Wednesday Apr 17, 2013

Nice uptime for single server Oracle VDI setup!

A lot of people have seen my VDI demos over the course of the last couple of years. And I often refer to the gear running it. It's not major league territory, a humble (and ageing) Sun Ultra 27 with a decent Xeon 3500 series, quad-core/dual-thread, which received a slight non-official upgrade to 24GB RAM to better suit my demo needs.

Anyway,  just to share the marvels of what modern technology is capable of, this little workstation has managed to pull an uptime of a whole year running VDI 3.4 on Solaris 10u9:

vdidc# manageVM printhostinfo

Physical host information:

- Memory available: 3052 MByte
- Memory size: 24558 MByte
- Processor count: 8
- Number of VBOX headless machines running:       11
- Uptime and load info: 8:38pm up 366 day(s), 11 min(s), 17 users, load average: 0.38, 0.38, 0.38

Read on: "Single Server Solution for Oracle VDI"

(I will talk about manageVM in the near future...)

Tuesday Apr 02, 2013

Oracle Desktop Virtualisation Information and Documentation Links

One of the most common requests people like me get is for "information" and "documentation" (and aren't they the same?) - so here goes a list of the most important and regularly referenced ones, kept up to date:


    The above all drill down into important pages, of which the below I refer a lot of people to very often:

    DOWNLOADS IN GENERAL (links above too)

    They are all here:, the "Oracle Software Delivery Cloud ". Just select "Oracle Desktop Virtualization Products" and your product of choice, VDI, SRS or SGD. The Oracle Virtual Desktop Client (OVDC) can also be downloaded from there, just pick a Sun Ray distro to download and you will be presented with the OVDC as a choice too. The OVDC for iPad is available through the Apple App Store.



    We have a dedicated Forum "Virtual Desktop Infrastructure and Sun Ray Clients" - Feel free to join!

    Note: Down under, we "Virtualise the Data Centre". I hear that elsewhere, they "Virtualize the Data Center".

    Thursday Sep 06, 2012

    How to get a Sun Ray to load a firmware from elsewhere

    I run a Sun Ray/VDI demo environment internally within the company - and because it's not a public service, I need to tell my Sun Rays to connect to it directly so that I don't get redirected to the corporate servers. To get any new Sun Ray to connect to *my* setup I usually pull out my laptop so that the Sun Ray can load the new version of the F/W along with the permission to pull up the management GUI via STOP-S.

    But there is a better way if you have another Sun Ray server handy:

    1) allow your Sun Ray to connect to the default corporate server
    2) log in to a "regular" session, that is a Solaris or Linux desktop on the Sun Ray server itself
    3) in a terminal, utswitch to your server (/opt/SUNWut/bin/utswitch -h myserver)
    4) again, login to a regular session there
    5) in a terminal,  issue "/opt/SUNWut/lib/utload -S myserver -w"
    6) Watch your firmware load and wait
    7) the Sun Ray will reboot and connect to the first server again. Repeat steps 2-4
    8) issue "/opt/SUNWut/lib/utload -S myserver -f SunRay.enableGUI"
    9) Press STOP-S and be merry

    NOTE: I'm sure there is even yet a better way - this is totally unsupported, most likely a figment of my imagination. In any case, this post will self-destruct in BOOM.

    Friday Aug 24, 2012

    A Cookbook for SGD 4.7 and VDI 3.4 integration (for single servers)

    I know the docs are there, but sometimes it's easier to keep a copy paste reference!

    1. Find the bundled keytool for use below...
      find /opt/tarantella -name keytool

    2. To export the certificate from the VDI server:
       keytool -exportcert -alias tomcat -storepass changeit -keystore /etc/opt/SUNWvda/webserver/keystore -file /tmp/VDI.cert

    3. Copy the file to your SGD server

    4. Import the certificate into SGD:
      keytool -importcert -alias tomcat -file /tmp/VDI.cert -keystore /opt/tarantella/bin/jre/lib/security/cacerts -storepass changeit

    5. In the SGD BUI, create a "Dynamic Application Server" - call it "VDI Broker" with the following configuration:
      > Virtual Server Broker Class:VDI Broker
      > Virtual Server Broker Parameters: preferredhosts="https://myvdiserver:1802/client"
      NOTE: no FQDN if you are using a self signed certificate

    6. In the SGD BUI Rename "My Desktop" to "My Old Desktop" (it points to Unix and Windows)

    7. In the SGD BUI create a duplicate of the "Windows Desktop" app, and call it "My Desktop"

    8. In the SGD BUI add "VDI Broker" as the app server for "My Desktop"

    9. Configure the client overrides to set the password cache onfiguration to your convenience. I use this:

      /opt/tarantella/bin/tarantella config edit \
      --tarantella-config-applaunch-allowclientoverrides \

    10. If you still have issues, the log file for the broker should be at:


    Saturday Apr 14, 2012

    Autostarting a VirtualBox VM headless in Windows

    Do you have a VM that you want to start when your Windows box boots? Easy...

