unixwiz

I finally got time again to start playing with Sun Ray 5 Early Access software. Now my current setup probably should not be used for any type of test more than simple single/dual user testing. But I did not want to test the software on the current working server. So I decided to install it in a VMWare image on my Mac Pro. The Mac Pro is more than suited to handle it and had plenty of free memory/processor/storage to use so there was no contention (I gave the VM 4 processors and 8 gig of ram)..

The kicker was getting VMWare Fusion to actually allocate the network cards the way I needed them. I gave the VM 2 nics (the Mac Pro has 2), however the only options that VMWare Fusion let you do is NAT, Host-Only, and Bridged. None of which will work if I want a private network for the Sun Ray’s. To fix this you will need to go and edit some files that VMWare Fusion uses. What I had to do was the following:

1. Open up the Terminal app
2. Edit the file /Library/Application Support/VMware Fusion/boot.sh

3. Comment out the following line:

And then add 2 lines directly below that line, which tells vmware to bind the en0 physical device to the vmnet0 virtual device, same for en1 to vmnet2. Note you can not use vmnet1 or vmnet8 as those are for NAT and Host-only connections.

Once done, do the following:

Now go in to your Mac System Preferences and configure the second network card for a private subnet (i.e. 192.168.128.0/24, and set the IP to be something like 192.168.128.254).

Now make sure that your VM is NOT started and is in a powered off state. Go in to the VM and under the settings for that VM add another network adapter, make sure it is selected as “Connected” it doesn’t matter what the device is configured to as we will change it later to an option that is not shown in that list.

Now you need to change the .VMX file so that it can use the new network device. So go in to the directory where you have your VM’s at and then cd in to the machine.vmwarevm directory (For example mine is called SolarisDev.vmwarevm)

Once in there you will need to edit the vmx file, mine is called SolarisDev.vmx. The first thing we are going to change is the ethernet0.connectionType property. Right now it could be any of the ones listed (host-only,bridged, nat). But we are going to change this to “custom”:

Next find the entry for ethernet0.vnet, if it doesn’t exist create it and make it look like the line below. If it does exist and doesn’t match that below, make it match that:

Now we need to do the same for the ethernet1 entries. The only difference to what is above is vmnet0 changes to vmnet2. Once the changes are made you can save the file and start up your Solaris VM. Now what ever network is on your en0 connection on your Mac should be what is connected to the e1000g0 network on the Solaris side. I used the e1000g0 as the “public” side of the Sun Ray server. The e1000g1 interface will be what ever is connected on the en1 connection on the Mac side. I used this adapter for the private Sun Ray Lan.

You should be able to finish following the instructions on the Sun Ray wiki now and get everything configured.

To test the soft client, I set up LAN Connections on the Sun Ray Server:

I then installed the soft client in another VM on the same machine that only had access to the public network. You then can tell the soft client what the IP of the Sun Ray server is and it will connect. Pretty darn cool that the soft client works with minimal config.

This can probably be done on a MacBook Pro as well, if you use the wireless connection as the public side and the wired as the private side. Nice way to do a little demo in one computer.

For reference here is what my network section of the .vmx file looks like :

References:
Sun Ray Software 4.2 Wiki: http://wikis.sun.com/display/SRSS4dot2/Home

Apple, MacOSX, Solaris, Sun, Sun Ray, Sun Ray @Home Fusion, MacOS, MacPro, Solaris, Sun Ray, Sun Ray 5 Early Access, Sun Ray @Home, VMWare

After reading ThinGuy’s Blog: Are PC’s Killing Health Care? I can’t agree more… It got me to thinking when I was in the emergency room of a local hospital last summer. (Long story, but spent a while there) Anyways, while I was there (I have not been to the ER in ages and the last time I was everything was still done on paper), they popped down a little thing on the wall and he behind it was a “Windows Thin client”. The nurse did nothing but b@#*h about how slow it was. I watched and it looked to be running a Wyse Client and using Windows from some place that was not local. I got to thinking about how a Sun Ray environment would work in this hospital. Here are some ideas I thought of while laying in that short bed (I am over 6’5″) for 5 hours.

