Thursday Jul 24, 2008

A "USB Drive" daemon for Sun Ray sessions - AKA "usbdrived" (V2)

Hopefully you are reading this because you either have a need to better present USB disks via the Sun Ray platform or because you are an "existing customer" of version 1, first blogged here.

After looooong in the making and with careful analysis of requirements and listening to useful feedback from the likes of Brad Lackey, I am pleased to announce that "version 2" of the good old "usbdrived" is finally ready  (well, not really v2,  it has had more iterations than that...)

Features that you will find in this version are:

  1. Multiple mount partitions & drives connected to the same Sun Ray

  2. Mount point "unwriteability" (Yeah!)

  3. Address Gnome/JDS and Windows sessions from the same script, automatically

  4. Polished Disk icons on Gnome/JDS (instead of links)

  5. No stale mount points presented to the end user

  6. Usage documentation provided as text files on the desktop/mountpoint (this can be switched off)

  7. Installer for system-wide or single user with no root permissions

  8. Single point of aggregation for all Windows mounts (Drive "USBDRVS")

Simply download it, and then execute it (chmod +x first) on every Sun Ray server of your FOG, like so:

./usbdrived install

Option 0 will give you generic install instructions... Enjoy!


I get a lot of comments telling me "it doesn't work, can you help me?" - as it turns out usbdrived is actually a pretty simple beast, and if you think it's not working, you may be looking in the wrong place. Start with some of these hints:

  • Can you see usbdrived running in your Solaris session? (ps -ef | grep usbdrived)

  • Can you see a file called "Attaching USB Drives to your Sun Ray README.txt" on your Solaris desktop?

  • Did you install it properly? If so, can you see and what permissions does this have:
    It should be executable by everybody, something like rwxr-xr-x

  • When you plug in a USB drive, does it mount in /tmp/SUNWut/mnt/<username> under Solaris?

  • Under Windows, can you see in  "My Computer" a Network drive (In "Others") called "USBDRVS" and is there a file within that explains usage?

  • Have you hit refresh in file manager when looking at your USBDRVS mount?

  • Most important and useful of all: Do any mounts show up if on a Solaris Sun Ray session you issue:
    /opt/SUNWut/bin/utdiskadm -l

  • With Sun VDI 2.0, make sure that you have properly positioned your arguments in the kiosk call, as "-service hostname" needs to be the last parameter:
    -t 1800 -- -m -b -r disk:USBDRVS=$HOME/USBDRVS -service localhost

  • With Sun VDI 3.0, this works for me:
    -- -m -b -r disk:USBDRVS=$HOME/USBDRVS
    where the actual vda kiosk parameters go to the left of "--"

  • With the Sun Ray Connector for VMware View, this works for me:
    -s viewmanager-server -http -- -m -b -r disk:USBDRVS=$HOME/USBDRVS

  • Unfortunately, NOT ALL USB drives work. Some drives, Solaris refuses to mount (PCFS issues) either because the device is simply not "liked", or because Solaris can't read the file system. Look at "dmesg" for errors.

  • Is your drive FAT16/32 or is it NTFS? The latter does not work, the formatting mut be FAT.

  • Many people have asked me why passing the parameter does not work
    as explained within the script... It appears that people look at the guts of the
    script to understand the instructions and bump into the line that reads
    and assume that that is the literal context. Noooooo! That "\\" is there
    so that when you read the instructions offered via the command line
    option of "usbdrived install" and press "0", the actual HOME directory
    of the user is not displayed...

NOTE OF SUPPORT: This tool is provided as is. It is not supported by Oracle. If you find any issues, please contact me and will try to help!

    Thursday Mar 27, 2008

    Windows VM cannot connect to USB devices on a Keyspan USB Server?

    So you've built yourself a network treat: a Windows XP Pro VM (virtual machine). Now you have a desktop that you can take anywhere with you. Next thing you'll want to do, is get your USB devices back online, except you can't attach them to the VM, because, well, it's a VM after all.

