Proponere

SAP in Sun Secure Global Desktop Software

Posted at 04:02PM May 30, 2007 by Chris in Sun  | 

VDI Webinar Replay

The replay of the VDI webinar we did with VMware is now available here:

https://vmwareevents.webex.com/vmwareevents/onstage/g.php?AT=VR&RecordingID=277602335

Enjoy!

Posted at 01:18PM Mar 19, 2007 by Chris in Sun  | 

VDI Webinar

For the folks that attended the desktop virtualization webinar we did yesterday with VMware (and we thank you if you did!), I thought I'd post direct links to some of the things I talked about:

• VMware VDI Page
• Sun Desktop Virtualization Solution - Desktop Virtualization Blueprint
• Sun Virtual Desktop Access Kit for VMware Blueprint
  

As soon as I get the link for the archived webinar I'll post it here as well.

Posted at 02:20PM Mar 14, 2007 by Chris in Sun  | 

Ask Me Anything #4

Posted at 12:28PM Feb 16, 2007 by Chris in Sun  | 

Finger print authentication

Now that we're back to our regular schedule here at Sun, I thought I'd bring up something that people ask about frequently. The question is whether Sun Ray clients can be adapted to use biometrics for authentication, and the answer is yes.

NTT Comware in Japan announced a solution in June of 2006 for doing fingerprint based authentication for Sun Ray clients. I have not used the product, but the press release explains that the kit uses a sweep type sensor (which seem to be all the rage in this space) and an apparently unique frequency analysis algorithm that does not require the storage of complete fingerprint images to reduce data leakage issues.

I don't know if most organizations rely on biometrics alone or if it is generally used as part of a multi-factor authentication scheme (thus increasing the complexity for the user), but I for one would love to login to all of my stuff by simply swiping my finger past a reader - wouldn't you?

Posted at 03:37PM Jan 02, 2007 by Chris in Sun  | 

Accessing an SGD server - Part 2

The integrated client

One of the goals in the design of Sun Secure Global Desktop Software is to make the user experience of running server-based applications as close as possible to that of running local applications. The reasoning behind this is simple: if people don't really know that the application is running from a remote server then they won't need to be retrained. This of course saves time and money, but it also reduces objections that could be raised by folks who are unhappy that the way they used to work has changed. Ideally, if a user primarily runs something like Excel on their machine, moving that application to a Windows Terminal Server and providing access through SGD should change the user experience very little.

One of the most obvious differences when running a server-based applications instead of a local application is how the application itself is launched. In previous versions of SGD, the user had to launch either a web browser or the native client first before they could run their application, adding an extra step over and above what they would expect. Version 4.3 changes that scenario dramatically with the introduction of the integrated client. (In the documentation, the integrated client is simply known as the Secure Global Desktop Client operating in integrated mode, but for brevity I'll just call it the integrated client).

The integrated client in 4.3 allows a user's applications to show up automatically in their Start or Launch menu, allowing for one-click access to remote applications just like you would have for locally installed applications. This means that a user can come to work in the morning, log in to their desktop system (Windows, Solaris, and Linux are all supported) and launch a server-based application directly without manually launching any preliminary software or providing any other login information.

To use the integrated client, the user must login at least once with a web browser in order to set the integrated mode preference. Here is a look at the preference screen:

After that initial login, the user can then launch applications directly from their Start or Launch menu:

I mentioned in the previous entry that the integrated client is really just an extension of the browser-based client, but that could use a bit of explaining. The browser-based connection method uses a hybrid approach where some Java code is used in the browser to update the user interface and some native code is used outside the browser to draw the application windows (this native code is called the "TCC"). When the "Add Applications To Start Menu" preference is checked, the native code simply does a bit more work and the web browser side of things becomes optional. So, we consider the new TCC an extension of the browser-based client because the TCC is now more powerful than it used to be and can be used both with and without a browser.