1. Instead of having the paper charts, when you arrive, your are “assigned” a smart card and all your information follows you on that card no matter where you go (AKA HCHD, Hospital Chart Hot Desking). For example I had to end up going to X-Ray, and the X-Ray tech did not have the complete orders and started taking Chest X-Ray’s instead of X-Ray’s of my knee. (Later found out that they wanted both, but the doctor forgot to put the knee one on the order sheet, if he had seen my chart he would have known that the original reason I was there was for knee problems).
2. The monitoring devices in the room (BP/Heart Rate/oxygen/etc) could be attached to the Sun Ray and therefore your info logged and displayed on the Sun Ray at a click of the button.
3. Each patient could be given their own card for surfing the web, etc.. (if they are ambulatory enough to do this)
4. By using the smart card to keep track of your stats, there is no paper to accidentally get “lost” or stolen (helps with HIPPA).
5. Be a lot faster than the current Wyse Terminals they were using as they would not have to wait for it to boot.
6. Security, there isn’t a day go by that I don’t read about some one losing some one else’s information. I.E. VA Hospital, (which uses some Sun Rays in areas around where I am), This would eliminate all of these loses, if everyone was forced to use it.
7. All Labs/X-Rays posted directly to the persons “card”

Granted some of the above would be a feat to pull off, but it can be done.

I think that using Sun Ray’s is the coolest thing, especially now that I have it set up for all the people in my group to pull their card out of their Office Sun Ray and plug it in to their Home Sun Ray and everything is still there. (If I can just get the performance problems worked out it would be really killer, but something about the combination of Solaris 10, Sun Ray 4 is causing me some slowness, and I am not sure where it is exactly. )

Now if more people realize the benefits of using Sun Ray’s over other “Chubby Clients” Sun Ray’s would take over the world.

Interesting, Security, Sun, Sun Ray, Sun Ray @Home Interesting, Security, Sun, Sun Ray, Sun Ray @Home

I received a “big” envelope in the mail the other day, it was from Axel. (No Justin, not Axel Rose but the company Axel www.axel.com). In it they were talking about their new Ultra-Think Client techonology which is now available. What is interesting is their little info sheet that accompanied it. What follows is a copy of what they had on the sheet:

ULTRA-THIN CLIENT TECHNOLOGY is now available!!!

AXEL Inc has developed a unique technical approach, geared toward providing the following benefits:

• Optimized Electronics
• No Opertaing System
• No Local Administration necessary
• Embedded native client for RDP and ICA
• Emulation for 5250, 3270, UNIX
• Multiple Independent Sessions
• 100% Virus immunity

…Regardless of the size of your organization, type of host, servers, or application if reliability, security and cost of ownership are your primary concerns, the ultra-thin client technology is the right answer.

Consider the following: (applicable to PC’s and OS-based thin clients)
Anti virus license – Cost per PC or PC based thin client – $30.00 / year -
Usual warranty coverage for PC’s – 3 years
Up to 70% of standard PC’s (and thin clients based on this architecture) resources are dedicated to the operating system
Extensive usage of network bandwidth capacity.
Up grade license required for various application sold – per PC or user.
Multiple support sources needed from various vendors depending on the nature of the problem

And then consider, with Axel’s Ultra Thin-Client Technology…

No need for Anti-Virus license
5 years warranty
Resources fully dedicated to applications
Low Bandwidth usage thanks to smart display management
Upgrades unnecessary
Support from one source

Now I have never used one of the Axel Terminal’s, but I have used nearly every type of Sun Ray from Sun Microsystems. What I find funny about this ad is that what they are talking about is nothing new. Sun has been doing it for years. What is intresting is that it says there is no operating system in the thin client. But if it supports all those emulations it must have some sort of OS in them wouldn’t it? I like how it says that it supports “Multiple Independent Sessions”, but from looking at the specs it doesn’t look like it supports the hot desking like the Sun Ray’s do. I really like Sun’s hot desking feature when I can go between my house, office and off-site data center and still have access to the same desktop in all three places. My sessions also stays where it was when the network goes out (like tonight for some reason we were having hit and miss getting to the sun ray server at the office, but our sessions were always in the state that they were when the network went out.