    Add a .bat file  to your Startup programs at
    C:\Users\MYUSERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    Containing the following call:
    "C:\Program Files\HSTART\hstart64.exe" /NOCONSOLE /SILENT "C:\Program Files\Oracle\VirtualBox\vboxheadless.exe --startvm MYVM"

    If that VM has Secure Global Desktop and it has a published app that points to your PC, well... ;)

    Thursday Feb 23, 2012

    Resizing a mirror with ZFS - a VDI ZFS pool!

    My everyday VDI setup is a single host Solaris 10 server with four disks, two of which are mirrored for VDI use. This ZFS pool, the main storage of my sole deskto provider, which I called "VDI" in a spurt of creativity, started to seriously run out of space when I tried to create a pool of Windows 7 desktops.

    It was time to out to use a stash of 500GB disks that were left over from another system that no longer needed them to replace the existing 250GB ones, in other words, double my capacity. After all, 11 Windows XP desktops, 5 Ubuntu desktops and 3 Windows 7 desktops is not a bad challenge for 250GB, but I needed more! Someone, somewhere told me this could not be done. I had to try it because I had nothing to lose.

    The following snapshot of commands took place after replacing the first disk in the mirror,
    c0t3d0 , which I omitted since it wasn't particularly interesting, after all, replacing a disk in a ZFS mirror is straight forward and adds no capacity to the mirror until the second disk is replaced.

    - Find the disk you're after...
    vdidc# zpool status VDI
      pool: VDI
     state: ONLINE
     scrub: resilver completed after 14h51m with 0 errors on Thu Feb 23 01:58:52 2012

            NAME        STATE     READ WRITE CKSUM
            VDI         ONLINE       0     0     0
              mirror-0  ONLINE       0     0     0
                c0t4d0  ONLINE       0     0     0
                c0t3d0  ONLINE       0     0     0  185G resilvered

    - It looks like it's c0t4d0. Let's make sure.
    vdidc# format
    Searching for disks...done

           0. c0t1d0 <DEFAULT cyl 60798 alt 2 hd 255 sec 63>
           1. c0t2d0 <DEFAULT cyl 60798 alt 2 hd 255 sec 63>
           2. c0t3d0 <ATA-HITACHI HDS7250S-AJ0A-465.76GB>
           3. c0t4d0 <ATA-SEAGATE ST32502N-SU0B-232.88GB>  <--250GB disk.

    - Now we break it from the mirror.
    vdidc# zpool detach VDI c0t4d0
    vdidc# zpool status VDI
      pool: VDI
     state: ONLINE
     scrub: resilver completed after 14h51m with 0 errors on Thu Feb 23 01:58:52 2012

            NAME        STATE     READ WRITE CKSUM
            VDI         ONLINE       0     0     0
            c0t3d0    ONLINE       0     0     0  185G resilvered

    - Physical work: replace the drive itself. No youtube video for this simple task, but unfortunately, Solaris 10 refuses to see the disk automatically.

    vdidc# format
    Searching for disks...done

           0. c0t1d0 <DEFAULT cyl 60798 alt 2 hd 255 sec 63>
           1. c0t2d0 <DEFAULT cyl 60798 alt 2 hd 255 sec 63>
           2. c0t3d0 <ATA-HITACHI HDS7250S-AJ0A-465.76GB>

    - Let's add the disk manually
    vdidc# cfgadm
    Ap_Id                          Type         Receptacle   Occupant     Condition
    sata0/0::dsk/c0t0d0   cd/dvd      connected    configured   ok
    sata0/1::dsk/c0t1d0   disk         connected    configured    ok
    sata0/2::dsk/c0t2d0   disk         connected    configured    ok
    sata0/3::dsk/c0t3d0   disk         connected    configured    ok
    sata0/4                        disk         connected    unconfigured unknown <-- THIS IS IT

    vdidc# cfgadm -c configure sata0/4

    vdidc# cfgadm
    Ap_Id                          Type         Receptacle   Occupant     Condition
    sata0/0::dsk/c0t0d0   cd/dvd     connected    configured   ok
    sata0/1::dsk/c0t1d0   disk         connected    configured   ok
    sata0/2::dsk/c0t2d0   disk         connected    configured   ok
    sata0/3::dsk/c0t3d0   disk         connected    configured   ok
    sata0/4::dsk/c0t4d0   disk         connected    configured   ok <-- DONE

    vdidc# format
    Searching for disks...done

    c0t4d0: configured with capacity of 465.74GB

           0. c0t1d0 <DEFAULT cyl 60798 alt 2 hd 255 sec 63>
           1. c0t2d0 <DEFAULT cyl 60798 alt 2 hd 255 sec 63>
           2. c0t3d0 <ATA-HITACHI HDS7250S-AJ0A-465.76GB>
           3. c0t4d0 <ATA-HITACHIHDS7250S-AJ0A cyl 60799 alt 2 hd 255 sec 63>  <-- CONFIRMED

    - Now that the disk is in the fold it's time to attach it to the pool and get our mirror back!
    vdidc# zpool attach VDI c0t3d0 c0t4d0
    vdidc# zpool status VDI
      pool: VDI
     state: ONLINE
    status: One or more devices is currently being resilvered.  The pool will
            continue to function, possibly in a degraded state.
    action: Wait for the resilver to complete.
     scrub: resilver in progress for 0h0m, 0.02% done, 54h52m to go

