Think Thin: Thin Client and Server Based Computing Group Blog

Hi,

There is an interesting blueprint from Sun introducing the Managed Desktop Factory.

Enjoy,
Dirk

The 1st patch for Sun Ray 4 09/07 Kiosk was released. 

Solaris/SPARC 128165
Solaris/x86   128166
Linux         128167

Dirk and his team keep rolling with helpful scripts and components for the Desktop Connector. This time, it is the ability to deploy user-assigned VM's to Sun Ray users without cards.

 http://blogs.sun.com/whitemencantjump/entry/non_card_vdi_for_sun

They have also been working with Provision Netoworks to allow Sun Ray users to request and connect to VM's managed by their broker.

http://blogs.sun.com/whitemencantjump/entry/let_s_talk_about_provision 

Have fun with all the new options. 

The second patch for Sun Ray core services has been released.

127553-02 for Solaris/SPARC

127554-02 for  Solaris/x86

127555-02 for Linux/86

 Changes incorporated include:

6542450 Sun Ray DTU responds to ping even if IP address is incorrect
6554391 DTU IFD handler should use oscompat library functions for portability.
6583348 Sun Ray: Apple Mighty Mouse not functioning properly
6609317 libusb's usb_bulk_read() doesn't return an error when a CCID reader is removed.
6622089 pcscd instance Core dump is seen once on Solaris 10 X86
6623150 TCSETA / TCSETAW / TCSETAF not supported on Sun Ray serial subsystem
6625203 External smartcard reader does not get detected in a hotdesked session
6626955 uttsc exited  with error messages with PCSClite 1.1 _01 after multiple hotdesks
6629028 uttsc exited with error messages and PCSC core dump after rebooting DTU.
6630054 xmgr/dtlogin/notify needs to defend against corrupted dtlogin PID file
6632737 IFD handler RDD low-level I/O should be re-startable after disruption
6636671 If a Sun Ray terminal gets TFTPsrvN (option 66) it should try sunray-config-servers if this fails
6638831 ifd handler should log clear reasons for init failure to syslog
6641754 Sun Ray 2/2FS/270 smart card readers sometimes drop bytes at bauds greater than 9600.
6645003 svcevts.c`svc_finder_add() has bug in sessid keyword
6645009 libusb has problems with release_interface() after detach
6645010 libusb needs to be made session-based hotdesking aware
6655178 Smartcard Philips SmartMX doesn't work anymore in SRSS4.0 
6662969 keyboard hangs on lossy network 

I have updated the Man Page Reference doc to include the Virtual Desktop Connector reference pages.

This is a great command line resource for looking up those obscure options when you are scripting Sun Ray behavior or administration.

 mandoc-4.11.08.pdf

     Hot off the presses is Sun's Virtual Desktop Infrastructure Software 2.0, just released last night. Included is the new Sun Virtual Desktop Connector, acting as a broker between Sun Ray and Secure Global Desktop infrastructure and VMware virtual machines.  This solution provides exceptional flexibility in deploying virtual desktops in an easy, secure manner to both Sun Ray clients as well as a variety of other clients, with a choice of desktop operating systems, including Windows, Solaris and Linux. This would probably be a good time to note our recent announcement of entering an OEM agreement with VMware, making it that much easier for a complete solution from Sun.

     Heck, so many interesting things happening in this space, it's hard to keep track of it all. Wouldn't want to miss our purchase of innotek and their VirtualBox technology, an open source virtualization software technology that allows running virtual machines under a variety of host operating systems to run many different guest OSes, including Solaris, Linux, Windows and OS X. Nor would I want to forget the ongoing work incorporating Xen open source technology into both OpenSolaris, and into xVM Server,  giving you the ability to run guest operating systems with no hypervisor knowledge as usual, and those guest operating systems that are hypervisor aware and can take advantage of performance enhancements through direct hypervisor calls.

