ThinkThin — VDI as a Service
Hi,
There is an interesting blueprint from Sun introducing the Managed Desktop Factory.
Enjoy,
Dirk
Hi,
There is an interesting blueprint from Sun introducing the Managed Desktop Factory.
Enjoy,
Dirk
The 1st patch for Sun Ray 4 09/07 Kiosk was released.
Solaris/SPARC 128165
Solaris/x86 128166
Linux 128167
Dirk and his team keep rolling with helpful scripts and components for the Desktop Connector. This time, it is the ability to deploy user-assigned VM's to Sun Ray users without cards.
http://blogs.sun.com/whitemencantjump/entry/non_card_vdi_for_sun
They have also been working with Provision Netoworks to allow Sun Ray users to request and connect to VM's managed by their broker.
http://blogs.sun.com/whitemencantjump/entry/let_s_talk_about_provision
Have fun with all the new options.
I'll be pulling booth duty (Tues and Weds), giving chalk talks (Tues 2PM in MS IVA Booth) and also a featured speaker in a session with Foundry, Mitel, and Microsoft (Weds 3:15-4 PM Mandalay Bay Room L).
The second patch for Sun Ray core services has been released.
127553-02 for Solaris/SPARC
127554-02 for Solaris/x86
127555-02 for Linux/86
Changes incorporated include:
6542450 Sun Ray DTU responds to ping even if IP address is incorrect 6554391 DTU IFD handler should use oscompat library functions for portability. 6583348 Sun Ray: Apple Mighty Mouse not functioning properly 6609317 libusb's usb_bulk_read() doesn't return an error when a CCID reader is removed. 6622089 pcscd instance Core dump is seen once on Solaris 10 X86 6623150 TCSETA / TCSETAW / TCSETAF not supported on Sun Ray serial subsystem 6625203 External smartcard reader does not get detected in a hotdesked session 6626955 uttsc exited with error messages with PCSClite 1.1 _01 after multiple hotdesks 6629028 uttsc exited with error messages and PCSC core dump after rebooting DTU. 6630054 xmgr/dtlogin/notify needs to defend against corrupted dtlogin PID file 6632737 IFD handler RDD low-level I/O should be re-startable after disruption 6636671 If a Sun Ray terminal gets TFTPsrvN (option 66) it should try sunray-config-servers if this fails 6638831 ifd handler should log clear reasons for init failure to syslog 6641754 Sun Ray 2/2FS/270 smart card readers sometimes drop bytes at bauds greater than 9600. 6645003 svcevts.c`svc_finder_add() has bug in sessid keyword 6645009 libusb has problems with release_interface() after detach 6645010 libusb needs to be made session-based hotdesking aware 6655178 Smartcard Philips SmartMX doesn't work anymore in SRSS4.0
6662969 keyboard hangs on lossy network
I have updated the Man Page Reference doc to include the Virtual Desktop Connector reference pages.
This is a great command line resource for looking up those obscure options when you are scripting Sun Ray behavior or administration.
Earth Hour is going global this year with a whole bunch of cities turning non-essential lights off.
I've got a better idea. Turn off *AND* unplug non-essential computers.
And while you've got them off, replace them with a Sun Ray that uses less power than your PC in powersave mode.
at the moment i am helping to spread the dvds of the t3con2007 by bittorrent. all sessions of the conference are included and released unter a creative commons licence. get your copy today!
over all there are four dvds, you can fetch their torrent files over at andreas wolf’s:
* torrent of dvd1 (4337mb)
* torrent of dvd2 (4350mb)
* torrent of dvd3 (4335mb)
* torrent of dvd4 (4138mb)
the contents of the dvds can be found at ginas blog.
Hot off the presses is Sun's Virtual Desktop Infrastructure Software 2.0, just released last night. Included is the new Sun Virtual Desktop Connector, acting as a broker between Sun Ray and Secure Global Desktop infrastructure and VMware virtual machines. This solution provides exceptional flexibility in deploying virtual desktops in an easy, secure manner to both Sun Ray clients as well as a variety of other clients, with a choice of desktop operating systems, including Windows, Solaris and Linux. This would probably be a good time to note our recent announcement of entering an OEM agreement with VMware, making it that much easier for a complete solution from Sun.
Heck, so many interesting things happening in this space, it's hard to keep track of it all. Wouldn't want to miss our purchase of innotek and their VirtualBox technology, an open source virtualization software technology that allows running virtual machines under a variety of host operating systems to run many different guest OSes, including Solaris, Linux, Windows and OS X. Nor would I want to forget the ongoing work incorporating Xen open source technology into both OpenSolaris, and into xVM Server, giving you the ability to run guest operating systems with no hypervisor knowledge as usual, and those guest operating systems that are hypervisor aware and can take advantage of performance enhancements through direct hypervisor calls.
