Monday Dec 19, 2005

Sun Ray Smartcard FAQ

I had to put together a little FAQ on Sun Ray smartcards for a customer recently. Since this info doesn't seem to be in one easily accessible place on the web at the moment, I'll post it here.

\* The smartcards that Sun ships are Schlumberger PayFlex smartcards. They are actually now technically "Axalto" Payflex cards since Schlumberger spun off it's smartcard division. That division is now a separate entity called Axalto.

\* A full list of the various cards supported is found in /etc/opt/SUNWut/smartcard.

\* Cards based on ISO-7816-1 are supported. Cards with a T=0 or T=1 communication protocol are supported - you'll need SRSS 3.0 or later to get T=1 support.

\* When buying cards from a vendor other than Sun, nine times out of ten no special 'activation' is required. The Sun Ray simply reads the card's serial number, no special pre-work is needed.

If the card is not instantly usable you will get an icon in your screen with a symbol representing Sun Ray and a card and a green arrow from the card to the Sun Ray.

If you look at auth.log and see that the card has not been recognized you may need to create a smartcard config file in /etc/opt/SUNWut/smartcard and include it in the probeorder.

Vendors who produce Sun Ray compatible cards:


Giesecke & Devrient:

G&D's Card Solutions:,64822&_dad=portal&_schema=PORTAL

SecuNet for consulting and integration of Card solutions :

Oberther Card Systems:

Activcard for the middleware:


Thursday Dec 15, 2005

First Secure Global Desktop orders

The SEE region has had its first orders for Secure Global Desktop. Two countries, two different customers, well over two thousand seats in total. One success will provide full screen Windows to Sun Rays and other clients. The other will provide access to remote Windows apps to Windows PCs. Hopefully we'll have some case studies out soon. Congrats to the Sun and partner teams involved, you know who you are!

Can't launch Object Manager

I've seen a couple of customers testing SGD (Tarantella) have a problem with launching the Object Manager or running the standard preconfigured Linux applications after installation. A quick workaround is to turn off xauth - tarantella config edit --security-xsecurity 0 Turning off xsecurity is only a workaround though. The solution is to configure the SSHD in ipv4-only mode. tells us what to do - "Using SSH and X authorization If SSH connections fail, when X authorization is enabled, you may have to run the SSH daemon in ipv4-only mode because Secure Global Desktop may not support the xsecurity extension used on your server. You enable ipv4-only mode by editing your system SSH configuration file. For example: \* On SUSE Linux, edit the /etc/sysconfig/ssh file and add a SSHD_OPTS="-4" line. \* On Red Hat Enterprise Linux, edit the /etc/sysconfig/sshd file and add a OPTIONS="-4" line. Note If the SSH configuration file does not exist on your system, you can create it. You must restart the SSH daemon after making this change." Thanks to Steve Mellor and Rick Butland for helping me out with this.

Sunday Dec 04, 2005

Cracking Sun Ray and Citrix blog entry

I thoroughly enjoyed ThinGuy's recent article on bandwidth use of Sun Ray and Citrix. Nothing like some real data to clear things up.

Saturday Oct 29, 2005

Getting fat in Santa Clara

The recent Desktop Practice meeting, held at the beginning of October, was excellent. \* The practice is working well together \* The product set is getting even better \* Some real focus on what works and what doesn't is being implemented. This focus is long overdue at Sun for the desktop line, in my opinion. It's also a good example of how assembling product sets into practices seems to be working. The practices are active in the field and are experts on what works and what doesn't. The resulting feedback to those on high is valuable. What amazed me about this particular meeting was the ill-hidden intention of the organisers to send me home sevearl stone heavier. We had muffins, cookies, and other sweet things in the morning, fresh biscuits mid-morning, huge lunches, ice cream in the afternoon, tonnes of sugary drinks - a veritable feast, non-stop, throughout the day. You don't get that in the UK or Dubai office!

Tuesday Oct 25, 2005

Solved! Strange X-terminal Solaris access problem

Last week I was being driven potty by a strange issue with various x-terminals connecting to a server running Solaris 10 for x86. It looked as if certain users were not able to connect and I couldn't work out why. The x-terminal would bring up a connection to dtlogin, but when the user logged in, they'd be thrown out of the x session altogether and back to the x-terminals chooser screen. Some users could log in - others couldn't. There were no meaningful errors in /var/dt/Xerrors and noone else appeared to have suffered anything like this before according to Google. Very frustrating. Here's what was happening - When a newly created user logs into Solaris for the first time, they are presented with a grey box asking them to choose the windowing environment they want. In our case, with a freshly installed Solaris 10 01/05, the options were CDE and JDS. The x-terminals we were using (made by WinBee) didn't like this grey box at all and simply ended the whole connection to the Solaris server. Some users were logging in correctly because we had logged them in on the server console earlier and chosen JDS - their settings were for 'last user session', which meant JDS, so they were logging in correctly. At the time though it looked like the system had some kind of limit set, as only 4 users were able to log in successfully. Logging in as a failsafe session didn't work for the new users who had not been logged in before. By setting the session manually to JDS, the new users were able to log in. I was sweating away looking like a bit of a twit in front of the customer and was pretty relieved when we worked out what the issue was. It's alway the silly little things that drive you crazy!

