After reading ThinGuy’s Blog: Are PC’s Killing Health Care? I can’t agree more… It got me to thinking when I was in the emergency room of a local hospital last summer. (Long story, but spent a while there) Anyways, while I was there (I have not been to the ER in ages and the last time I was everything was still done on paper), they popped down a little thing on the wall and he behind it was a “Windows Thin client”. The nurse did nothing but b@#*h about how slow it was. I watched and it looked to be running a Wyse Client and using Windows from some place that was not local. I got to thinking about how a Sun Ray environment would work in this hospital. Here are some ideas I thought of while laying in that short bed (I am over 6′5″) for 5 hours.

  1. Instead of having the paper charts, when you arrive, your are “assigned” a smart card and all your information follows you on that card no matter where you go (AKA HCHD, Hospital Chart Hot Desking). For example I had to end up going to X-Ray, and the X-Ray tech did not have the complete orders and started taking Chest X-Ray’s instead of X-Ray’s of my knee. (Later found out that they wanted both, but the doctor forgot to put the knee one on the order sheet, if he had seen my chart he would have known that the original reason I was there was for knee problems).
  2. The monitoring devices in the room (BP/Heart Rate/oxygen/etc) could be attached to the Sun Ray and therefore your info logged and displayed on the Sun Ray at a click of the button.
  3. Each patient could be given their own card for surfing the web, etc.. (if they are ambulatory enough to do this)
  4. By using the smart card to keep track of your stats, there is no paper to accidentally get “lost” or stolen (helps with HIPPA).
  5. Be a lot faster than the current Wyse Terminals they were using as they would not have to wait for it to boot.
  6. Security, there isn’t a day go by that I don’t read about some one losing some one else’s information. I.E. VA Hospital, (which uses some Sun Rays in areas around where I am), This would eliminate all of these loses, if everyone was forced to use it.
  7. All Labs/X-Rays posted directly to the persons “card”

Granted some of the above would be a feat to pull off, but it can be done.

I think that using Sun Ray’s is the coolest thing, especially now that I have it set up for all the people in my group to pull their card out of their Office Sun Ray and plug it in to their Home Sun Ray and everything is still there. (If I can just get the performance problems worked out it would be really killer, but something about the combination of Solaris 10, Sun Ray 4 is causing me some slowness, and I am not sure where it is exactly. )

Now if more people realize the benefits of using Sun Ray’s over other “Chubby Clients” Sun Ray’s would take over the world.

Posted by unixwiz, filed under Interesting, Security, Sun, Sun Ray, Sun Ray @Home. Date: November 6, 2006, 10:42 pm | No Comments »

I received a “big” envelope in the mail the other day, it was from Axel. (No Justin, not Axel Rose ;-) but the company Axel www.axel.com). In it they were talking about their new Ultra-Think Client techonology which is now available. What is interesting is their little info sheet that accompanied it. What follows is a copy of what they had on the sheet:

ULTRA-THIN CLIENT TECHNOLOGY is now available!!!

AXEL Inc has developed a unique technical approach, geared toward providing the following benefits:

  • Optimized Electronics
  • No Opertaing System
  • No Local Administration necessary
  • Embedded native client for RDP and ICA
  • Emulation for 5250, 3270, UNIX
  • Multiple Independent Sessions
  • 100% Virus immunity

…Regardless of the size of your organization, type of host, servers, or application if reliability, security and cost of ownership are your primary concerns, the ultra-thin client technology is the right answer.

Consider the following: (applicable to PC’s and OS-based thin clients)
Anti virus license - Cost per PC or PC based thin client - $30.00 / year -
Usual warranty coverage for PC’s - 3 years
Up to 70% of standard PC’s (and thin clients based on this architecture) resources are dedicated to the operating system
Extensive usage of network bandwidth capacity.
Up grade license required for various application sold - per PC or user.
Multiple support sources needed from various vendors depending on the nature of the problem

And then consider, with Axel’s Ultra Thin-Client Technology…

No need for Anti-Virus license
5 years warranty
Resources fully dedicated to applications
Low Bandwidth usage thanks to smart display management
Upgrades unnecessary
Support from one source

Now I have never used one of the Axel Terminal’s, but I have used nearly every type of Sun Ray from Sun Microsystems. What I find funny about this ad is that what they are talking about is nothing new. Sun has been doing it for years. What is intresting is that it says there is no operating system in the thin client. But if it supports all those emulations it must have some sort of OS in them wouldn’t it? I like how it says that it supports “Multiple Independent Sessions”, but from looking at the specs it doesn’t look like it supports the hot desking like the Sun Ray’s do. I really like Sun’s hot desking feature when I can go between my house, office and off-site data center and still have access to the same desktop in all three places. My sessions also stays where it was when the network goes out (like tonight for some reason we were having hit and miss getting to the sun ray server at the office, but our sessions were always in the state that they were when the network went out.

