Proponere
To put forth an idea, theory, or point of view to be considered by others.
New Patch for Sun VDI Software
The Sun Virtual Desktop Connector component of Sun VDI Software has been updated to patch 3. Dirk gives some detail on the changes (including support for VMware ESX 3i!) and lists the patch numbers. However, it looks to me like SunSolve is being a bit picky, so I wanted to give you direct URLs:
For Solaris on SPARC:
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127559-03-1
For Solaris on x86:
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127560-03-1
For Linux:
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127561-03-1
For the Windows vda-agent and vda-tools:
http://sunsolve.sun.com/search/document.do?assetkey=1-21-138482-03-1
Posted at 01:24PM Jan 21, 2009 by Chris in Ask Me Anything |
Ask Me Anything #3
I want to make sure my users are logging into Sun Secure Global Desktop Software securely and I've heard about a separate security pack. Do I need to install this to enable security with SGD?
Thanks,
A reader
Both a little architecture and a little history are necessary to answer this question. First, have a look at this diagram:
It's a zoomed in view of the first two tiers of last week's diagram, but turned on its side. The client tier is the machine that the user is sitting in front of and the access tier is the machine (or machines) in the data center that are acting as the Secure Global Desktop server array.
You'll notice that there are two lines connecting the two tiers, one labeled "HTTP" and the other labeled "AIP". This is because accessing an application with SGD is really made up of two very separate steps:
- User tells server who they are and server responds with a list of applications available to them.
- User requests an application and server starts the application and displays it on user's system.
These two functions are handled by the two different data connections. There is more detail here, for sure, but that's the basic gist.
For the first step, the user needs to know where an SGD server "lives" in order to access it. For example, our live demo server can be reached at https://sgddemo.sun.com. Using just a web browser, the user can login to the server at that address and be given a list of applications they can run. Out of the box, that connection is a standard HTTP connection, but with just a few steps it can be modified so that the secure HTTPS protocol is used instead. This is the preferred way to access an SGD server and should be considered mandatory for most deployments.
Once a user clicks the link of an application, we're on to step two and a separate connection is established to service the user's request. But this time it's not using HTTP or HTTPS, it's using our own AIP (Adaptive Internet Protocol) protocol. This is where a lot of the value in SGD is because we can do some clever things in AIP to ensure a good application experience on all kinds of different devices and with varying amounts of available bandwidth. However, simply enabling security on the web browser does not secure this separate AIP connection.
To solve this problem, a security pack was created that sets everything up properly so both types of connections (the web connection that is normally over HTTP and the AIP connection) can be secured. In earlier versions of the product this security pack was a separate installation, but as of version 4.3 it is now included as part of the base installation. And this ability to secure the client/server connections in SGD is not licensed separately, it is included when standard licenses are purchased.
Here are some links to more in-depth information:
- Sun Secure Global Desktop Software Security Considerations white paper
- SGD 4.3 Docs: Enabling security for application sessions
- SGD 4.3 Docs: Sharing that same certificate setup with the web server to secure the web connection
- SGD 4.3 Docs: Installing X.509 certificates
And remember, send your questions in to askchrisanything at Google's mail service. By default, I'm assuming each question is anonymous, but if you'd like your name displayed please let me know!
Posted at 07:38AM Feb 09, 2007 by Chris in Ask Me Anything |
Ask Me Anything #2
I often hear this term "3-tier architecture" in reference to Sun Secure Global Desktop Software. What does it mean, exactly?
Thanks,
A reader
Depending on the context, a 3-tier architecture can refer to a number of things. In the case of Sun Secure Global Desktop Software, it refers to how physical machines (or virtual machines) are connected in the software architecture. The Sun Ray architecture is a bit different, so we'll focus on SGD for the moment and address Sun Ray later.
The purpose of SGD is to allow people using all kinds of client devices to access applications executing on other machines.
The emboldened parts of the above statement give us a hint about two of the three tiers in the SGD architecture. The client tier is made up of the device you're actually using. This is your Windows PC, Solaris workstation, Mac OS X machine, etc. The application that you're accessing through SGD is actually running on a machine in a data center and those systems make up the application tier. These can be thought of as "application engines" because their sole role is to execute the applications that people use.
The client tier and the application tier make up the first and the third tiers in the SGD architecture. The middle tier is comprised of one or more machines where the Secure Global Desktop server is installed and is called the access tier:
In a 2-tier architecture you would remove the middle layer and place the logic that used to live there directly on the application engine machines in the application tier. This may seem like it reduces complexity, but in practice it actually places a heavier burden on the application engines and makes installation of new application engine systems more involved. A 3-tier architecture, on the other hand, focuses the role of the application engines by placing a server in the middle to handle the access duties. This server can do lots of very cool things like act as a bastion host to help protect the application engines or improve performance by managing load balancing in unique ways (i.e., geographically). There are many more benefits to this architecture as well which I'll cover in future entries.
I downloaded Sun Ray Software 4, but when I looked closely I realized that Sun Ray Server Software is listed as version 3.1. Is there a mistake here?