            NAME        STATE     READ WRITE CKSUM
            VDI         ONLINE       0     0     0
              mirror-0  ONLINE       0     0     0
                c0t3d0  ONLINE       0     0     0
                c0t4d0  ONLINE       0     0     0  38.8M resilvered

    errors: No known data errors

    - A few hours later, the mirror has been upgraded and resilvered, but is the capacity there yet? No!

    vdidc# zpool list
    VDI         232G   188G  43.7G    81%  ONLINE  -
    rpool       464G   305G   159G    65%  ONLINE  -

    - To fix this was just too easy...
    vdidc# zpool set autoexpand=on VDI
    vdidc# zpool list
    VDI         464G   188G   276G    40%  ONLINE  -
    rpool       464G   305G   159G    65%  ONLINE  -

    That's it, mirrored replaced and upgraded, disk capacity expanded, downtime required: ZERO, no desktops taken offline. But the disks did take a proper hammering during the resilvering stages! Gotta love ZFS.

    Wednesday Feb 16, 2011

    How Virtual is your Desktop?

    Think about it... Public cloud, private cloud, what is your digital workspace made of?
    What is your digital sanctuary? How much of a PC is left in your desktop?
    How close are you to being "PC free"?

    A while ago (18 months?) I started writing a very complex piece of work I never got to publish, where I went through how many computers I have and manage, and in particular, how many "desktops" I use. I never quite finished it, because at the end of the day, I knew that in today's age, computers and desktops are not one and the same anymore and the article got too hard to make sense, let alone be interesting.

    In the meantime, the end-user device market has flourished more than ever before, with particular mention of the iPad and Android tables filling a perceived gap of need (as in, do you \*really\* need one? It's up to you!)

    So the question is all the more relevant these days, where we have so many devices that provide us with access to so much information in so many ways: What is your desktop?

    Which got me thinking: what is my desktop? What is a modern day desktop?
    - My desktop doesn't exist any more - it's a collection of local and "cloud" things
    - That collection of things is my "digital workspace" of sorts, and the line between work and personal has never been so thin, because they can sit close to each other on the same device(s).

    So, what's my digital workspace made of?
    Rummaging through my digital things and my personal style, I managed to list what I really care about when it comes to the ole desktop concept. Note, I am not pointing out what my most used desktop has, I am pointing out what tools I use the most often.

    Let's have a look at WORK first:

    - Web Browser (Firefox mostly, sometimes IE 7)
    - Email (Any, I use Thunderbird)
    - Calendar (Any, I use Lightning)
    - Files (I use OpenOffice, PDF, Images, Text mostly)
    - IM (I use pidgin)
    - My printers are on the network, and the scanners are on the network too, one and the same MFD.
    - My only peripheral is a headset with a microphone and the occasional USB drive
    - A few applications

    And in reality, at work, there is only one mandatory application I need from time to time... Internet Explorer 7, to run a specific corporate web-based application I require that is not open enough (yet). As for files, my team and I exchange mostly OpenOffice and PDF documents, and many image formats - which I can open on any of my computers - Windows, Mac OS X, Linux and Solaris. The rest, I can handle from whatever device, including my iPhone.

    My PERSONAL digital workspace is a bit more demanding (go figure), and I'll drill into specifics:

    - Web Browser (Firefox)
    - Email (GMail, always through IMAP, on Thunderbird)
    - Calendar (Google Calendar, through Caldav/Lightning)
    - Files (served by DropBox)
    - Photos (massive amounts, on a file server) - all jpg
    - Videos (massive amounts, on a file server) - AVI, Quicktime, h.264. mpeg-4
    - My home printer is on the network
    - My scanner is a the end of a USB server, shared over the network across all the machines I own
    - And... I play games too (well, mostly Team Fortress so there's a headset there, but there is a PS3 in the house too.)

    And as it turns out, all but gaming are shared among many computers and devices with multiple operating systems, but yes, the photos and videos are kept on a Mac and we churn too many pictures and videos in the family to put these in the cloud at the speed of production, so there's a need for a computer there. My gaming platform is a Windows PC - with a Sapphire HD5770.

    The SUMMARY of my personal digital workspace is that I keep a whole bunch of pictures and I play games. Everything else is on the Internet. (As a side note, Steam also has a great cloud service for games, which I use, but I have to admit that the Mac experience for gaming isn't quite there yet, but yes, I have been getting my games from the cloud too!)

    So, why am I writing about all this?
    It has become pretty obvious in the modern corporation (and in the personal space), that whether you are a Microsoft shop or not, most of the stuff you already do, like me, is not on your device. The most flexible Windows PC deployments in the corporate world in fact use roaming profiles, so that all that shapes your corporate digital identity is kept elsewhere. As such, any PC that meets the requirements can be populated with your digital profile, and with the only showstopper being the applications, chances are any computer in your corporate LAN will work for you. How good is that? In short, if you've read this far, you will most likely agree that your desktop, is NOT your computer - the NETWORK is. (Ring a bell?)

    Nevertheless, there is still a place we like going back to, that we can call our desktop, particularly if there are apps there that get used often. It is a digital sanctuary where we know we will find most if not all of the things we need, even if something like roaming profiles governs your digital workplace. The problem with this sanctuary is that it is still most likely under your desk. Mine certainly isn't, because it is quite useless when I am not at my desk with it.