    The best solution so far (I disagree with and have a distaste for USB devices plugged through your client) is still USB over IP. It's good for a number of reasons, such as, a device can be easily shared by a number of users without having to travel with it (think of a scanner) and because you can dettach your session from your client and the device stays connected to your session (think of a USB drive copying a large amount of data).

    That said, because you most likely built your VM from scratch (and not P2V), the Windows installer got really clever: it decided that since your hardware had no USB ports (it's a VM!) you wouldn't need USB support, right? Not anymore, unless you want to throw that Keyspan USB server or Digi AnywhereUSB server into the bin.

    What to do? Quite simple really...

    - Get hold of that Windows media one more time

    - Find in it this file: I386\\usbd.sy_

    - Copy it to your VM as: c:\\windows\\system32\\drivers\\usbd.sys

    - Reboot your VM

    - Enjoy having your devices on the network too.

    Monday Feb 18, 2008

    Reaping (culling) Sun Ray sessions after a disconnect

    Here's a simple way of conserving system resources under Solaris when you have a lot more users than Sun Rays. The idea is that if a user doesn't connect back to his session after a grace period, then his session is destroyed. Just make sure that your users know that their sessions have a limited time span, so they can save their work!

    First, create a script called "reap-session" somewhere in your system, let's say /opt/SUNWut/scripts/reap-session. Make sure that you make it executable for everybody. The script, although very simple, is just there to save me some time :) in coding. It should be something like:

    GRACEPERIOD=7200      #That's two hours.
    sleep $GRACEPERIOD
    pkill Xsun

    That's it for the little script.

    Now, you need to invoke the script in the following manner, for those users whose sessions will be culled within GRACEPERIOD seconds - typically by executing in the .profile of the user:

    /opt/SUNWut/bin/utaction -d /opt/SUNWut/scripts/reap-session -c "pkill reap-session " 1>/dev/null 2>&1 &

    The way it operates is quite simple: as soon as the smartcard is pulled out, the timer is started via the disconnect utaction. If the user plugs his card back into the system before the timer goes off, then the connect utaction kills the timer and forgets the whole thing, to start afresh upon next pull of the card.

    If, however, GRACEPERIOD elapses, then the timer goes off and the script kills the window manager for the user, and of course, with it, the whole session. Next time the user plugs his smartcard, he'll just see the login.


    Friday Dec 07, 2007

    Sydney Business and Travel Academy - A Cool and Heterogenous Sun Ray Setup

    After running a little proof of concept (I spent less than half a day there) at the Sydney Business and Travel Academy (SBTA) I was surprised with the speed at which things moved there to make Sun Ray the desktop platform of choice. That's when it became obvious to me the amount of pain they were going through with their current setup of about 200 PCs and servers running Linux, LTSP and Windows. Enter Sun Ray, and all of a sudden, it's a fresh start for them - three servers for the whole joint, nothing to manage at the desktop nevermore, Windows using the Sun Ray Windows Connector for those who must, and only those who must, and mobility to become a given.

    For students, there's little change, except the open source desktop they use on the new "workstations" is Solaris' JDS with StarOffice. Better yet, the students got locked down to printed smartcards with their student details on them, and access to the system only with a registered smartcard, hard tied to their login (no card sharing!) At the end of their tenure, their card is de-registered to revoke access forever, and so the card just becomes a memento.

    But by far the most interesting thing about their deployment (let's face it, the above functionality is just standard functionality of the Sun Ray framework)  is how they physically locked the Sun Rays down to the desks, using a clever little bracket dreamed by the systems integrator and Sun partner, Noveix, and made by Argent . Check the pictures below for a simple and fantastic way of providing "locked-down" access to a workstation:

    So, in the face of this, I decided to re-acronym SBTA: Special Bracket is Totally Awesome! And, monitors screwed to the desk too. Sweet!

    In closing, this is what the same room looked like before - sorry I can't reproduce the noise!

