Thursday Aug 19, 2010

Use a different Kiosk session in Oracle VDI

Today I was preparing a customer project on my test server to run a different application (then the default Oracle VDI desktop) on some special Sun Ray DTUs. In a recent post I wrote about configuring Opera as a Sun Ray Webkiosk browser and this was the application we wanted to run on the special DTUs (for a reception area). In this article I explain how to configure this for the Webkiosk browser, but the scenario is the same for every application you have in mind for a kiosk session.

There are multiple ways to configure different kiosk applications in the Oracle VDI server environment:

  1. Write your own Kiosk Mode scripts. The Think Thin Blog is a very good source to get your inspiration,
  2. Use the Meta Kiosk add-on developed by Daniel Cifuentes,
  3. Use the standard Kiosk Mode interface as described in Jörg's Desktop Blog.

I decided to use method three, it is a less known feature in the Sun Ray Server software (which is embedded in the Oracle VDI software), easy to configure via the CLI (unfortunately it is not yet integrated in the GUI) and you do not need to write a shell-script to control the multiple applications Kiosk Mode logic.

To refresh your mind from the earlier blog post about Opera: you need to install the Opera web-browser on your Oracle VDI servers and you need to store the kiosk description file and launcher in the directory /etc/opt/SUNWkio/sessions.

When this is done you let the Oracle VDI server know that for a pre-determined number of Sun Ray DTUs you do not want to use the default (Oracle VDI) kiosk session, but the alternative Opera Webkiosk session (or any session that you have in mind as alternative). This is a three step process:

1. First you have to store the Opera browser kiosk session configuration in the Sun Ray server data store. You have to create a little configuration file and use this file to store the information in the data store. After this is done you check if it is stored together with the default session

    # I have created the WebkioskSession.conf with an editor.
    root@vdiserver:# cat WebkioskSession.conf
    root@vdiserver:# utkiosk -i WebkioskSession -f WebkioskSession.conf
    root@vdiserver:# utkiosk -l

2. Then you register the token of the device (e.g. pseudo.00144f5787d1) or the token of a smart-card. Adding a name to the registration is mandatory, I use dummy01 as a not existing username.

    root@vdiserver:# utuser -a "pseudo.00144f5787d1,,,dummy01,"

3. In the last step you override the default kiosk configuration by the alternative and restart the session by killing the current session for that token. 

    root@vdiserver:# utkioskoverride -r pseudo.00144f5787d1 -s kiosk -c WebkioskSession
    root@vdiserver:# utsession -k -t pseudo.00144f5787d1

If you have multiple tokens (for example 20 Sun Ray DTUs in your reception area), then step two and three are very easy to script in a shell command or shell script. I let this to the user as this is out-of-scope for this article.

Wednesday Aug 11, 2010

Change default Desktop Login Language in Oracle VDI 3.2

One of the new features in the recently released Oracle VDI 3.2 software is the addition of the Dutch language in the Oracle VDI Desktop Login screen. In this article I explain how to change the default Desktop Login language to your preferred language (I use Dutch in the examples, because I live in the Netherlands ;-) 

As soon as you connect with your Sun Ray DTU or Oracle Virtual Desktop Client (OVDC) to the Oracle VDI server you get the standard Desktop Login window. Most of the time, this window defaults to the English language (see the below picture). Through the "More Options, Language" drop-down menu you see a list of supported languages. With a few simple steps you can change the default language of the Desktop Login to your preferred language.

Oracle VDI Desktop Login Window in English Language

The Desktop Login window is launched by the Kiosk interface scripts. This is the glue between the embedded Sun Ray server software and the Oracle VDI broker software. The Kiosk interface scripts determines the language setting for the Desktop Login window through the underlying operating system. In our Solaris 10 Oracle VDI server this is done with the locale parameters.

During the Solaris 10 Operating System installation, the English version of Solaris is installed by default. Most likely you only provided information about the timezone of your server and not the information for your geographic regions and software localizations. On the Sun Developers Network website you can check a list with locale settings in the Solaris Locale Chart. To use the Dutch language in the Oracle VDI Desktop Login we need the nl_NL locale which is part of the Western European Region (WEU) in Solaris 10.