The really cool thing about this design is that once you've started using the integrated client you are not locked into it at all. If you're on your usual machine then you can launch applications directly from your Start or Launch menu. But if you happen to be in front of a machine that you are unfamiliar with, just launch a Java technology-enabled web browser, enter the URL of the SGD server and your credentials and all of your applications are immediately available via the web browser from that machine, too. When you return to your usual machine, all of your applications are still available from the Start or Launch menu without having to change any preferences.

Posted at 06:38PM Dec 17, 2006 by Chris in Sun  | 

Accessing an SGD server - Part 1

As you may have read in this very blog or on Fat Bloke, Sun Secure Global Desktop 4.3 is now available. One of the most visible and exciting features of the new release is the integrated client. Before we get to what the integrated client does, let's cover the three ways you could connect to an SGD server in version 4.2:

The native client

The native client is a piece of software specific to each supported client platform (e.g., Windows, Solaris, Linux, Mac OS X) that the user manually downloads and installs on their machine. To connect to an SGD server, the user launches the native client, enters the server info (URL, user name, password, etc.) and is presented with the applications that are available to them. The native client is an excellent choice in places where you don't want the overhead associated with running a full web browser or Java runtime environment, but it does not support all of the latest features that the browser-based client (described below) does.

Download a Sun Secure Global Desktop Software native client.

The Java client

In situations where downloading software is prohibited (an airport kiosk, for example), the Java client allows you to connect to an SGD server without having to install anything. Simply enter the URL of an SGD server into your Java technology-enabled web browser and you're there. The Java client lives inside the web browser, so a user session is dependent on the lifespan of the web browser (i.e., you can't quit the web browser once you've launched an application), but it offers run anywhere convenience.

View the SGD demo server with the Java client.
This is an anonymous server, so just click "login" at the user name and password dialog without entering any information to gain access.

The browser-based client

Also known as the hybrid client, this connection method offers the best of both the native client and the Java client and was the preferred method of connecting to an SGD server in version 4.2. With the hybrid client, a user enters the URL of an SGD server (a slightly different URL than the one you would go to for the Java client) and OKs the download of a small piece of native code. Once that code is downloaded and launched, the user can login to the server and their available applications are displayed for them in the web browser. A small Java applet keeps the user's web browser updated as their session progresses (updating the user when an application shuts down, for example). When a user launches an application by clicking its URL, native code takes over and the application is displayed for the user. The native code (called the TCC and visible in the tray if running on a Windows client) is completely independent of the web browser, so closing the web browser does not impact running applications.

View the SGD demo server with the browser-based client.
This is an anonymous server, so just click "login" at the user name and password dialog without entering any information to gain access.

All three of these client architectures are still available for use with 4.3, so you can still use the version you prefer. However, the browser-based client has been extended so it can be used without the browser. Confused? Stay tuned for a discussion of the integrated client in part 2.

Posted at 01:00AM Dec 15, 2006 by Chris in Sun  | 

Losing your data

Privacy Rights Clearinghouse has been keeping track of data breaches since February 2005. With several new incidents this week, they have now reported on more than 100,000,000 exposed records. And they are just one of several sites that keep track of such things, all offering different, but equally jaw-dropping estimates.

Many of these incidents involve laptop computers. I did a Find on the page for "laptop" and stopped counting after about 50 incidents and there were many more reports yet to go. Why are organizations allowing vast amounts of private data to live on laptop computers? In one case, I know of an organization that issued laptops to their finance staff not because those folks needed to work away from their desks (in fact, removing the laptop from their desks was not allowed!), but because of space and heat concerns at the workspaces. I would not surprise me if they weren't the only ones who used this reasoning for issuing laptops to non-mobile workers.