    This is where I stop to think about what's keeping the CIOs up at night when it comes to "desktop". A company with 500 desktops may have enough man power and skills to manage the challenge, but is it really done and dusted, or is it temporarily tamed? And are they getting the best bang for their buck, or are they still thinking about a yearly refresh of a third of the fleet, the constant re-provisioning and distribution of this fleet, and at the same time, providing other tools for employees to work away from their desks and even remotely, securely, freely? And are they bound (read "stuck") with the choices made, or can freedom of action be incorporated into their environment with the flick of a switch?

    My job is not a secret, and the fact that I live and die by what I do isn't either. I'm writing this text in a Windows 7 Virtual Machine running inside an Oracle VDI platform, though a modest one - it's all in one box, running alongside a lot of other things, kind of like what's described here, and presented to a Sun Ray 3+ with a nice 24" monitor. This VM has been up for more than a fortnight, and it's as sharp as ever. So you can argue that my corporate desktop is a VDI desktop, running on a PC under my desk, but I can retrieve it from anywhere - and I don't mean from any RDP client or Sun Ray, I mean anywhere including my iPhone or somebody else's web browser. My corporate digital sanctuary comes to whenever I need it, always ready to go. Even my laptop can't do that.

    So what can I not do? From a corporate point of view, everything except use the Cisco Communication S/W, which I haven't figured out how to run on my virtual desktop (and I have never been particular excited or interested by the idea, because I have a phone with me at all times.) I can do all the multimedia that my job requires using the Sun Ray Windows Connector Multimedia Redirection features and I can connect all the USB devices that I require. And I can feed desktops to some of my colleagues that require to run demos from time to time, from the same humble hardware. That PC under my desk is actually doing a whole lot more than most people's as well as giving me a lot of freedom.

    So, public cloud, private cloud, What's your digital workspace made of? What's your digital sanctuary? How much of a PC is left in your desktop? How close are you to being "PC free"? I'm there already.

    Thursday Feb 03, 2011

    Moving/migrating/promoting a local Windows user profile to a Domain profile

    You have installed a fantastic VDI setup on a single server and you are eager to test it.... But boy, all that work of putting together a Domain Controller is just too much - you don't have a Windows 2003/2008 server CD, nor the license, so you take the quick way out, cheat death and install OpenDS using QuickSetup.

    Next, you import that good old Windows 7 VM you have been using on your laptop and enable it through VDI by using a Generic Desktop provider, and of course, as you don't have a Domain Controller, you manually make it work by having the same login and password on the VM and in OpenDS, great too, all works.

    But eventually, you realise that you really want to clone VMs and test fastprep and get other users to test all this, and your OpenDS strategy starts looking not so good so you rack up the nerve to put it all together and install your Domain Controller and move your VDI install away from OpenDS. All good too, except you now find that through the domain, you can no longer login with your old user into your good old Windows 7 VM, because, well, Windows considers the local user and the domain user, different ones. So how do promote that local profile for your user to a Domain profile and live happily ever after?

    I spent a fair bit of time doing research on the web to find the easiest solution, one out of Microsoft, if possible. I got close when I learned about Windows Management Instrumentation - User Profiles provider. But I failed at finding clear instructions for Windows 7, and then, I found MOVEUSER.

    Needless to say, it worked. Thanks Ohio University, thanks Ron Williams!

    Wednesday Dec 22, 2010

    A simple Regional Hotdesking setup (AMGH)

    The simplest AMGH setup will have two Sun Ray servers (or potentially two Sun Ray Failover Groups, aka FOGs).

    In my scenario, there is a "landing" Sun Ray server, which in fact happens to be a OVDI 3.2 host, which is, of course, Solaris x64. This host is used primarily for presenting VDI desktops (Windows and Solaris) from a couple of different pools, and there is an allowance for Solaris desktops on the server itself, only for administration purposes. Let's call this server "OVDI".

    The second server in use for the AMGH group, is an OEL 5.5 host, running Sun Ray Software 5.1 for Linux (but it can be Solaris just as well.) A completely different beast from the above. Let's call this server "OELSR".

    The purpose is to be able to present "Sun Ray" native Solaris, Windows and Linux desktops onto the same Sun Ray(s), which of course makes for a rocking demo.

    Let's start with the work on the first server, the landing server, OVDI:

    1. Create the text file DB for tokens, stock standard so that the exsiting scripts don't need customising:
    touch /opt/SUNWutref/amgh/back_end_db

    2. Add a test token to the above file - if you are reading this blog entry, I'm sure you know how to get one! insert_token is the preferred vehicle as it covers registered token policies.
    insert_token=Payflex.500db85200230100 username=daniel host=OELSR

    3. Enable redirection on OVDI, using the stock standard demo script supplied with the software
    /opt/SUNWut/sbin/utamghadm -s /opt/SUNWutref/amgh/utamghref_allkeys_script

    4. Add other tokens as required. This is a demo after all.

    Believe it or not, that's it for this server.

    Now the second member of the RH group, OELSR:

    For OELSR, The job is actually easier, since no Sun Rays should "land" on it by default, so all we want is to redirect any Sun Ray that lands on it to return to its original server when the token is pulled out of the Sun Ray.