Thanks,
A reader
No, this is not a mistake. In fact, you'll notice that all of the individual components that make up Sun Ray Software 4 have their own version numbers and none of them are in fact version 4. This was done because significant features were added to the Sun Ray Software package with the addition of the Sun Ray Connector for Windows OS and the Sun Desktop Manager components, but Sun Ray Server Software itself (now just one component of many) was not changed enough to warrant a bump in major version numbers. So as to not confuse existing customers, the individual components kept their own lineage of version numbers and the combined package of software was named version 4.
If it helps, you could look at it this way:
Sun Ray Server Software 3.1
+
Sun Ray Windows Connector 1.1
+
Sun Ray Desktop Manager 1.0
=
Sun Ray Software 4
That's it for this week. If you have any questions, please send them to askchrisanything ( a t ) the name of google's mail service.
Posted at 06:00AM Feb 02, 2007 by Chris in Ask Me Anything |
Ask Me Anything #1
I'm lucky to be able to frequently talk to customers about our desktop products. These conversations often cover many of the same questions, so I thought I'd address them here in a regular feature called Ask Me Anything. But first, a few ground rules:
- This
is a new feature, so I don't expect to have enough visitors to actually
provide me with a steady flow of questions yet. That's OK, we'll improvise -- I will
start the ball rolling with some made up questions (based on real
conversations, of course) and supplement as necessary.
- You
can ask me anything, but I the questions I answer here will depend on a
couple of factors. The first is general interest -- if the question is
specific to one installation and won't generally be useful to other
folks then the forums (Sun Secure Global Desktop Software forum, Sun Ray Software forum) are probably the best place
to ask. But if the question is interesting to the general public
then it will be good fodder for the blog. The second factor is how
certain I am that I can deliver the correct answer. I don't want to be
spewing out useless info to you folks! If I can answer accurately
myself or get the correct answer from someone who knows then I will.
Otherwise, I'll save the question until I can get an accurate answer.
- Although I will always try my best, there are no guarantees that my answers will be 100% correct. If I discover that a response was flawed, I will do my best to correct it as quickly as possible.
- I've
setup a Gmail address to use for this (that way I can avoid flooding my
Sun mailbox if this gets popular). The address will be highlighted in
each entry but will be in some sort of code to try to fool the spambots. Or
at least slow them down.
- And remember, this is a demonstration, not a competition. Please, no wagering.
OK, let's get started:
Can I connect to a Windows XP Pro desktop with either Sun Secure Global Desktop Software or Sun Ray Software?
Thanks,
A reader
Yes, you can with both.
Previous versions of Sun Secure Global Desktop Software (SGD) were
limited to connecting to Windows Server operating systems, but starting
with version 4.3, you can now specify a Windows XP Pro system as a
server object. This means that you can, for example, allow a user to
access a Windows XP Pro system that is sitting on their desk when they are out of the
office using only a Java technology-enabled web browser.
For Sun Ray Clients, Windows connectivity is handled with the Sun Ray Connector for Windows
which shares many attributes with the Windows connectivity in SGD,
including the ability to connect to Windows XP Pro desktops. A common
use of this capability might be to provide individualized Windows XP
Pro environments for Sun Ray client users by running many copies of
Windows XP Pro in virtualization software like VMware. Each user can
have their own separate Windows XP Pro environment without the overhead
of a full fat client on their desk. You might recognize this as the
VDI, or Virtual Desktop Infrastructure idea. VMware has a good overview of VDI on their site.
What sort of operating system is on the Sun Ray clients? Is it some sort of stripped down Solaris?
Regards,
A reader
No, although you have to be careful to separate the device from the user experience.
One of the benefits of the Sun Ray architecture is that the device itself does almost nothing. This is a big difference versus other thin clients that embed a versions of Windows or Linux on the device itself. In the Sun Ray case, the device only needs to know how to do a few things (negotiate the network, connect to a Sun Ray Server, draw graphics, etc.) and the logic behind all that is contained in a small bit of firmware in the device. No Windows, no Solaris, no Linux, just the bare minimum to get the device on the network and functioning.
But just because there is no significant operating system in the device itself, it doesn't mean that users won't have a full featured graphical OS to use. Once the device is turned on and connected to a server, the user can be given a Solaris, Windows, or Linux desktop environment. From the user's perspective it feels like the operating system is locally on the system itself (except it boots faster than they'd expect), but all of the processing is being done on the server and the Sun Ray client is just the interface mechanism. That means you can do things like yank the power cord out of the back of a Sun Ray client, plug it back in, and continue working right where you left off with no lost data. It's a bit like unplugging your phone -- you won't be able to talk while it's unplugged, but once you plug it back in you're back in business.
That's it for the debut edition of Ask Me Anything. If you have a question please send it to askchrisanything at Google's mail service.
Posted at 03:16PM Jan 26, 2007 by Chris in Ask Me Anything |
Today's Page Hits: 23