Tuesday Oct 11, 2005

New Tarantella/Secure Global Desktop users mailing list

Stoyan Angelov hosts the successful Sun Ray users mailing list here - He's kindly agreed to host a smilar list for Tarantella, or Secure Global Desktop as it is now known. You can sign up for the new list here -

Do you need Citrix or is Terminal Server enough?

This article from the esteemed Brian Madden is excellent. A couple of points quite surprised me, I have to say. Well worth a read.

Monday Oct 10, 2005

Citrix Access Essentials tested

I briefly tested out Citrix Access Essentials last week. CAE is a cut down version of Metaframe, licensable for up to 75 users. You install it on one server only and although you can have a cold standby server, load balancing HA solutions aren't included. It comes with all the necessary Windows CALs and TS licenses and costs around $280 list. I'd like to see 75 users run on one dual CPU Windows box, but the number does make sense for a small business, particularly if the licensing is for named and not concurrent users - that's one point I still need to check. I installed CAE on Windows 2003 in a VMWare session and was very impressed. The installation procedue for Metaframe isn't difficult, but there are a lot of screens to go through and you have to have a rough idea of what you are trying to achieve. CAE installed incredibly quickly and I was up and running within 15 minutes max. Impressive. Anyone who has the job of office sys admin dumped on them should be able to get to grips with it quickly. My only complaint would be the large number of windows that end up open when you're doing admin tasks. I'd like to see one unified Citrix gui, as opposed to lots of Windows management windows all over the place. We're looking at promoting CAE with a small Sun Ray set up in some of my countries. It's ideal for SMEs, branch offices, etc. Ask me in 6 months how successful we've been...

Sun Rays save lives

I heard a great story last week about how Sun Ray technology literally saved someone's life. Sun Rays are an excellent fit in hospitals as a clinician's terminal. No need for expensive to maintain PCs or even more expensive to maintain tablet PCs and the like. A zero maintenance terminal just sits there and accesses whatever application you need, securely. No other thin client solution even comes close. One hospital customer of ours has recently replaced their PC network with Sun Rays. Before it was impossible to get all the information needed in a consolidated fashion from one terminal. Doctors were rushing around to different labs and areas of the hospital and never had all the info they needed at their fingertips. One patient's condition began to worsen severely. The normal reaction to this would have been to pump him full of a certain chemical from an IV. Just before the medical team started to do this, the doctor accessed the Sun Ray by the bed to pull up the patient's records. The results from a recent test had just come in and the doctor was able to see them instantly - it turned out the patient was allergic to the drug they were about to administer an extra dose of. Another dose may have killed him. They used something else to stabilise his condition. This is when the usual arguments about total cost of ownership and easy manageability become pretty irrelevant. Needless to say, we have one very happy customer.

Sunday Sep 25, 2005

My favourite Sun Ray customer

I was lucky enough to visit a customer recently who are really using Sun Ray to its fullest potential. What's more they're very happy with it and it's working well - the days of rushing around fixing PCs are long gone for the IT team. They are doing pretty much everything it's possible to do with Sun Ray and are reaping the benefits. We're hoping to do an official write up as soon, but here's an anonymous summary of what they're up to for now. The Sun Ray set up currently runs to several hundred seats, principally used by people in their 'Network Operations Centres'. The NOCs monitor the company network's health, take services calls, etc. Other users access a variety of applications through their Sun Rays. Most users have multiheaded set ups, with 3, 4, or 5 monitors on the desk displaying Solaris, Windows and other flavours of Unix on their desktops. One office even has three Sun Rays working fine at the end of a 128Kbps link, connecting back to a central server. Citrix is used to deliver Windows applications and where required, Tarantella is used to deliver Unix apps to Sun Ray and PC users on the end of thin lines. Some custom code has been written so that users' usb drives are automatically mounted and appear as an icon on users' Windows desktops. Some scripting has also been written to integrate with the internal phone network. When a user inserts a card, their extension is automatically set up so that they can use the phone on the desk they are at without needing to log into it - simply inserting your smartcard into the Sun Ray sorts everything out. What's interesting about the whole project is that it's very much been driven by the IT team 'on the ground' rather than by senior managers, from what I understand. The guys were constantly rushing about managing the 'cheap' PCs they had. This was expensive, time consuming and frankly rather boring. So they looked at alternatives... I'd love to say I had a hand in the project, but the praise goes to the local partner, as well as Sun's local Solutions Architect. I can't wait to be able to have an official case study done, as it should help us replicate the solution elsewhere quite easily.