    Sunday Aug 05, 2007

    USB over IP, a good friend indeed

    As ThinGuy was filming his USB over IP demo (fantastic stuff) in which he used a AnywhereUSB device from Digi, I was unpacking my Keyspan USB server which I had recently seen in action at a customer site. The value of this type of technology became evident straight away, as it extends over the network the capability of connecting most USB devices without a driver (at the device end, that is).

    When does this come in useful? Well, most typically in a VDI world, where your PC is now out of physical reach (forever may I add) and where you are left with the need of connecting USB devices to this non-physical entity of yours.

    While my Keyspan server is only USB 1.1 (the USB 2.0 model couldn't not be found in Australia yet and I'm always a bit concerned about purchasing overseas - when things go wrong, you pay the price in shpping costs) I have to say that so far I'm overjoyed by the possibilites, as well as the features/flexibility of the product. Maybe not much of an example, but after installing the device, I was able to share a USB floppy across a Mac PowerBook (over wireless) and a Windows XP PC with no floppy, as well as a USB Drive. I'll keep testing odds and ends...

    And it is this feature that is appealing - sharing a single USB server and its ports across a number of users using Sun Rays - very flexible and powerful indeed! Now, if only it supported isochronous devices... (these reserve a defined
    amount of bandwidth with guaranteed latency, so you can see where the limitations come from!

    Thursday Jul 19, 2007

    Sun Ray, x4600, VMWare ESX stories from the trenches

    There are stories about trenches - this a big trench! (well, in thin trench sort of way...)

    Friday Jul 13, 2007

    Enabling credentials pass-through to Windows TS running Novell Client

    It is often necessary (and useful) to be able to automate credentials pass-through from Secure Global Desktop and the Sun Ray Windows Connector to a Windows Terminal Server that uses the Novell login "GINA" (Graphical Identification and Authentication).

    Unfortunately, this doesn't work out of the box, unless you follow these instructions:

    1. Upgrade your Novell client to 4.91SP3
    2. Create the following registry entries in HKLM\\Software\\Novell\\Login
      TSClientAutoAdminLogon = 1
      DefaultLocationProfile = <LocationProfile> (Go for "Default")

    Thanks go to Jon Knight for this valuable information - and for putting it all together. I finally got a chance to test all this at a customer site and it worked instantly, and while some of this has been documented for other platforms, I wanted to make a special mention: it actually works flawlessly with both SGD AND the Sun Ray Windows Connector (which of course presents us with different challenges and opportunities!)

    Wednesday Jul 04, 2007

    Playing with the new KIOSK mode in SRS4u2

    I finally upgraded my SPARC box to Solaris 10u3 so I could install SRS4u2... it was up and running in no time and I had a go at the new interface and the new Kiosk mode. The interface is a lot slicker than I expected and some of the annoyances of the original have disappeared with it. 

    And the new Kiosk mode is also slick AND simple. The setup may take a bit of getting used to, but I had a go at setting up a JDS desktop with Firefox and it was  a breeze. Then I thought... let me add my USB drive daemon script to see how it would work, and there was no magic required- I simply added it as a critical application (from a central path) and voila! It all came to life pretty automagically - and the USB drive daemon didn't show up in the applications menu, which makes total sense. Now, if only I could lock Nautilus down...

    Further... there was some great work done in terms of locking the JDS session RIGHT down for the new Kiosk - like application execution restrictions should you happen to wander off into the forbidden woods, which should only happen if you let users do flexible things like run the file manager. Thanks go to Brad Lackey  for telling me that some features can be relaxed by passing "-s" as an option to the JDS kiosk. There's a wealth of info within the Kiosk based directories I just wasn't aware of!

    The other feature that blew me away is that regardless of your specification for Kiosk mode, you can have assigned tokens that will be granted a separate mode to the default. Next on my wish list: multiple Kiosk modes!


    A thin thinker down under


    « July 2016