    1. Create a return script file, need to make it executable
    touch /opt/SUNWutref/amgh/utamghref_return
    chmod +x /opt/SUNWutref/amgh/utamghref_return

    2. Edit the file and copy the code below:
    echo "use_firstserver=true"
    exit 0

    3. Enable the above script as the redirection script:
    /opt/SUNWut/sbin/utamghadm -s /opt/SUNWutref/amgh/utamghref_return

    And that's it! Now you have two FOGs and one cool flexible platform.

    This has been useful to me in the past in particular for these scenarios:
    - There is a single strategy for Sun Ray server lookup (say DNS, by using sunray-servers) but multiple separate Sun Ray servers

    - Upgrading customers from an older Sun Ray (or VDI for that matter) platform to a newer one, on different hardware, while keeping a backup strategy in place
    - Sitting at one desk but needing instant access to multiple (very) different desktops on different infrastructure

    Thanks go to Bob Doolittle and his "Getting Started with AMGH" How-to.

    Friday Nov 19, 2010

    Using AD as an LDAP source with SGD 4.6

    SGD 4.6 has streamlined (for the right reasons) the search filter for LDAP repositories. If you leave SGD 4.6 unchanged from the default install and point it to an AD source for authentication but using LDAP, you'll find that AD users can only login with their "First, Last" as the user name.

    This is because the key attribute for AD for what we commonly think of as the user ID is no longer part of the default LDAP search filter, because it's not a LDAP attribute: sAMAccountName.

    To "unstreamline" this, simply execute, as root on your SGD server (stop and start required):

    tarantella config edit \ \

    To check...

    tarantella config list \ 

    PS: I had posted this originally with "&", which has been a recurring email trail mistake. Fixed on 01-Dec-2010 ;)

    Monday Sep 28, 2009

    My Motorola A1000 is finally retired.

    After 4 years, 9 months and 9 days of extremely loyal service, it is time for my Motorola A1000 to enter retirement. It is a shame that Motorola couldn't see that far into the future, the A1000 was back then to me what my iPhone 3GS is now - a marvelous piece of technology well ahead of its time.

    But then, anything is possible. Like for example Ed Zander interviewing Larry Ellison about Sun. Something only an old Sun employee with an old \*Motorola\* A1000 could see through a different light.

    Still, a marvelous piece of technology. 2004-2009 (and it got hammered, didn't it?!)

    5-year old Motorola A1000

    Yes, photo taken with the iPhone, but it's not 3 megapixel - Apple decided that we don't want to email our own photos at the original resolution ;)

    Thursday Apr 16, 2009

    Kiosks and Firefox: Overriding or disabling "Firefox has been updated", making Firefox the default browser, and fix the homepage

    I couldn't pass the opportunity of writing a note to myself on this one.

    Next time you are setting up Kiosk mode with Firefox as an application, here's how to get rid of the annoying behavior of Firefox telling you about the update...

    Just copy/paste this preference:
    user_pref("browser.startup.homepage_override.mstone", "ignore");

    In the most convenient location for you:
    1) prefs.js on your user profile
    2) prefs.js on the global profile (firefox/defaults/profile/prefs.js)
    3) user.js on the global profile (firefox/defaults/profile/user.js)

    And... making Firefox the default browser? Easy...
    user_pref("", false);

    And...another one of my favorites, to fix the homepage, (best to put it in user.js:)
    user_pref("browser.startup.homepage", "");

    or just copy/paste the lot...
    user_pref("browser.startup.homepage_override.mstone", "ignore");
    user_pref("", "false");
    user_pref("browser.startup.homepage", "");

    UPDATE 16-June-2009:
    And yet, sometimes Firefox stills asks if you want it as the default browser?

    Well, don't despair - this one seems to be the ultimate fix:
    - Edit [FIREFOX INSTALL DIR]/defaults/pref/firefox.js
    - Change from true to false

    Friday Feb 06, 2009

    Meta Kiosk: How to run multiple different types of kiosk modes on a Sun Ray Server/FOG

    "One Kiosk to Rule Them All"...

    One of the coolest features of the Sun Ray platform is "Kiosk Mode". Sadly, it typically only gets associated with running a "Library" type locked down session with a web browser, or when a Windows deployment takes advantage of it to deliver Windows based sessions, be it from Terminal Services or VDI.

    It is very common in demo environments and even in many production environments to have the need of presenting multiple different types of Kiosks served from the same infrastructure, which can be easily achieved by associating the token presented to the Sun Ray to the particular context required for the token. For example, you may want a number of users to get a session from a Windows Terminal Server, some others to get a Linux desktop, some users to leverage a VDI desktop, some Sun Rays in public areas to present a controlled desktop with a web browser for leasurely access and a Sun Ray in the foyer permanently running a presentation to a large LCD display. And of course, the administrator may want access to his Windows Vista desktop on a casual basis without having to rely on the Sun VDI broker. All of this from the Sun Ray Server or FOG.

    In my experience, it has been mighty useful to have a fixed framework I can use at PoCs and demos for a variety of things. The piece of work presented here is an aggregation of some of the work that grew from a requirement at a large PoC in South Australia when Sun VDi wasn't around and also from the current demo environment shown to customers at the Sydney Sun Solution Centre.  There is a WOW factor that still grips the imagination of most people when they see the Sun Ray platform in full action. I mean, who's ever seen a handful of different desktops presented on the same screen in less than 10 seconds???