Tuesday Sep 06, 2005

Choose Tarantella or Citrix?

I had an interesting link in the list of 'referrers' to my blog recently[1]. Someone had come across my illustrious musings after typing 'choose tarantella or citrix' into Google. They would have found some general info here, but nothing that specifically answered their question, so I thought I'd write an entry to give the next Googler some info to help them make their decision. I'll add the phrase 'tarntella vs citrix' as that's probably another phrase that will be typed in. [28/9/06, adding phrases SSGD vs Citrix and Sun Secure Global Desktop vs Citrix, now that Sun's renamed Tarantella.] First off, please understand that if someone buys a Tarantella licence in my region, the revenue counts towards my yearly goal, which is currently made up of all Sun's desktop products, as well as RFID and some other bits and pieces. This means it's thoroughly in my interest to sell Tarantella. It's also in my interest to sell a customer the right solution, even if that means we end up providing 500 Sun Rays using Citrix running on Sun servers, as opposed to 500 Sun Rays using Tarantella on Sun servers. Selling the right solution makes sense for long term customer relationships and good long term relationship means revenue for Sun. That said, come and ask me which you should buy towards the end of Sun's financial and I can't guarantee you'll get a completely unbiased response. After all, I like to get paid as much as the next chap. I won't go into great depth about each product's features as the products' respective web sites do that in detail. I'm assuming that if you're reading this you have a basic idea of a Citrix architecture and a Tarantella architecture. I mention Sun Rays in my example above, but Citrix and Tarantella will work with many different clients. So, Tarantella or Citrix? or Tarantella vs Citrix? Technical reasons Tarantella is an excellent product. I've been singing its praises for over 5 years now. \* If you have a mixed environment where users need to connect to a mix of Unix, Windows and AS400/Mainframe applications either remotely or from your internal network, Tarantella excels. \* If your users only need to connect to Unix either remotely or from your internal network, Tarantella excels. \* If your users only need to connect to AS400 or mainframe based apps either remotely or from your internal network, Tarantella excels. \* If you need to web enable legacy terminal or graphical Windows, Unix or AS400 apps, Tarantella excels. \* If you need to set up remote access to your mixed applications in a very secure way, Tarantella excels. \* If your clients need to do remote printing from any application, Tarantella excels. \* If you only have Windows applications to connect to, either remotely or from clients on the internal WAN or LAN, Tarantella is very good. \* You'll need your IT guys to have some good Windows Terminal Services skills and you'll need your guys to have some basic Unix skills as well in order to maintain the Tarantella servers. I've also worked with Citrix for several years. I have never been as hands on with Citrix as I'd have liked, but I know what it can do and I have seen it do it extremely well. \* If you only want to connect to Windows applications, Citrix excels. \* Your IT team will have to have good knowledge of Citrix and Windows, but Citrix makes it particularly easy to deploy large and commplex Windows-centric server based computing farms. \* Both Citrix and Tarantella work very well with Sun Ray. A proof of concept would demonstrate where each product's strengths lie in your particular environment if you are considering Sun Rays with either product. Business issues \* Tarantella used to suffer from being a relatively small company with weak presence in many countries. That issue has gone completely thanks to Sun's acquisition of the company. Every Sun reseller will be able to sell Tarantella and the technical community behind it is now huge. \* Citrix have a large global presence \* Both Tarantella and Citrix have an excellent list of customer references covering pretty much every industry vertical. \* Many larger customers are already using Citrix. Unless you are desperately unhappy with Citrix it makes sense to build on what you've got. \* If you have chosen Citrix or are already a Citrix user the local Sun office should enthusiastically embrace the opportunity to work with you and Citrix to reduce your desktop TCO further by deploying a Sun Ray desktop architecture. You shouldn't need to worry about the sales reps trying to shoehorn Tarantella in when you're happy with Citrix. \* Who's strongest locally? Any product can get into an endless feature war, but unless you trust the people you're going to be working with, it's much of a muchness. \* Price. Price is negotiable. If you like both products equally, do the maths. Don't just cover your licence costs, look at the total solution, from hardware through to admin and user training. So, which to choose? That's up to you, but the reasonably impartial advice above should be a good starting point. Your local Sun office or Sun partner should be the right place to start. Tarantella is on our price list, but good sales teams will want to sell the right solution and ought to have Citrix knowledge and a good relationship with Citrix or the local Citrix partners. [2] [1] Note correct spelling of referrer. Two Rs please :) [2] In my region our relationship with Citrix varies. It's particularly good in the Middle East and I want it to stay that way. A number of joint customers stand to benefit greatly from working with our companies, providing we co-operate well. The same is true for the countries who aren't particularly close to Citrix and I'd like to see those countries improve the way they work with Citrix and Citrix partners. In many cases we have a Sun partner who's also a Citrix partner. This can work very well with partners such as Unit in Slovakia who are very solutions focused and can sell Sun, Citrix or whatever they feel best suits what the customer needs. If I had a Unit working in each of SEE's 98 countries I could probably retire in a couple of years. Other joint Sun and Citrix partners often have totally separate divisions. This means that on paper they look like ideal partners for Sun desktop activities. Unfortunately it's often the case the Sun department is divorced from the Citrix department, who typically also sell rival thin client solutions to Sun Ray. For various reasons it's hard to get the two groups to work together, but hopefully the walls will start to come down.