Follow the next four steps to configure your preferred language for the Oracle VDI Desktop Login window:

1. Check the installed locales on your Oracle VDI server with the following CLI-commands:

  # First check the current locales on the server (in this case it is the default)
  root@server:# locale -a

  # Or check if the Dutch locales are installed on your server
  root@server:# locale -a | grep nl

2. If your locale exists go to step 3, otherwise load your preferred locale from the Solaris 10 installation media (the Solaris 10 installation DVD or the downloaded Solaris 10 iso-file):

  # Insert Solaris 10 DVD in your drive, it will be automounted under /cdrom
  # In my example we install the nl_NL locale
  root@server:# localeadm -a nl_NL -d /cdrom/sol_10_1009_x86/

  # Use the following CLI-commands if you installed from an iso file
  # Find your iso file (in my case /stage) and mount the iso into a directory /mnt
  root@server:# mount -F hsfs -o ro `lofiadm -a /stage/sol-10-u8-ga-x86-dvd.iso` /mnt
  root@server:# localeadm -a nl_NL -d /mnt
  root@server:# umount /mnt; lofiadm -d /dev/lofi/1

3. Configure the locale in the Sun Ray Kiosk general properties settings:

  • Go to the Sun Ray sever Admin GUI (https://server:1661/) and login with root/passwd
  • Select Tab Advanced, sub-Tab Kiosk Mode and select Edit to change the properties for the Oracle Virtual Desktop Infrastructure session type. 
  • In the Locale property configure your preferred locale as shown in the below picture and save the properties

SRSS Admin GUI, Kiosk Mode properties

4. Restart your DTU session to show the new Desktop Login Language setting:

  • You can do this by selecting Quit in the Desktop Login window, or
  • You can do this with the key sequence CTRL-ALT-BS-BS.
If all went well you will see the Oracle VDI Desktop Login window in your preferred language. The below picture shows the Desktop Login window for the Dutch language.

Oracle VDI Dutch Desktop Login window

Oracle VDI 3.2 Released

Hot off the press: Oracle VDI 3.2 is released today. Some of the new features in Oracle Virtual Desktop Infrastructure 3.2 are:

  • Global hot-desking: to build multiple Oracle VDI clusters in different data-centers. This can be used for roaming of users over multiple locations (nation-wide or world-wide) or used in disaster recovery scenario's where users can be offered a guest-desktop in another data-center if there is a disaster in their home data-center.
  • Multi-company capabilities: this especially is useful for service-providers who want to offer a Virtual Desktop service to multiple customers where every customer is using its own (Active/LDAP) Directory.
  • For Windows (XP and 7) there is a Fast-preparation option instead of using the default Microsoft system prepartion. This is useful to speed-up your cloning process.
  • Oracle branding and download from the Oracle e-delivery website.

See the following links for more information:

Stay tuned for more updates on this new release !!

Monday Jul 19, 2010

Using Oracle Virtual Desktop Client with smart card

As you may have discovered, last week Oracle released updates for Sun Ray software and the Oracle Virtual Desktop Client (OVDC) which are described in more detail on the ThinkThin blog.

I wanted to test OVDC with the new smart card functionality to hotdesk my Desktop session between a Sun Ray DTU and the OVDC. But I encountered a small issue when using the smart-card (in fact I was to lazy to read the Release Notes :-)

Before using OVDC you have to enable access for it on the server. This is done automatically if you use the Sun Ray server software as part of the full Oracle VDI stack. But you can also do this manually via the Sun Ray Admin GUI. However, for enabling OVDC access with a smart card this option is not available yet in the Admin GUI. Below I explain what I did in my demo-server infrastructure.

I connected with OVDC on my Windows XP notebook with integrated smart card reader to the patched Sun VDI server and I did get the standard Oracle/Sun VDI Desktop Login screen. When I inserted a smart card in my Windows XP notebook, it connected to the VDI server, but it did not get the Desktop Login screen. Instead, I did get a little icon with a status code 47 in the lower right.