    The purpose of this "Meta Kiosk" (or Kiosk Broker) is to provide multiple kiosk capabilities to the Sun Ray platform, which is typically constrained by the use of a single kiosk mode across the board. One day, Engineering may give me a pull down in the Token Administration GUI for me to choose what the token is supposed to do, but for now, this is the next best thing.

    So, how does this "Meta Kiosk" come together? Meta Kiosk leverages the "Other Info" field of any token (a smartcard ora  pseudo token of a Sun Ray) by letting you specify a string to identify what type of session that token is entitled to, for example UTTSC, JDSKIOSK, VDA, VDANOCARD, VNC, etc. Additionally, you can specify a default kiosk mode for non-registered tokens, by changing  the UNREG_TOKEN_ACTION variable in the script. After the script decides what Kiosk the token is entitled to, it actually instantiates that particular kiosk mode, as if it had been called naturally by the Sun Ray kiosk framework. Should the first string in the "Other Info" field not be recognised, the action indicated by the variable DEFAULT_ACTION will be undertaken (which can also modify. DEFAULT_ACTION for registered tokens in the script is to use VDA, which is convenient as the VDA script also makes use of this field as the placeholder for the poolname the token owner is entitled to from the available SOE pools.

    The only caveat to this is that typically, the arguments passed to the kiosk session are defined in the Sun Ray Admin GUI setup for the system-wide kiosk mode you choose, but since Meta Kiosk calls upon a large number of kiosks itself, this is no longer useful. To work around this, the script assumes that the parameteres you want for a specific kiosk mode are actually contained in the relevant "kiosk.conf file for that particular kiosk, typically found in /etc/opt/SUNWkio/sessions. For example, if I wanted to enable Full Screen to all the uttsc kiosk sessions, I would simply edit /etc/opt/SUNWkio/sessions/uttsc.conf and type something like KIOSK_SESSION_ARGS="-t 1800 -- -m mywindowsterminalserver".

    What options can I enter in the "Other Info" field of a Sun Ray token?
    Below are the different options available "out of the box" with the present release of Meta Kiosk, along with some of the features, that you can specify in the "Other Info" field of your tokens - and don't forget you can add any of your own easily by editing the script at /etc/opt/SUNWkio/sessions/meta-kiosk/meta-kiosk-session (and if you do and you consider it useful, please share it with me!):

    : for the traditional Solaris based locked down Sun Ray kiosk mode
    "Other Info" field specs: JDSKIOSK

    : to make a call upon a specified Windows (or RDP capable) system, whether it is a physical PC, a VM, a WTS or a session directory server or the console of a VirtualBox VM with VRDP...
    "Other Info" field specs: UTTSC [username [target system]]
    UTTSC can leverage the main system name passed in the uttsc.conf file, presented as the last field of KIOSK_SESSION_ARGS. If username is present, then this name will appear in the login box (where possible). If "target system" is specified this field will be stripped from the uttsc.conf definition and replaced by that found at "Other Info". Note that when you configure the uttsc kiosk mode, it is expected that you enter a system name at the end of the string. As such, Meta Kiosk expects this too.

    : In case you need or want to register it. Note that the script will treat this as the default mode for any \*registered\* token anyway.
    "Other Info" field specs: VDA
    the VDA kiosk script will later re-read and interpret this field as a pool name, so typing  any parameters would be useless! If this is used with VDA, then a default pool called VDA can be setup, unless you have already assigned the username a permanent virtual machine.

    : In case you need or want to register an existing token or  pseudo-token to use Dirk Grobler's "Non Card VDI for Sun Ray".
    "Other Info" field specs: VDANOCARD

    : In case you want to use VMware's broker in your environment separately. You will need to download the Sun Ray connector for VMware Virtual Desktop Manager and install it (guess what - it's a kiosk mode too!)
    "Other Info" field specs: VDM

    The next options are not not defined typically as kiosks. Their code is contained within the Meta Kiosk script itself:

    : Experimental at this point, useful mostly for MACs (not that you couldn't use with Solaris/Linux or even Windows), by way of leveraging  a VNC server or similar (the builtin ARD server does NOT work with standard VMC clients)
    "Other Info" field specs: VNC [system-name [password]]
    Both parameters are optional, although you can't specify password if you don't  specify a system name. Password will get written to a file and then the argument  passed through, and although this is not dramatically secure, it allows for a  quick demo of a MAC on a Sun Ray. A good VNC server to use is Vine. You may need to pass the port to the VNC service on the server as part of the system name, e.g. mymac:5901   

    : Let's you run a specified Solaris app, but take heed, there will be no Window manager for it. Otherwise, simply use JDSKIOSK and specify the app there.
    "Other Info" field specs: APPLICATION command-name <parameters>
    For example, you could run a full screen presentation on a dedicated Sun Ray like this, like we do at the foyer of the Sydney Sun Solution Centre:
    APPLICATION /usr/bin/staroffice -invisible - nologo -show /presentations/sunray-presso.od

    UTSWITCH: Need a token to get redirected without AMHG? This is it!
    "Other Info" field specs: UTSWITCH sunray-server-hostname
    Beware that the Sun Ray will remain attached to that other Sun Ray server when you pull the smartcard or disconnect the session, so it's important to remember to STOP-A the Sun Ray at the end of the session.