Accessing Windows applications from Solaris

I often get asked by customers how to access Windows applications from Solaris. Many customers have a training lab or department that uses Solaris workstations or Sun Rays and those users need to be able to access Office or other Windows only applications. There are various ways to approach this - a SunPCi card can be an excellent solution for users who need both a Solaris workstation and a full blown PC, for example. Some people using Solaris for x86 have had success with Wine. For most users however, the best route is to run their applications on a Windows server and access them in a thin client style. For customers with a large number of users who are primarily accessing Windows applications and using Solaris for the odd task, Tarantella or Citrix are the best option. Tarantella and Citrix are the 'premium' approach, however. They have a tonne of cool features, but they cost money and require admins to have product specific skills. Many customers' needs are met by setting up a Windows Terminal Services server on which to run their application and using a Windows Terminal Services client on Solaris to access those centrally hosted applications. There are two Windows Terminal Services clients for Solaris. \* rdesktop. rdesktop is Open Source. Sun provide a Sparc binary for it here. Don't worry about the fact that it is part of a Sun Ray companion CD, it'll work with a Solaris workstation. An alternative way to get hold of rdesktop for Sparc or x86, or indeed any OSS software compiled for Solaris, is to use the Blastwave site. tsclient, also on the CD, is a nice graphical front end to rdesktop. \* ThinSoft's WinConnect S. WinConnect S is a commercial product. Once you have set up your Windows Terminal Server and installed WinConnect S or rdesktop, you should be able to connect easily and run a Windows screen. You can either run your Windows session in a Solaris windows, or have your Windows session take over your Solaris desktop and run in full screen mode. The latter option is particularly good when using Sun's Controlled Access Mode. CAM allows you to run your Sun Rays in a 'kiosk' style. It starts an anonymous Solaris session and automatically launches an application of your choice. If you set that application to be rdesktop, you can present your users with what appears to be a 'normal' Windows PC. They never see a Solaris login or need to be terrified by CDE of Gnome - as far as they are concerned, they are using a very small, silent and heat free PC. rdesktop can be used to map local drives to the Windows Terminal Services server. You can also use rdesktop to print to locally attached printers, as desribed in this blog entry. You'll have to check the ThinSoft site for the latest on WinConnect's capabilities. It is fully supported by ThinSoft and they have a Linux version available as well. rdesktop works with Solaris on Sparc and x86, as well as Linux. Sun do not support rdesktop, but it's used by many Sun customers, as well as thousands of Linux users on a daily basis, the world over. rdesktop uses device based Windows Terminal Services licensing. A useful article on the ins and outs of Terminal Services licensing can be found here. rdesktop cannot make use of more advanced Windows Terminal Services load balancing features which require the Windows TS Session Directory feature. It seems to work fine with simple Windows Network Load Balancing. WinConnect S is available only for Solaris on Sparc. You'll find a document here that you can use to set up Sun Ray, rdesktop and Windows Terminal Services quickly. If you're using a Solaris workstation, just ignore the Sun Ray part. This document describes how to set things up quickly with Citrix. I must write one for Tarantella! So, if you've got some Solaris workstations or some Sun Rays with Solaris (or Linux), give rdesktop or WinConnect S a whirl. I would like to see Sun create their own Terminal Services client for Solaris... We'll have to wait and see what happens. For now, the solutions mentioned above are more than adequate for many smaller sites.