No OVDC Access Icon

On the Sun Ray Wiki you can find a page with SRSS Troubleshooting Icons, where I found that status code 47 means No access for Sun Desktop Access Clients. The Release notes of OVDC helped me to find out that I can enable access for OVDC smart card sessions with the utpolicy CLI-command and the switch -u to specify the policy for card, pseudo or both (resp. smart card session, non-smart card session and both types).

I logged into my Sun VDI (or standalone Sun Ray) server as the root user and I changed the Sun Ray server policy with the following commands:

# First check the current policy on the server
root@vdiserver:# /opt/SUNWut/sbin/utpolicy
# Current Policy:
-a -z both -k both -m -u pseudo

# Change the policy (-u both) to accept card and non-card OVDC sessions
root@vdiserver:# /opt/SUNWut/sbin/utpolicy -a -z both -k both -m -u both

# Restart authentication manager (needed for policy change)
root@vdiserver:# /opt/SUNWut/sbin/utrestart -c

After the restart of the Sun Ray Server services and reconnecting OVDC to the server I could hotdesk my Virtual Desktop session between the Sun Ray DTU and the OVDC software client.

Thursday Jul 15, 2010

Solaris for Oracle VDI Administrators (2)

I continue with my articles about Solaris Administration for Oracle VDI Administrators, my first article was about adding Solaris Freeware packages, this article is about installing patches.

If you have a valid support-contract for your server software, you are able to download patches from the website. Sometimes (but not very often :-) there are patches released for Oracle VDI.

A good source to keep you up-to-date on Sun Ray and Oracle VDI patches is the Sun Ray Users Group website, where you can find an overview of current and older versions of patches (Edit: better to use the official Sun Ray Wiki page with an overview of Sun Ray Software patches).

Recently a patch for Sun Ray firmware was released to support the new Sun Ray 3+ client in the current Sun Ray server software. For example, to check if you already installed that 140994-02 patch (Edit: I just found out that there is a new revision of this patch: 140994-03) on your x86 Oracle VDI server, you can execute the followng CLI-commands on your Oracle VDI or Sun Ray server:

# To show patch versions of all the patches on your server
root@vdiserver:# showrev -p 

# Check if a specific patch have been applied to a system, e.g. 140994
# There is no result when the patch is NOT applied, otherwise
root@vdiserver:# showrev -p | grep 140994 

# To check which Sun Ray Server specific patches are installed on your
# server (output is a list with the installed patches) 
root@vdiserver:# /opt/SUNWut/lib/utspatches

I'm not going to tell how to patch the server, this information is provided in the README file of the patch description. Most likely before and after applying a patch with the patchadd CLI-command, you have to do some additional instructions.

Friday Jun 25, 2010

Solaris for Oracle VDI Administrators (1)

The core component of the Oracle VDI solution is the Oracle VDI broker/session manager which you deploy in your session management layer of your Virtual Desktop infrastructure. It is an integrated stack of software components with a single installer which you install on a Solaris server: one server if you want to demo or evaluate the software or in a cluster of servers for production use.

After initial installation and configuration the server behaves like an appliance, you administer the Oracle VDI platform through the web-interface. Also the Sun Ray server component is managed through the web-interface.

Although you do not need to be a Solaris expert (most VDI platforms are managed by administrators from the Windows domain) to manage a Oracle VDI broker/session manager server, some Solaris command line knowledge is a value add in managing the Oracle VDI platform.

I hope to write some articles in the future about common Solaris SysAdmin jobs that could be used in the daily life of Oracle VDI Administrator. In this post I like to show some commands that you use when you add additional software packages to your Solaris Server. I do not present the output of the CLI-commands, you are encouraged to execute the below instructions on your Solaris Oracle VDI server to understand the output.


Usually when I have installed a Solaris server, I add additional packages from the public domain that I have downloaded from, the Freeware for Solaris package repository. An example of such a package is rdesktop, the X-windows client for Windows terminal servers. You may think why should I install this package (Oracle VDI has its own uttsc RDP-connector), but I explain that later.