Certainly the most feature rich method to deliver VDI is through the use of a "broker" like the Sun Virtual Desktop Connector. This broker is then connected to VMWare Virtual Center and the combination of the two gives the environment all sorts of features like Pooling, VM Lifecycle management, one-to-one mapping, Dynamic Resource Scheduling, and VMotion.

Not all VDI environments need to have all of these features. Maybe the VM's aren't even hosted in VMWare, or maybe they're not even VM's at all as in the case with blade based PC's. Maybe there is no need for Pooling, just a one-to-one relationship. No need to manage the VM's they're already provisioned through another process.

I like to call this the "Point and Shoot" VDI architecture. It should be dead simple and easy to set up. It doesn't matter where the OS images are, just that they exist on the network and that we are going to assign one VM to one user. Here are the steps to do Point and Shoot VDI using Sun Rays.

NOTE: These examples are for SRSS 4.0

Example 1: VM's assigned to a user. The user is identified by their smart card.

vi /etc/opt/SUNWkio/sessions/simple-vdi.conf

KIOSK_SESSION_EXEC=$KIOSK_SESSION_DIR/start-vdi.sh
KIOSK_SESSION_LABEL="Static Assigned VDI"
KIOSK_SESSION_DESCRIPTION="Static VM Assignment"

mkdir /etc/opt/SUNWkio/sessions/simple-vdi

vi /etc/opt/SUNWkio/sessions/simple-vdi/start-vdi.sh

#!/bin/sh
 
# Check for Card or Non-Card session
case $SUN_SUNRAY_TOKEN in
     pseudo.*)
          # Non-Card Session
          zenity --info --text="Please insert your smart card..."
          ;;
     *)
          # Card Session
          # Read Other Info Field
          REG_OTHER=`/opt/SUNWut/sbin/utuser -o | \
               grep $SUN_SUNRAY_TOKEN | awk -F, '{print $5;}'`

          if [ "$REG_OTHER" = "" ]; then
               zenity --error --text="This card has not been assigned a VM"
               exit 1
          else
               # Check for VM Availability
               /usr/sbin/ping $REG_OTHER 2
               if [ "$?" != "0" ]; then
                    zenity --error --text="VM $REG_OTHER is not available for connection."
                    exit 1
               else
                    # Call uttsc Kiosk script with VM name
                    KIOSK_SESSION_DIR=/etc/opt/SUNWkio/sessions/uttsc
                    export KIOSK_SESSION_DIR
                    /etc/opt/SUNWkio/sessions/uttsc/uttsc $REG_OTHER
               fi
          fi
          ;;
esac
#End

chmod 755 /etc/opt/SUNWkio/sessions/simple-vdi/start-vdi.sh

Open SR Admin GUI

Select Advanced->Kiosk

Click Edit

Select Static Assigned VDI from the Session type drop down.

Admin GUI - Tokens Tab

Search for currently used tokens.

You may then pick the token and Edit that token's registration.

You must assign a User Name. (This may be free form "Brad Lackey")

Place the VMs DNS name in the Other Information Field.

Example 2: VM's assigned to a DTU. Identified by MAC Address

1) Setup exactly like Example 1, only with a different start-vdi.sh

vi /etc/opt/SUNWkio/sessions/simple-vdi/start-vdi.sh

#!/bin/sh
if [ `uname` = Linux ] ; then
 theFlag="-P"
fi

theMACAddr=`cd $theFlag $UTDEVROOT ; /bin/pwd | sed 's/.*\(............\)/\1/'`
theVM=`/opt/SUNWut/sbin/utdesktop -o | \
            grep $theMACAddr | \
            /usr/bin/awk -F, '{print $2;}'`

if [ "$theVM" != "" ] ; then
     # Check for VM Availability
     /usr/sbin/ping $theVM 2
     if [ "$?" != "0" ]; then
          zenity --error --text="VM $REG_OTHER is not available for connection."
          exit 1
     fi

     # Call uttsc Kiosk script with VM name
     KIOSK_SESSION_DIR=/etc/opt/SUNWkio/sessions/uttsc
     export KIOSK_SESSION_DIR
     /etc/opt/SUNWkio/sessions/uttsc/uttsc $theVM
else
     zenity --error --text="This Sun Ray has not been assigned a VM."
     exit 1
fi

2) Register Desktop and assign VM name

Admin GUI - Desktops Tab

Search for currently connected Desktops.