Monday Aug 29, 2005

Sun Hungary are the desktop kings

If we can replicate Sun's Hungary office across the rest of my region, desktop sales for SEE would be in excellent shape. They're not in bad shape at the moment of course, but there's always room for improvement. These guys are the most advanced country in terms of 'getting it' when it comes to Sun Ray. The sales guys and their support teams understand where Sun Ray fits and where it doesn't. Where it doesn't is usually the most important place to start. They have some good existing references to build on, a recently hired sales head who'll be partly paid on desktop successes and an excellent solutions architect who knows the technical side of things inside out. (That's Janos, whose blog is linked off my 'blogroll'). Most desktop sales are heavily reliant on partners. The local partner manager is putting a system into place which provides excellent incentives to partners to sell Sun Ray and Tarantella. Hmm. Nothing seems to be missing really. Looks like I won't be visiting again for a while! It seems like things are in place for a good year. I'm counting on you, guys...

Sunday Aug 14, 2005

Conference Call Eitquette

Conference calls are a necessary evil at Sun. I don't think anyone really likes hosting them or sitting in on them, but it's often the only practical way to update people or discuss issues with a geographically disparate team. I usually come off badly in terms of timing - Dubai is 11 or 12 hours ahead of California, depending on the time of year. This means I usually have the option of getting up for a call at 5 in the morning, or dialling in during the evening at around 7 or 8. This means that if I do have to be on a call, I want it to be worth it. Fortunately the desktop team conf calls are usually straight to the point and are 'well chaired'... For what it's worth, here's my conference call code of conduct. In no particular order, the rules that I try to follow and which I think everyone else should. Some of them are obvious, but that doesn't mean people follow them. If you do follow them I promise conf call nirvana for you and your colleagues. Conference Call Eitquette \* Mute your phone if you're not the one doing most of the speaking. I have no desire to listen to your breathing whilst I get a Tarantella business update, or hear your dog barking during a description of the features of SRSS 3.1, however thrilled Fido might be at the fact we will be supporting Solaris 10 x86 with the next release. \* Keep to the matter in hand. If the point of the call is to discuss Point A, let's discuss Point A and deal with minor details pertaining to a two seat deal in Country X later on. That way Chris can get the salient points, hang up and and go and have his dinner. \* If you dial in late, don't bellow 'HELLO' down the phone and interrupt the call. 'Hello, hello, is everyone there?'. Yes we are here, now please shut up so we don't have to be here any longer than necessary. \* Speak slowly and clearly. I'm bad at this one - I get excited and start rabbiting. This is all the more important when most of the callers don't have English as a first language. People at Sun generally speak excellent English, but using the phone makes understanding a lot harder. Personally I often find that Americans mumble down the phone and even I find it hard to understand them, let alone someone who isn't a native speaker. Or maybe I'm just going deaf. I speak ok German and worse French and would find the equivalent of our conf calls in those languages tough going. \* Be on time for the call. If the call starts at 9, dial in at 8.58, not 9.04. All the beeping you hear when people dial in late makes the call sound like an episode of The Osbournes. If you can make it for 9.04, why can't you make it for 8.58? Some people would be late for their own funerals. \* When asking a question, say the name of the person you're addressing it to. What usually happens is someone asks a vague question and 50 people start answering at once. What works is 'let's introduce ourselves, starting with the SEE region'. What doesn't work is 'Hi everyone, are you all there?' \* Have a 'chairperson'. The chairperson's job is to keep the call relevant and on schedule, even if he or she is not the one doing most of the talking. Rule the call with an iron fist. \* Avoid using speaker phones. If possible, use the handset as it cuts out external noise and increases the volume of your voice. \* Make it clear you've finished what you have to say. End your sentence/question/statement with 'over to you, Dave', or 'that's all from my side' - something to make it clear you've finished. Half the time on calls seems to be spent with people waiting for other people to speak, so you have a minute of silence before everyone starts talking at once. \* Timezones - they exist. It might be convenient for you to have your conf call just after you've got into the office at 9, had a coffee, done some email and chatted to your colleagues, but if hosting the call at 11 means someone's dialling in from their mobile during the beginning of their weekend, wife or husband glaring at them, you're doing something wrong. \* Summarise the key points of the call for those who couldn't attend. Granted, the danger of doing this is that everyone will stop dialling in altogether, thinking they can just get the summary after it's happened, but if people don't see the value of what's being discussed, your audience will inevitably slowly start to slip away over time and eventually you'll be talking to yourself. Over to you, Dave.



« June 2016