# Decompress the downloaded package
root@vdiserver:# gunzip rdesktop-1.5.0-sol10-x86-local.gz

# Install and transfer the software package to the system
root@vdiserver:# pkgadd -d rdesktop-1.5.0-sol10-x86-local

# Check software package installation accuracy (before you add to the system)
root@vdiserver:# pkgchk -d rdesktop-1.5.0-sol10-x86-local

# Check if software package is already installed
root@vdiserver:#  grep rdesktop /var/sadm/install/contents

# Or check if software package is already installed with pkginfo
root@vdiserver:#  pkginfo | grep rdesktop

If you do install this rdesktop package on your server, do not forget to install the dependency packages as described on the website.

Sample rdesktop use-cases: 

As you may know, the uttsc RDP-connector in the Oracle VDI server (or the stand-alone Sun Ray server software) only displays on a Sun Ray client. It does not work when it is executed from the console of the server or via a remote SSH session. For this purpose I use the rdesktop RDP-connector.

Consider you are working on a Apple or Linux notebook (or your Windows desktop with a local X-display) and you want to test the RDP connection from a remote Oracle VDI server to a Windows system (might be Windows XP virtual machine or Windows 2003 Terminal server) then these are the commands that you can use:

# Connect with RDP from VDI server to a Windows Terminal server
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop ip-address-wts

# Assume you know Virtual Desktop VM IP-address via Oracle VDI 
# web-interface, connect with RDP from VDI server to a VM
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop ip-address-vm

# This is cool: use the VDI server's RDP broker to test a Virtual Desktop VM 
# of an assigned user
# Warning: passwd may be visible on vdiserver when tools like "ps" are used.
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop \\
                    -u username -p passwd ip-address-vdiserver

# Same use-case, but you hide the passwd and have to enter the windows passwd
# after you have entered the SSH passwd
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop \\
                    -u username -p - ip-address-vdiserver

That's it for now, please let me know if you have specific wishes for this series of articles. Or let me know what CLI-commands you are struggling with as a Oracle VDI administrator.  

Tuesday Jun 15, 2010

Changing VMware Desktop provider password in Oracle VDI

During a Virtual Desktop deployment project there are always multiple groups in the organization that are responsible for parts of the architecture. This is the challenge for the project manager and the lead architect of the project: make sure these groups work together and streamline the communication and architectural decisions.

In one of our projects where we worked with the Oracle VDI software and Windows XP virtual desktops running in a VMware vSphere virtualization back-end we had a little issue that was caused by a lack of communication between the SysAdmins (in this case between the VMware SysAdmins and the Oracle VDI Admins, who were not in the same group).

As you may know the Oracle VDI session broker is assigning and connecting end-users to virtual desktops. When a user logs in to the desktop client, Oracle VDI requests a virtual desktop IP-address of the assigned user from the VMware vCenter server. When vCenter returns the IP-address, Oracle VDI establishes a session between the user's desktop client and the virtual desktop.

Back to our project. During a system maintenance window in the non-office hours, the Oracle VDI cluster was rebooted. When the system came back online again, the end-users couldn't login anymore into their virtual desktops. After some trouble-shooting we found out the connection between the Oracle VDI cluster and the VMware vCenter server failed (see the example screen-shot of the Oracle VDI GUI):

VMware DP unresponsive

The reason the status was reported as Unresponsive had to do with a changed Administrator password in the Windows 2003 server where the vCenter software was running. The password change was implemented by the VMware vCenter Administrator several weeks before this issue happened, but it did not impact the connection between vCenter and Oracle VDI at that time.

Oracle VDI takes advantage of the web services API provided by the VMware Infrastructure SDK to communicate through HTTPS with VMware vCenter. When you setup a connection between the two components you have to verify that the servers are able to communicate: 

  • verify that the VMware vCenter Webaccess component is installed and configured.
  • verify that Port 443 (HTTPS) is enabled in any firewall that may be active on the vCenter server system.

VMware Desktop Provider configurationDuring configuration of the VMware Desktop Provider in the Oracle VDI GUI you specify the server properties and the administrator credentials of the vCenter server as shown in the left image.

At this time Oracle VDI opens a HTTPS connection to the VMware vCenter server for the first time (this open connection also happens during an Oracle VDI service startup after reboot).