Sun Ray technology and Sun Secure Global Desktop Software can help reduce the danger of data exposure by allowing people to work from all over the place, but keeping the data itself in the data center. In the case of Sun Ray clients, the low cost Sun Ray 2 client consumes just 4 watts of power (about the same as a night light) and has no data RAM or local storage. It's impossible to leave any sensitive data on the device because it's really just a virtual display for a back end server. Unplug it and there is literally nothing on it. You can easily work in different locations by hot desking from a Sun Ray client on your desk to one in a conference room, for example. This is how we work at Sun and and not only does it give you the data security benefits, it lets you carry around less stuff. No more worrying about getting your laptop stolen out of the trunk when you stop for coffee in the morning!

Sun Secure Global Desktop Software can give you similar data security benefits, but with existing client devices. If you have a bunch of Windows or Linux clients already deployed on desktops and they are functioning well, you can just leave them in place but migrate the applications that access critical data to servers in the data center. You could even leverage the local processing power of those clients for email, web browsing, and other non-critical tasks, but centralize the applications that access things like customer records and human resource databases to the server so that data never inadvertently ends up on a hard drive that could be stolen.

Posted at 05:16PM Dec 14, 2006 by Chris in Sun  | 

Ponderthis

I was sorry to read that ponderthis is leaving Sun. I wish him all the best in his new endeavor!

Posted at 08:51PM Dec 13, 2006 by Chris in Sun  | 

Now available: Sun Secure Global Desktop Software 4.3

It's a very exciting day for us because we just released Sun Secure Global Desktop Software 4.3! I'll have lots to say about this release as we go forward, but here are some of the major changes:

• Applications published through SGD can now display in and be launched from the user's Start or Launch menu (no web browser required!)
• Access to Windows XP Pro desktops
• Administrator control over copy and paste
• Client Drive Mapping (CDM) for UNIX and Linux applications servers
• PDF Printing for UNIX and Mac OS X clients
• COM port mapping for Windows application servers
• Better performance, lower bandwidth usage
• Localized user interface for five additional languages
• Many more changes
  

You can read the documentation or go download it right now! If you'd like to try it out immediately in your web browser, visit our demo server.

Posted at 10:58AM Dec 06, 2006 by Chris in Sun  | 

Healthcare and desktop technology

Thin Guy did an excellent post about a month ago on the use of PCs in health care. If you're at all interested in the desktop challenges facing large organizations (of which hospitals are a prime example), have a read through his post. I still don't understand why health care workers wheel around PCs or lug laptops around when they could hot desk from Sun Ray client to Sun Ray client.

It occurred to me I should link to Thin Guy's post (he created it before this blog existed or I would have linked to it in a more timely fashion) when I read this press release about Sun showcasing a group of solutions at the RSNA 2006 conference in Chicago. I wasn't at the show so I can't comment first hand, but it's great to see that Sun Ray technology and Sun Secure Global Desktop Software are getting air time at these events. People are listening to what we've been saying for a while!
 

Posted at 07:10PM Dec 04, 2006 by Chris in Sun  | 

A more virtual world

ITopinions talks about living in an ever more virtual world.

The basic idea is to shift the burden of responsibility of the desktop environment to the IT folks who are trained to manage that stuff. Remember what Uncle Ben said about great power. Should every user need to have the IT chops to defragment their hard drive or cope with a virus? Of course not, but those are the situations people are put in by having to manage a full desktop client to get their work done.

There are several ways to help reduce the IT burden on individual users. Certainly centralized patch and application delivery systems are helpful. But what if you have a heterogeneous set of client devices? Or applications? IT managers have been dealing with this for a long time, but I'm going to let you in on one of their best kept secrets:

Even if you only run Windows in your company, you're dealing with a heterogeneous environment.

Shhh, don't tell anyone.

Many people think heterogeneity is just about mixing different flavors of operating systems (Windows and UNIX, for example), but it's also about mixing different versions of Windows. Can you remember a time in your organization where everybody was on the exact same version of Windows? OK, maybe you can remember a time in early 2003 where every last machine was either upgraded to XP or not used anymore, but what happened when Service Pack 2 came out?

