as STOP-S, STOP-M, or ALT-V.  They are the new Sun Ray Hot Keys.

 

Sun Ray 270 Hot Keys 

 STOP-S  Bring you to the configuration menu
 STOP-M  Bring you to the configuration menu
 ALT-V or Control+Pause+V  Displays the firmware version    (CoronaP2. . . . .)
 Control+Pause+C

  Clears all configuration data stored in the DTU. 


I was able to install the firmware via the /opt/SUNWut/lib/utload command.  The Sun Ray Server must be running version 4.0 or greater.  Once the latest firmware was installed the advanced STOP-S keys now work.  I checked the version number of the firmware with the ALT-v keys.  It included the string VPN in the version number so I must have the correct firmware installed.  

Now it's on to configuring the Sun Ray 270 to be a VPN client.  First I checked to see that it would still work as a Sun Ray client before enabling the VPN.   It still worked just fine.   To start the process of VPN configuration the STOP-S keys are depressed.  A configuration menu is displayed.  The main menu consists of the following selections:

  • Servers: To set the names of the Sun Ray Servers (more then one is suggested), firmware download server, and log server. 
  • TCP/IP:  To set IP addressing
  • DNS:  To set the domain name, the name servers, and search path.
  • VPN/IPsec:  To enable the VPN client and identify a VPN gateway.  A group name, group key, username and password
  • Authentication:  To set an authentication type, HTTP or none. 
  • Security: Lets you set a password to secure the firmware configuration.
  • Status: Displays the firmware version number.
  • Advanced Settings (bandwidth, video and save configuration): Bandwidth may be limited if needed.  The "Videoā€¯ feature allows you to force a screen blank if the screenlock isn't doing it properly. You can  store all the configuration in a file and retrieve it via  tftp.  This is a  way to streamline the configuration of many units  at a time.  

I configured it for my specific environment in a mater of minutes.  Inserted my smart card (Sun ID) and entered my password.   Jazz music started to play from KKJZ 88.1 FM of Long Beach, California and my email client with several unread messages appeared.  All of this information can be found in the Sun Ray Server Software Collection located on Sun's Online Documentation site http://docs.sun.com 

Don't overlook the power savings of a Sun Ray 270.  See Clay's World for a recent blog entry on power savings in a lab environment.


--Frank

 

 

 

Posted on: May 08, 2008

Posted by: FrankWickham

Category: Security

Tags:

Permanent link to this entry | Comments [2]

This blog copyright 2009 by FrankWickham