Certainly the most feature rich method to deliver VDI is through the use of a "broker" like the Sun Virtual Desktop Connector. This broker is then connected to VMWare Virtual Center and the combination of the two gives the environment all sorts of features like Pooling, VM Lifecycle management, one-to-one mapping, Dynamic Resource Scheduling, and VMotion.
Not all VDI environments need to have all of these features. Maybe the VM's aren't even hosted in VMWare, or maybe they're not even VM's at all as in the case with blade based PC's. Maybe there is no need for Pooling, just a one-to-one relationship. No need to manage the VM's they're already provisioned through another process.
I like to call this the "Point and Shoot" VDI architecture. It should be dead simple and easy to set up. It doesn't matter where the OS images are, just that they exist on the network and that we are going to assign one VM to one user. Here are the steps to do Point and Shoot VDI using Sun Rays.
NOTE: These examples are for SRSS 4.0
Example 1: VM's assigned to a user. The user is identified by their smart card.
1) Create the Kiosk Descriptor2) Create the Session exec scriptvi /etc/opt/SUNWkio/sessions/simple-vdi.conf
KIOSK_SESSION_EXEC=$KIOSK_SESSION_DIR/start-vdi.sh
KIOSK_SESSION_LABEL="Static Assigned VDI"
KIOSK_SESSION_DESCRIPTION="Static VM Assignment"
3) Select Kiosk Mode Configurationmkdir /etc/opt/SUNWkio/sessions/simple-vdi
vi /etc/opt/SUNWkio/sessions/simple-vdi/start-vdi.sh
#!/bin/sh
# Check for Card or Non-Card session
case $SUN_SUNRAY_TOKEN in
pseudo.*)
# Non-Card Session
zenity --info --text="Please insert your smart card..."
;;
*)
# Card Session
# Read Other Info Field
REG_OTHER=`/opt/SUNWut/sbin/utuser -o | \
grep $SUN_SUNRAY_TOKEN | awk -F, '{print $5;}'`
if [ "$REG_OTHER" = "" ]; then
zenity --error --text="This card has not been assigned a VM"
exit 1
else
# Check for VM Availability
/usr/sbin/ping $REG_OTHER 2
if [ "$?" != "0" ]; then
zenity --error --text="VM $REG_OTHER is not available for connection."
exit 1
else
# Call uttsc Kiosk script with VM name
KIOSK_SESSION_DIR=/etc/opt/SUNWkio/sessions/uttsc
export KIOSK_SESSION_DIR
/etc/opt/SUNWkio/sessions/uttsc/uttsc $REG_OTHER
fi
fi
;;
esac
#Endchmod 755 /etc/opt/SUNWkio/sessions/simple-vdi/start-vdi.sh
4) Register Cards and assign VM nameOpen SR Admin GUI
Select Advanced->Kiosk
Click Edit
Select Static Assigned VDI from the Session type drop down.
Admin GUI - Tokens Tab
Search for currently used tokens.
You may then pick the token and Edit that token's registration.
You must assign a User Name. (This may be free form "Brad Lackey")
Place the VMs DNS name in the Other Information Field.
Example 2: VM's assigned to a DTU. Identified by MAC Address
1) Setup exactly like Example 1, only with a different start-vdi.sh
vi /etc/opt/SUNWkio/sessions/simple-vdi/start-vdi.sh
#!/bin/sh
if [ `uname` = Linux ] ; then
theFlag="-P"
fi
theMACAddr=`cd $theFlag $UTDEVROOT ; /bin/pwd | sed 's/.*\(............\)/\1/'`
theVM=`/opt/SUNWut/sbin/utdesktop -o | \
grep $theMACAddr | \
/usr/bin/awk -F, '{print $2;}'`
if [ "$theVM" != "" ] ; then
# Check for VM Availability
/usr/sbin/ping $theVM 2
if [ "$?" != "0" ]; then
zenity --error --text="VM $REG_OTHER is not available for connection."
exit 1
fi
# Call uttsc Kiosk script with VM name
KIOSK_SESSION_DIR=/etc/opt/SUNWkio/sessions/uttsc
export KIOSK_SESSION_DIR
/etc/opt/SUNWkio/sessions/uttsc/uttsc $theVM
else
zenity --error --text="This Sun Ray has not been assigned a VM."
exit 1
fi
2) Register Desktop and assign VM name
Admin GUI - Desktops Tab
Search for currently connected Desktops.
You may then pick the Desktop and Edit that it's registration.
Place the VMs DNS name in the Location Field.
Cool.
Matt works in Sun Fed. Matt works with many three letter agencies. Matt has such high security clearance, the process to get it would probably cause most of us to have a nervous breakdown. What would happen if Matt lost or had his Accutech Gobi8 Sun Ray laptop stolen? Nothing. It's a nice door stop for the person who uses it next.
A few folks have been trying to get a Kiosk mode browser working. Whether for an actual "Kiosk" or for access to a web based application, this can be rather handy. I thought that I'd post how I've been doing it lately.
A kiosk web browser can also be handy for delivering access to Secure Global Desktop applications from Sun Rays. I have included a few additional steps to make the SGD experience better.
