The Proof of concept turned into Production
Yesterday I was at a client site installing Sun Ray's in the store which being trialled as an option to remove the old Wyse Green Screens, as well as these old backend Dell PC's.
So I walked in and due to the very nasty thunderstorm a couple nights ago their old Stallion Terminal Server died and their phones where down, with the only thing up was the Frame Relay network. It would have taken them one week to find a "working" replacement for the Terminal Server, if indeed they could find one. There was also a power outage in the Data Centre the Servers were located at, but because they were in a Data Centre the UPS kept them up until power was returned, that meant the Sun Ray's were able to still run off a battery powered Sun Ray server ;-) You generally don't have a UPS on every desktop in one's organisation. Even if the power did go out on the store, upon power resumption, the Sun Ray's would within seconds take you back to where you were before, no data loss.
So what happened????
I showed up with Sun Ray's in the back of my car. So I went in, removed the Wyse terminals, plugged in the Sun Ray's, plug in their smartcards and within seconds they have their desktop and applications. So the Proof of concept actually turned into a Production install - talk about pressure!!!
The applications are being served up by Secure Global Desktop, located in Sydney Data Centre), mainly Windows published applications running of a Windows 2003 Terminal Server (also in the same Data Centre), but also some Terminal Based applications, which they might expand to assist them to remotely manage their servers. The Sun Ray server is also located in Sydney, has been setup in Controlled Access Mode (CAM).
Funny thing was I just found out that day that my Software Practice colleague was actually setting up Sun Ray's in a different companies store next door, which was actually pretty amazing when you consider the size of Sydney.
So once all was setup (which took me a day to setup SGD and Sun Ray and the Terminal Server), then all we had to do was get the Sun Ray's to a store in Brisbane (1.5 hour flight from Sydney), and also to a store in Sydney, and just plug the Sun Ray's in, and there you have it a completely centralised Desktop environment running completely on Sun Hardware and Software (apart from Windows 2003 the only non-Sun product). It took quicker to setup the servers than to ship the units.
So everything on the main did go smoothly but I encountered a couple of little annoying snags along the way but they were easily resolvable and I found the answers in the SGD and Sun Ray Product documentation on http://docs.sun.com. The first two were part of the initial 1 day setup, the other two where an onsite fix.
First thing first.. when you setup a Windows Terminal Server (whether it be for Citrix, SGD or Terminal Services, first thing is that you need to turn off the Screensaver and automatic screen lock (I think there is a Group Policy to do this), otherwise you will be logged into a published application on a Windows server and you go and leave it idle for 10min, and then come back and Secure Global Desktop will ask you for your Windows password again, because the Windows screenlock is telling it that it needs it.
Next thing, if you setup Secure Global Desktop and your Windows Terminal Server is standalone (ie not part of LDAP or Active Directory or NT Domain) when you setup the server in Object Manager under NT Domain box, put the Workgroup of the Terminal Server. E.g. if the workgroup is MS_HOME then put MS_HOME in the NT Domain box.
Another one is that in Solaris using a Sun Keyboard (i.e. the one with the Sun Keys) I found out that F11 and F12 are actually mapped to the Sun_Stop and Sun_Again Buttons. So F1-F10 are the normal Function keys, but F11-F20 are actually the Sun Keys on the left hand side of a Sun Keyboard (going fro top to bottom). The actual F11 and F12 aren't mapped to anything by default, apparently this is a historical thing. And no Stop-A does nothing on a Sun Ray in case you were curious. F11 and F12 I have found in terminal based applications are always important so it's good to document this somehow.
So how did I fix this.. well from some knowledge of my colleagues, I used xmodmap to map the F11 and F12 keys to the Stop and Again keys using the following commands in my kiosk mode script:
# Change keyboard mapping for F11 and F12 on a Sun Ray /usr/openwin/bin/xmodmap -e 'keycode 75 = 0xffc8' /usr/openwin/bin/xmodmap -e 'keycode 76 = 0xffc9'
Then the next thing wasn't really a problem, just made things neater, was getting rid of the security warnings (for an initial SGD connection). Mainly the Java applet trust dialog box, and the Secure Global Desktop Certificate.
So when one ticks do you trust the application vendor and when you tick the box and select yes, a preference is set in a file located in the .java directory.
For the Secure Global Desktop security warnings you need to install the certificate on the client. So if it's a Fat PC you are connecting from you need to copy the pem (i.e. X509 Certificate) file into the $HOME/.tarantella directory (In Unix and Linux) and in the users Tarantella directory in Windows somewhere in their Application Data directory under Documents and Settings in Windows XP. See the documentation where I got this solution from http://docs.sun.com/source/819-6255/unsup_certs.html and http://docs.sun.com/source/819-6255/prompts_rootcerts.html
So to stop all the "Do you Trust" pop-ups and the SGD Security Warnings that come up when in CAM mode, I did the following:
Created a user called test. Logged into the Sun Ray as test (I chose CDE as the desktop environment as CAM mode is based on CDE). I started up Mozilla, then logged into SGD, ticked all the boxes and said yes to everything, and then logged out and shutdown Mozilla.
In that users home directory, I tarred up the $HOME/.java and $HOME/.tarantella.
Then I created a prototype directory in /var/opt/SUNWut/kiosk/prototypes/CAMmoz which actually gets created when you create a CAM application through the Sun Ray webadmin. I then untarred the previously created tar file into here and I recursivley changed ownwership or .java and .tarantella to user root, group utadmin. So that when the CAM session starts, these directories become copied into the CAM users home directory.
More info goto: http://docs.sun.com/source/819-2384/cam.html
I thought I would blog it as it will probably be a useful jog to my memory when I need it next, and in case someone is struggling with this.
Also I thought I would like to thank Thin Guy because his Blog has been so useful in the past. Hope mine serves some use to people out there, whether they be colleagues from Sun or customers out there.
Cyaz....
Posted at 09:55AM Mar 06, 2007 by sunraybruce in General |