Doing a quick search on google it also looks like the price of these terminals may be more than Sun’s Sun Ray thin clients. Sorry Axel, nice flyer, but I will stick with Sun Ray’s.

Posted by unixwiz, filed under Sun Ray, Sun Ray @Home, Thin Clients. Date: August 3, 2006, 9:52 pm | No Comments »

This part will cover how I accomplished getting a Sun Ray to run at home over a DSL and Cable modem. This is using SRSS 3.1. (Part 2 which I will do later is for SRSS 2.0 and 3.0) This is a quick and dirty howto, and assumes that you already have SRSS 3.1 up and running on your local network and have some understanding of DNS, ipfilter, cisco access lists, (or equivelent)

Here is a quick overview

  1. Make sure specific ports are open to the server
  2. Turn on LAN connections
  3. Make sure the Sun Ray has the latest firmware for SRSS 3.1 that is available
  4. Add DNS entries
  5. Configure Home network
  6. Enjoy Sun Ray from Home

More Detailed Instructions

Configure Network to allow Specific ports to Sun Ray Server

These are the rules I used on my Cisco router (10.10.10.101 is the Public IP address of the server, just changed to hide it’s real ip) :

access-list 16 permit tcp any host 10.10.10.101 eq 7007
access-list 16 permit tcp any host 10.10.10.101 eq 7008
access-list 16 permit tcp any host 10.10.10.101 eq 7009
access-list 16 permit udp any host 10.10.10.101 eq 7009
access-list 16 permit tcp any host 10.10.10.101 eq 7010
access-list 16 permit tcp any host 10.10.10.101 eq 7011
access-list 16 permit tcp any host 10.10.10.101 eq 7012
access-list 16 permit tcp any host 10.10.10.101 eq 7013
access-list 16 permit udp any host 10.10.10.101 eq 7013
access-list 16 permit udp any host 10.10.10.101 range 40000 42000
access-list 16 permit tcp any host 10.10.10.101 eq 80

Now that I have these ACL’s setup, ANY machine/Sun Ray on the Internet can get to the Sun Ray server. So to fix this I did the following:

Setup a Web server that runs on the Sun Ray server (or some place else if you wish). The purpose of this web server is to allow your users to “register” their Sun Ray to use the server. When I say “register” what I mean is this:

  1. By default I have IPFilter configured (the machine is running Solaris 10) to deny all incoming traffic except for port 80
  2. The User then must go to the web server and log in with their username and password and on the web page it will ask them if their IP is correct, if it is not then they can update it. Once they update it a cron job runs in the background that creates new IPFilter rules and reloads the ipfilter firewall.
  3. User can then power on their Sun Ray, they will then get the Secured Login where they have to have either a registered Java Card, or they can register their Java Card if they have a valid username and password on the box.
  4. User should now be able to log in

The reason I did it this way was I did not want any one in the world to be able to configure their Sun Ray to see my Sun Ray server. This way I am only allowing “known” people to get to it.

The way I store the IP’s is in a mysql db on the SunRay server. To reload the firewall I run this script as a cronjob that runs every minute:

#!/bin/ksh
#purpose is to reload the ipfilter firewall rules for when a new sunray needs access to the server
#Runs every minute from a cron job
rm -f /root/ipf.conf.tmp
/usr/local/bin/php /root/exportipf > /root/ipf.conf.tmp

FILESIZE="`wc -l /root/ipf.conf.tmp |awk ‘{print $1}’`"
if [[ ${FILESIZE} -gt 0 ]]; then
        rm -f /etc/ipf/ipf.conf
        cat /etc/ipf/ipf.conf.head > /etc/ipf/ipf.conf
        cat /root/ipf.conf.tmp >> /etc/ipf/ipf.conf
        ipf -Fa -f /etc/ipf/ipf.conf
        rm -f /root/ipf.conf.tmp
fi