Install firefox in /opt:
----------------------------
Download the latest firefox from
ftp://ftp.mozilla.org/pub/firefox/releases/2.0.0.12/contrib/solaris_tarball/
Unzip firefox to /opt/firefox
Install and Configure Kiosk extensions:
-----------------------------------------
Download the two kiosk XPI's from
https://www.mozdevgroup.com/dropbox/jslib/signed/jslib_current_signed.xpi
http://brooklynmuseum.mozdevgroup.com/install/xpi/signed/bmakiosk_current-ff-generic_signed.xpi
Put them in /opt/firefox/bma
mkdir /opt/firefox/bma
You will need ssh -X or be on the console to perform the remaining pieces
Register the Components
/opt/firefox/firefox -install-global-extension /opt/firefox/bma/jslib_current_signed.xpi (If you get an error, try it again.)
/opt/firefox/firefox -install-global-extension /opt/firefox/bma/bmakiosk_current-ff-generic_signed.xpi
Create a URL whitelist file.. /opt/firefox/whitelist
allowed[sgdserver.domain.com, ALL];
Start the Kiosk extension admin GUI:
/opt/firefox/firefox -kiosk admin
Enter "admin" as the password
Set the home page
Tick With Titlebar
Click the Filters Tab
Click Enable Filters
Put /opt/firefox/whitelist in the text box
Click the Sessions Tab
un-set the inactive timeout
Click the Customize Tab
un-tick tabbed browsing
un-tick print button, zoom controls, save button, logout button
Click OK
Set up the Java Plugin
ln -s /usr/java/jre/plugin/i386/ns7/libjavaplugin_oji.so /opt/firefox/plugins/.
Configure Kiosk Mode:
-------------------------
Create a kiosk application called Secure Global Desktop
vi /etc/opt/SUNWkio/applicaitons/firefox.conf
KIOSK_APP_EXEC=/opt/firefox/firefox
KIOSK_APP_ARGS="-kiosk"
KIOSK_APP_LABEL="Firefox Kiosk"
KIOSK_APP_ICON=/opt/firefox/icons/mozicon50.xpm
KIOSK_APP_DESCRIPTION="Launch Firefox"
Set up Kiosk mode to launch a JDS 3 session
Add the Firefox application as AUTO start to the JDS 3 session.
SGD Integration:
-----------------------
If you are looking to point the browser at SGD, you will want to also make the following changes.
KIOSK_APP_PROTOTYPE=sgd
As root launch tarantella and login. Accept java and tarantella conenction warning.
mkdir /etc/opt/SUNWkio/prototypes/sgd
cp -r ~/.tarantella to /etc/opt/SUNWkio/prototypes/sgd/
mkdir -p /etc/opt/SUNWkio/prototypes/sgd/.java/deployment/security
cp ~/.java/deployment/security/trusted.certs /etc/opt/SUNWkio/prototypes/sgd/.java/deployment/security/
as promised i will present a few selected fsf projects during the next days. the first in the list is badvista - it encourages you not to use microsoft vista.

what is it about?
The BadVista campaign is an advocate for the freedom of computer users, opposing adoption of Microsoft Windows Vista and promoting free (as in freedom) software alternatives. Sign the petition at Free Software Free Society and encourage non-governmental organizations you work with or support to join together in rejecting Vista.
why is it so bad? read what’s wrong with microsoft vista.
even tho it’s not related to the free software foundation, i found the article 100 Things People Are Really Saying About Windows Vista very amusing.
finally a new post by me: after upgrading this blog is safe again.
last week i had the pleasure to meet richard stallman in person. ccm, mnemonikk and me joined the passionate crowd in the atrium of the media centre, berlin. stallman, founder of the free software foundation (fsf), held a two-hour excourse on the importance and ethics of free software. it was quite entertaining to listen to this fervid speaker. finally richard sang the free software song. though i thoughti have a quite good understanding of open source, i did not know this one. it was great!
in the next days i will present some campaings by the fsf in detail.
Found some time this week, so here is the next part.
Dirk
Seems that a lot of people are interested in using Web Server Authentication.
A new article that concerns Basic HTTP Authentication and SGD has been posted to the SGD Wiki. Even if Basic HTTP authentication is not what you want, this article illustrates the principles around configuring SGD.
There's also a handy debugging tool (environment.jsp) that you can drop into the SGD webapp directory (/opt/tarantella/webserver/tomcat/*/webapps/sgd) to find out what the web environment looks like.
Another article specifically about Sun Access Manager is also in the works.
-FB
If you ever wanted to understand, how desktop virtualization (VDI) can help you to automate the process of maintaining the desktop lifecycle, you will find some answers here. This is the first blog entry on the topic of desktop lifecycle management in the world of VDI. A few will follow soon.
Dirk
The Sun Ray 2 XL
More pic's from the MPK Mardi Gras Parade courtesy of Ron Shipper from Sun Ray Engineering.