Writing software is hard. I've done it, and I'm sure many of you have, too. If you've written software, you know how challenging it is to get your software to work on a variety of devices, even devices running ostensibly the same operating system. I used to work for a company that did custom software development and sometimes we would do kiosk development. The kiosk projects always had significantly shorter development schedules and were correspondingly less expensive for our customers because we only had to make sure it worked on one specific configuration.

What does this mean? It means there are tremendous benefits in having a known execution environment for software. In larger organizations, it means that a specific operating system on specific hardware can be tested and certified to be stable running an application or to meet specific security criteria. If that application is run directly on the client operating systems it becomes increasingly more difficult to ensure that the underlying OS environment is the same as the testing environment as you scale, even if you start with the same hardware devices. Maybe ten systems isn't impossible (and I think that may already be too much for one person to handle -- I certainly can't keep all the systems in my house exactly synchronized!), but how about 10,000?

Sun can help here in a few ways. In fact, we have a product that directly supports the idea mentioned in the ITopinions entry. We like to call them virtual display clients instead of dumb terminals, but the idea is the same: make the client device as simple as possible and run everything on the server. This gives you a completely secure client device and a known execution environment for your applications. Head on over to the Sun Ray technology page and explore Thin Guy's blog for all sorts of good information.

We have another product called Sun Secure Global Desktop Software that allows you to run applications on servers, but use all different types of client devices. You get the benefits of a known execution environment, but you can use your existing PCs running various versions of Windows, Solaris, Linux, and Mac OS X.

Stay tuned for more info on these cool products.
 

Posted at 01:23PM Dec 02, 2006 by Chris in Sun  | 

A Tale of Three Desktops

It's easy to forget that the desktop we see on our monitors is a metaphor for the real thing -- the wooden, plastic, or metal surface we sit in front of every day with the intention of getting work done. One of the amazing things about your desktop, the real one, is that it doesn't get in your way. Your real desktop merely supports whatever endeavor you're engaged in.

And as if those two definitions of desktop weren't enough, there's yet another thing called a desktop you're undoubtedly familiar with as well. The device sitting on top of (or perhaps under) your desk generating a lot of heat and taking up a lot of space is also called a desktop, if only to differentiate it from a laptop. This desktop stores your files, runs your applications and is almost always an unbelievably complex combination of components inexorably linked to a specific operating system. But, the complexity is completely hidden from the user and it just works, right?

What about when you need a piece of software installed, maybe something like a new accounting package? Does IT have to physically visit you and your machine to install it? Or, have you ever had your machine infected with a virus? If so, you know the feeling of being afraid to turn it on for fear that something cataclysmic might happen. Or, have you ever needed to run a piece of software that wasn't designed for the operating system you have installed on your desktop?

These problems are all too common, and are being taken very seriously today by organizations of all sizes. Real dollars are lost when people are unable to use their computers, even for users that rely on their machines mainly for simple tasks like email. But there is a solution, and all that it requires is a slight shift in focus.

What if your desktop device behaved more like your real desktop and was simply there to support whatever endeavor you were engaged in? What if you weren't concerned about what chip or OS your desktop device was running or how much RAM you have? What if you could bring your desktop with you to any place in the world with an Internet connection without lugging a laptop with you?

These things are all possible today.

It's time to expand the idea of desktop computing to be about more than that thing that sits on your desk or what you see on your monitor. Desktop computing is about providing convenient and secure access to applications and data. It's about giving IT the flexibility to deploy different types of devices for different needs. It's about rolling out the best piece of software for a given task, not the one that's compatible with whatever operating system the audience is using. And mostly, it's about providing reliable tools to help people get work done.

Welcome to my blog. I know I'll learn more from the collective audience here than they ever could from me. And that's the point. Cheers.

-Chris

Posted at 12:38PM Nov 30, 2006 by Chris in Sun  |  Comments[2]