The contents of the ipf.conf.head file look like this:

block in log on ge0 all
pass out quick on ge0 all keep state
pass in quick on ge0 proto tcp from any to any port = 80 flags S keep state

The exportipf file is a php script that looks like this:

< ?
mysql_connect("localhost","root");
mysql_select_db("sunray");
$result=mysql_query("select count(*) as count from homeusers where active=’N'");
$num=mysql_result($result,0,"count");
if ($num > 0) {
        //New IP address has shown up, create new set of rules
        $result=mysql_query("select ipaddress,who from homeusers order by ipaddress");
        $num=mysql_num_rows($result);
        $i=0;
        while ($i < $num) {
                $ipaddress[$i]=mysql_result($result,$i,"ipaddress");
                $who[$i]=mysql_result($result,$i,"who");
                echo "#$who[$i]\n";
                echo "pass in quick on ge0 proto tcp from $ipaddress[$i]/32 to any port = 7007 flags S keep state\n";
                echo "pass in quick on ge0 proto tcp from $ipaddress[$i]/32 to any port = 7008 flags S keep state\n";
                echo "pass in quick on ge0 proto tcp from $ipaddress[$i]/32 to any port = 7009 flags S keep state\n";
                echo "pass in quick on ge0 proto udp from $ipaddress[$i]/32 to any port = 7009 flags S keep state\n";
                echo "pass in quick on ge0 proto tcp from $ipaddress[$i]/32 to any port = 7010 flags S keep state\n";
                echo "pass in quick on ge0 proto tcp from $ipaddress[$i]/32 to any port = 7011 flags S keep state\n";
                echo "pass in quick on ge0 proto tcp from $ipaddress[$i]/32 to any port = 7012 flags S keep state\n";
                echo "pass in quick on ge0 proto tcp from $ipaddress[$i]/32 to any port = 7013 flags S keep state\n";
                echo "pass in quick on ge0 proto udp from $ipaddress[$i]/32 to any port = 7013 flags S keep state\n";
                echo "pass in quick on ge0 proto udp from $ipaddress[$i]/32 to any port 40000 >< 42000 flags S keep state\n";
                echo "\n\n";
                mysql_query("update homeusers set active=’Y’ where ipaddress=’$ipaddress[$i]‘");
                $i++;
        }
}
?>

Now that the ports are “open”, we need to make sure the Sun Ray’s can connect, to do this we need to turn on Lan connections:

/opt/SUNWut/sbin/utadm -L on

Now, add the following entries in to your DNS for the domain you want the Sun Ray’s to query:

sunray-config-servers   IN      A       10.10.10.101
sunray-servers            IN      A       10.10.10.101

So we would now have FQDN of sunray-config-servers.someplace.net and sunray-servers.someplace.net.

Now it is time to take the Sun Ray home and configure your home network. I am going to assume that you have some sort of “firewall/router” device, such as a Linksys Broadband router, etc.. The key thing you need to do is configure the DNS Domain that is handed to your DHCP clients to be the same as what you made your DNS host entries as. So in our case, I would configure the DNS domain to be someplace.net. Now you should be able to boot your Sun Ray and get a “login screen” or some other response codes from the server. I have noticed that some time’s the Sun Ray will stay on a 26B, if this happens, you can insert your Java Card, and a login screen should come up. I have not quite figured out what causes it.

Hopefully this will help those running SRSS 3.1.. I will put the instructions for version 2 and 3.0 up later, as they are extremely more involved and requires more hardware to do. But since 3.1 is now “free” everyone should be using it, or moving to it soon!

Some Notes about using a Sun Ray at home:

  1. USB Thumbdrives/cdroms/harddrives do not work if you are behind a NAT device
  2. Depending on your connection speed, you may want to disable all background images, and any “fancy” items such as anti-aliased fonts, shadows, network connection app, etc
  3. Streaming Audio will start out a little shaky, but “will” work if nothing else is happening. (This is based on trying it with a cable modem and dsl modem
  4. I have not tried to upgrade the firmware remotely on the Sun Ray’s, currently I have just have the users bring it back in to the office to have the firmware upgraded

Technorati Tags: , ,

Posted by unixwiz, filed under Sun Ray, Sun Ray @Home. Date: March 22, 2006, 10:30 pm | 1 Comment »