    : An Xsession. This will run Xnest within the Sun Ray X session canvas.
    "Other Info" field specs: X11 servername [geometry]
    NOTE: On your Sun Ray server, you may have to execute this: chmod 04755 /usr/openwin/bin/Xnest ulness Xephyr is available.

    : An X term (xterm) on the Sun Ray server. Good for testing!
    "Other Info" field specs: XTERM
    It also starts twm as the window manager. Just good to have...

    Meta Kiosk Workflow - how does a kiosk mode get chosen?
    The following diagram depicts the default actions chosen by the script based on the token conditions, i.e. Token registered or not and "Other Info" field contents:

    Putting it all into action
    The requirements are quite simple:

    • DOWNLOAD "Meta Kiosk" (TAR file)

    • Unpack the downloaded file on a Solaris Sun Ray server: the files are created from the root directory, straight into /etc/opt/SUNWkio/sessions.

    • Under the Sun Ray Web Admin go to Advanced -> Kiosk Mode.

    • Choose "Meta Kiosk Broker Session" from the kiosk options pull down.

    • Pick any Solaris apps you desire to run under the JDS kiosk mode (if at all) as part of the Meta Kiosk, instead of JDS.

    • For EACH and ALL kiosk modes you will be employing that requires it, make sure you edit the associated ".conf" file in /etc/opt/SUNWkio/sessions and include the parameters you want to regularly use: simply type them in for that kiosk mode under KIOSK_SESSION_ARGS (see example above for UTTSC.)

    • Pick the default action you desire for unregistered tokens (if your policy allows) by editing /etc/opt/SUNWkio/sessions/meta-kiosk/meta-kiosk-session and assigning it to UNREG_TOKEN_ACTION (see Flow Chart above.)
      NOTE: By default the script assumes that unregistered tokens get JDSKIOSK as the default, and if this is what you want, make sure you specify something like Firefox as a Critical app under the Meta Kiosk app pane.

    • Pick the default action you desire for registered tokens that do not present an identifiable string in "Other Info" by editing /etc/opt/SUNWkio/sessions/meta-kiosk/meta-kiosk-session and assigning it to DEFAULT_ACTION (see Flow Chart above.)
      NOTE: By default the script assumes this to be VDA, the Sun VDI broker

    • Don't forget you need to have the token registered AND set as a Kiosk token for any of this to work.

    • If you want to assign a kiosk mode to a Sun Ray without using  a smartcard, simply register the pseudo token of the Sun Ray through the Web Admin GUI. The token is always "pseudo.<MAC address>" of the Sun Ray you need. This is often done under VDA to present the same Windows VM to the same person at the same desk all the time (much like ... your PC.)

    Enjoy and make sure you share any other worthwhile uses you can think of...

    UPDATE 19/02/2009:
    Made some improvements on the X11 kiosk - it now works with Centos and OpenSolaris, thanks to the use of Xephyr on Solaris 10 x86

    UPDATE 02/07/2009:
    For a pure and supported methodology on assigning different kiosk sessions to different tokens, there's a new feature available since SRS 4.1 that allows individual Kiosk session assignment to different tokens. For more info, please visit Jörg Barfurth's blog entry "Using different Kiosk Sessions for different tokens". Thanks Jörg! While I'm on this subject, could engineering please deploy a kiosk selection pull-down on the token administration page in the Sun Ray web admin? Ta :)

    Tuesday Oct 14, 2008

    A little script to clone a VM with VMware ESX/ESXi (but no VirtualCenter)

    I wanted to strike this one for my own records...

    I was looking for an easy way to clone a VM without VirtualCenter and came across this, which worked like a charm, bits of which I had done before for other purposes...

    So I came up with a little automation, good for when you have to "create a few"... Change according to your datastore!

    Script: clone-system name-of-source-vm name-of-target-vm


    mkdir $DATASTORE/"$2"

    vmkfstools -i $DATASTORE/"$1"/"$1".vmdk $DATASTORE/"$2"/"$2".vmdk

    Tuesday Sep 23, 2008

    Sun Ultra 24: The Perfect ESXi box for home (or... "The last PC I may ever buy")

    After receiving the mandatory "Waiver for Internal Funding for Equipment" (WIFE) approval, I received a few days ago my new toy, a super-duper Sun Ultra 24 workstation, possibly the last PC I may ever buy (but then again, wasn't 640K enough for all needs?) It's a welcome addition to finally replace my 6 and a half year old Frankenstein PC (AMD Athlon XP1800+) which served faithfully over the years.

    Careful thought went into this purchase:
    - it had to be as powerful as possible without breaking the budget
    - it had to be super quiet, as it will be on most of the time in a public part of my house
    - it had to to have room for heaps of memory and disk
    - it needed to be capable of running pretty much any O/S, but above all, VWare ESX, and as it turns out, just when I was about to place the order, VMware saved me some money by making ESXi free.