You may then pick the Desktop and Edit that it's registration.

Place the VMs DNS name in the Location Field.

A few folks have been trying to get a Kiosk mode browser working. Whether for an actual "Kiosk" or for access to a web based application, this can be rather handy. I thought that I'd post how I've been doing it lately.

A kiosk web browser can also be handy for delivering access to Secure Global Desktop applications from Sun Rays. I have included a few additional steps to make the SGD experience better.

Install firefox in /opt:
----------------------------
Download the latest firefox from
    ftp://ftp.mozilla.org/pub/firefox/releases/2.0.0.12/contrib/solaris_tarball/
Unzip firefox to /opt/firefox

Install and Configure Kiosk extensions:
-----------------------------------------
Download the two kiosk XPI's from
    https://www.mozdevgroup.com/dropbox/jslib/signed/jslib_current_signed.xpi
    http://brooklynmuseum.mozdevgroup.com/install/xpi/signed/bmakiosk_current-ff-generic_signed.xpi

Put them in /opt/firefox/bma
    mkdir /opt/firefox/bma

You will need ssh -X or be on the console to perform the remaining pieces

Register the Components
    /opt/firefox/firefox -install-global-extension /opt/firefox/bma/jslib_current_signed.xpi (If you get an error, try it again.)
    /opt/firefox/firefox -install-global-extension /opt/firefox/bma/bmakiosk_current-ff-generic_signed.xpi

Create a URL whitelist file.. /opt/firefox/whitelist
    allowed[sgdserver.domain.com, ALL];

Start the Kiosk extension admin GUI:
    /opt/firefox/firefox -kiosk admin
    Enter "admin" as the password
    Set the home page
    Tick With Titlebar
    Click the Filters Tab
        Click Enable Filters
        Put /opt/firefox/whitelist in the text box
    Click the Sessions Tab
        un-set the inactive timeout
    Click the Customize Tab
        un-tick tabbed browsing
        un-tick print button, zoom controls, save button, logout button
    Click OK

Set up the Java Plugin
    ln -s /usr/java/jre/plugin/i386/ns7/libjavaplugin_oji.so /opt/firefox/plugins/.

Configure Kiosk Mode:
-------------------------
Create a kiosk application called Secure Global Desktop
    vi /etc/opt/SUNWkio/applicaitons/firefox.conf

KIOSK_APP_EXEC=/opt/firefox/firefox
KIOSK_APP_ARGS="-kiosk"
KIOSK_APP_LABEL="Firefox Kiosk"
KIOSK_APP_ICON=/opt/firefox/icons/mozicon50.xpm
KIOSK_APP_DESCRIPTION="Launch Firefox"

Set up Kiosk mode to launch a JDS 3 session
Add the Firefox application as AUTO start to the JDS 3 session.

SGD Integration:
-----------------------
If you are looking to point the browser at SGD, you will want to also make the following changes.

• Set the home page to your SGD URL (http://sgd.domain.com/sgd/)

• Add this line to your firefox.conf

KIOSK_APP_PROTOTYPE=sgd

• To speed up initialization, remove Java cert approval, and remove SGD connection approval

As root launch tarantella and login. Accept java and tarantella conenction warning.

mkdir /etc/opt/SUNWkio/prototypes/sgd
cp -r ~/.tarantella to /etc/opt/SUNWkio/prototypes/sgd/
mkdir -p /etc/opt/SUNWkio/prototypes/sgd/.java/deployment/security
cp ~/.java/deployment/security/trusted.certs /etc/opt/SUNWkio/prototypes/sgd/.java/deployment/security/