Doing a quick search on google it also looks like the price of these terminals may be more than Sun’s Sun Ray thin clients. Sorry Axel, nice flyer, but I will stick with Sun Ray’s.

Sun Ray, Sun Ray @Home, Thin Clients Sun Ray, Sun Ray @Home, Thin Clients

This part will cover how I accomplished getting a Sun Ray to run at home over a DSL and Cable modem. This is using SRSS 3.1. (Part 2 which I will do later is for SRSS 2.0 and 3.0) This is a quick and dirty howto, and assumes that you already have SRSS 3.1 up and running on your local network and have some understanding of DNS, ipfilter, cisco access lists, (or equivelent)

Here is a quick overview

1. Make sure specific ports are open to the server
2. Turn on LAN connections
3. Make sure the Sun Ray has the latest firmware for SRSS 3.1 that is available
4. Add DNS entries
5. Configure Home network
6. Enjoy Sun Ray from Home

More Detailed Instructions

Configure Network to allow Specific ports to Sun Ray Server

These are the rules I used on my Cisco router (10.10.10.101 is the Public IP address of the server, just changed to hide it’s real ip) :

Now that I have these ACL’s setup, ANY machine/Sun Ray on the Internet can get to the Sun Ray server. So to fix this I did the following:

Setup a Web server that runs on the Sun Ray server (or some place else if you wish). The purpose of this web server is to allow your users to “register” their Sun Ray to use the server. When I say “register” what I mean is this:

1. By default I have IPFilter configured (the machine is running Solaris 10) to deny all incoming traffic except for port 80
2. The User then must go to the web server and log in with their username and password and on the web page it will ask them if their IP is correct, if it is not then they can update it. Once they update it a cron job runs in the background that creates new IPFilter rules and reloads the ipfilter firewall.
3. User can then power on their Sun Ray, they will then get the Secured Login where they have to have either a registered Java Card, or they can register their Java Card if they have a valid username and password on the box.
4. User should now be able to log in

The reason I did it this way was I did not want any one in the world to be able to configure their Sun Ray to see my Sun Ray server. This way I am only allowing “known” people to get to it.

The way I store the IP’s is in a mysql db on the SunRay server. To reload the firewall I run this script as a cronjob that runs every minute:

The contents of the ipf.conf.head file look like this:

The exportipf file is a php script that looks like this:

Now that the ports are “open”, we need to make sure the Sun Ray’s can connect, to do this we need to turn on Lan connections:

Now, add the following entries in to your DNS for the domain you want the Sun Ray’s to query:

So we would now have FQDN of sunray-config-servers.someplace.net and sunray-servers.someplace.net.

Now it is time to take the Sun Ray home and configure your home network. I am going to assume that you have some sort of “firewall/router” device, such as a Linksys Broadband router, etc.. The key thing you need to do is configure the DNS Domain that is handed to your DHCP clients to be the same as what you made your DNS host entries as. So in our case, I would configure the DNS domain to be someplace.net. Now you should be able to boot your Sun Ray and get a “login screen” or some other response codes from the server. I have noticed that some time’s the Sun Ray will stay on a 26B, if this happens, you can insert your Java Card, and a login screen should come up. I have not quite figured out what causes it.

Hopefully this will help those running SRSS 3.1.. I will put the instructions for version 2 and 3.0 up later, as they are extremely more involved and requires more hardware to do. But since 3.1 is now “free” everyone should be using it, or moving to it soon!

Some Notes about using a Sun Ray at home:

1. USB Thumbdrives/cdroms/harddrives do not work if you are behind a NAT device
2. Depending on your connection speed, you may want to disable all background images, and any “fancy” items such as anti-aliased fonts, shadows, network connection app, etc
3. Streaming Audio will start out a little shaky, but “will” work if nothing else is happening. (This is based on trying it with a cable modem and dsl modem
4. I have not tried to upgrade the firmware remotely on the Sun Ray’s, currently I have just have the users bring it back in to the office to have the firmware upgraded

Technorati Tags: Sun Ray @Home, Sun Ray, Wan Ray

Sun Ray, Sun Ray @Home Sun Ray, Sun Ray @Home