    In the end, I chose the Ultra 24 because:
    - it's VERY well put together
    - it met all the requirements above
    - it was competitive with anything out there in the market, and better than most in terms of memory capacity (8GB)
    - and well, staff discount... So I added the obligatory 22" screen (it is \*fantastic\*) and a Sun Ray 2 to accompany my already existing batallion of Sun Rays.

    Anyway, this blog entry is about the steps to get ESXi to run on it, so here we go.

    For completeness, I updated the system to the latest firmware, downloaded from here:

    I tried SATA once on an Ultra 20 and got quite far: I even built a VM, only to find that the VI client would not see it even though it existed on the VMFS volume. Go figure. One day, when I get a spare drive, I'll try SATA on its own. For now, read on...

    As with any other "workstation" in the market, the Ultra 24 can house SATA and SAS disks, but that doesn't mean that the internal controller can handle SAS disks, so buying these disks was not an option (and I couldn't afford them anyway), so to get there for now, I bought 4 x 250GB SATA disks to go in. With every major vendor box, you find that although the disks themselves are a commodity, the brackets that hold them in aren't, so I went for the easy way out, cheap for now with all the brackets in place for the future, so that an upgrade to bigger disks can be had anytime.

    The next thing to solve was getting ESXi to be happy with these drives. As it turns out, I had earlier experimented successfully with a Sun branded LSI card that's fully supported by VMware ESX (Sun part # SG-XPCIE4SAS3-Z), which in more generic terms is a "4-Port SAS PCI-E HBA LSI3041E with B3 silicon" - although I'm yet to understand (or care) what "B3 silicon" means.... We used these cards to run a Sun VDI bootcamp training course on a raft of Sun Ultra 20 systems with 4GB RAM.

    So, I plugged in the card into one of the PCI-E slots of the Ultra 24, and lo and behold, the next reboot the system saw the card and the LSI adapter framework which would later allow me to configure RAID options with my disks.

    So now I have four disks and all sorts of possible configurations... But at the end of the day, for now my needs are defined: I want to run mostly ESXi as safely as possible, so that I can leave a number of VMs running to host some of my lab stuff with confidence (Sun Ray server on Solaris/CentOS/SLES,SGD, Windows VMs, LDAP server, etc) but allow some room to run Windows natively for other very important things like, well, Team Fortress 2, and when the time is ripe, play with Sun xVM.

    So the choice was given to me when I realised that the LSI RAID card would let me create a mirror across 3 disks... Cool - 3 disks as a mirrored set of 375GB and an independant disk to multiboot from other operating systems, Windows XP and Solaris xVM at the very least. And yes, I tested the mirror - I pulled out a drive, and the LSI framework reported it was working in degraded mode until I plugged the drive back in (after a shutdown of course). This type of mirroring may or may not be as fast as a standard two way (think of the implications and the design of such a mirror) but that doesn't bother me too much just yet.

    After this all worked, I simply loaded the ESXi 3.5 u2 CD on the DVD tray, booted and installed happily, UNTIL... the initial ESXi screen came back displaying that the IP address was

    FOURTH CHALLENGE: THE NETWORK Huh? So after a bit of digging I found out that VMware doesn't particularly like the onboard Gigabit Ethernet NIC, which although being an onboard Intel Gigabit, the particular chipset (82566DM-2) is not in the support list "yet" (see among others) and so, since I wanted instant satisfaction by now and had found the potential workaround too hard to implement, I decided that my time would be better spent by investing $47 in a stock standard, ESX supported, Intel 1000/pro Gigabit card, which worked on the next reboot.

    As it turns out, the U24 does not let you boot from different Hard Disks/LUNs. You can only specify ONE preferred hard disk in the BIOS, and the boot menu shows only this one, along with whatever other options your system may have (CD, ETH, USB). After a bit of toing and froing, I found that booting into the BIOS everytime I wanted to change boot disks was VERY painful, whenever the time came for Team Fortress 2. The only option presented to me... USB boot!

    What do you know, there's an internal USB port within the Ultra 24. How useful's that? I had always wanted to give this a try, and now the time was ripe. Googling for instructions I found the more official ones at, but there are plenty of repeat intructions out there. Of course, for a Unix/Mac guy, winimage is not a requirement and a simple "dd" command did the trick quite nicely, although you do seem to need a 2GB drive or \*smaller\*. So, now, I've become a USB boot fan, because that shows up in the boot menu! As a side note, booting ESXi off USB is not particularly fast, but it does make the setup a lot more portable and convenient. At the end of the day, you can easily import the VMs that are already residing on the VMFS to any ESX bootable environment, so I can choose to boot from disk or USB and still have my VMs.

    Almost finished here. I just wanted to document the downside of ESXi in my particular setup:
    1) No access to the CDROM. You can't map a CD to a VM, which is a bit disappointing. Very little documentation on this but it seems to have to do with the fact that the CDROM on the Ultra 24 is IDE...
    2) No USB mapping. That's a sad one, but I knew in advance, so I'm not too fussed.

    By now, it's a happy ending - I have built a few VMs, got my Sun VDI server now running within, my XFX 9800GT plays TF2 like a charm and the machine has been rock solid. Good to go til 2014 I hope!!!


    A thin thinker down under


    • Virtual Desktop
    « April 2014