This connection is cached and re-used as long as possible. In Oracle VDI there is a system thread that periodically checks if the connection is still usable. If it's not usable it tries to reestablish a new one.

One side effect of this checking is that the connection is typically kept alive for a long time. This is most likely what happened in our environment. 

The issue was solved when we updated the password of the VMware Desktop Provider settings in the Oracle VDI broker. This is done by the CLI-command vda and VMware DP as the name of my provider:

root@vdiserver:~# vda provider-vc-setprops --properties=password-prompt "VMware DP"
Enter password for host vc.sunvdi.local: XXXXXXXX

Updated Provider Settings

When the password was changed, Oracle VDI reported Status OK in the VMware vCenter Desktop Provider Summary overview and since that change all the end-users could connect again to their assigned desktops.

I leave it up to the imagination of the reader to conclude the moral of the story :-)

Tuesday Jun 08, 2010

SysAdmin access in Oracle VDI

The Oracle VDI server software is an integrated stack with a single installer. It installs several components in the Solaris server system such as the vdi-core, the embedded cluster database, the rdp-broker and last but not least, the Sun Ray server software.

Oracle VDI Desktop Login screenAfter the installation and configuration of your Oracle VDI cluster, the Sun Ray server software is by default configured in kiosk mode policy with Oracle VDI as the standard application. When you connect a Sun Ray DTU device to the network it always displays the standard Desktop Login screen as shown on the left, both for smartcard or non-smartcard access.

When you enter your user credentials you are connected to your assigned virtual desktop. Wherever you are, wherever you go, you are always connected to your own desktop. This is perfect for the end-user, but the System Administrator always has more wishes to connect to the IT-system.

The SysAdmin responsible for the Oracle VDI cluster manages the infrastructure of the virtual desktop platform with the web-based Oracle VDI GUI. With the GUI the SysAdmin manages the following components:

  • the connection to the user-directory (such as the Active Directory),
  • the connection to the virtualization platforms (Virtual Box or VMware) and the storage infrastructure,
  • the assignment of users to desktops,
  • the pools where the virtual desktops resides on the platform.

Oracle VDI Web-admin GUI

For the more advanced features the SysAdmin has the possibility to access the underlying Solaris system and use CLI-commands or inspect log-files. Most likely, the SysAdmin desktop device or laptop is connected to a management network and he logs into the Oracle VDI server using the SSH-protocol.

I always find it useful to add another access mechanism for the SysAdmin. This is typically needed when you want to support the end-user at his desk in his office and want fast access to the Oracle VDI server to troubleshoot for example. I configure a smart-card which offers me a regular Solaris desktop on the Oracle VDI server (note: this is unsupported for end-users in the VDI model, but IMHO fine for limited use for SysAdmins).

Configuring the smart-card for Solaris access is very easy to do, a few CLI- commands on the Oracle VDI server while your smart-card is inserted in the Sun Ray DTU. First you discover your smart-card tokenID with utsession -l (in my case it is MicroPayflex.500406f700130100), you register the smart-card with utuser -a in the Sun Ray server data-store and then you override the standard smart-card policy with utkioskoverride -s regular for this smart-card tokenID:

    # utsession -l
      Configuration for token ID 'MicroPayflex.500406f700130100':
    # utuser -a "MicroPayflex.500406f700130100,,,jaap,"
      Added one user.
    # utkioskoverride -s regular -r MicroPayflex.500406f700130100
      The session type has been successfully changed. Please note that changes
      will only take effect the next time a session is started for the specified
    # utsession -t MicroPayflex.500406f700130100 -k

The last CLI-command utsession kills your current Sun Ray session (the one with the Oracle VDI Desktop Login screen) and returns with a regular Solaris Desktop login as shown in the picture below.

Solaris Desktop Login screen

The utkioskoverride is a very powerful CLI-command. One of the Sun Ray engineers has written a nice blog about Using different Kiosk Sessions for different tokens. Recommended to read if you need some more flexibility in Kiosk configuration settings.


I post here hands-on examples which I have used in my Oracle VDI Desktop Virtualization projects at customers and partners.


« July 2016