Wednesday Oct 06, 2010

Writing scripts for the Sun Ray Kiosk interface

I guess most people involved with the administration of Sun Rays and Sun Ray servers do know the Kiosk Mode interface functionality. The Kiosk Mode interface is one of the two modes of operation in the Sun Ray server software (the other one is the regular desktop of the Sun Ray server). Kiosk Mode is used to deliver any kind of virtual desktop (see image) or application to the Sun Ray user. It is highly customizable and for the Sun Ray Administrator one of the fun parts of the Sun Ray technology.

A few weeks ago Thin Guy announced the Sun Ray Kiosk Mode "SDK" in the Sun Ray Users mailing-list. He called this announcement a soft launch, the guide is wiki based and a Work in Progress document. In my view this soft launch was a bit to humble, it is a very nice piece of work that needs more attention.

If you like to write your own kiosk scripts or start to write, but never found the right directions in the official Sun Ray documentation, you will like this document. I copied this introduction from the Sun Ray Kiosk Session Development Kit:

"This site is intended to aid those who interested in creating customized Kiosk Session Types. It is also for those who desire a technical understanding about the design and architecture of Kiosk Mode for Sun Ray Server Software (SRSS) 4.2 and later"

The information is presented in different sections. It describes the support statement, the architecture and components of the Sun Ray Kiosk interface and you can also find examples and tips-and-tricks. The document is useful for new Kiosk script developers as well as for advanced developers. 

You can find the document in the Desktop Virtualization Developer Information Center. I have created a pdf-document (October 6th, 2010) with the complete Sun Ray Kiosk SDK pdf-file. Print it and take it to your home, it is good reading stuff for the weekend.

Thursday Aug 19, 2010

Use a different Kiosk session in Oracle VDI

Today I was preparing a customer project on my test server to run a different application (then the default Oracle VDI desktop) on some special Sun Ray DTUs. In a recent post I wrote about configuring Opera as a Sun Ray Webkiosk browser and this was the application we wanted to run on the special DTUs (for a reception area). In this article I explain how to configure this for the Webkiosk browser, but the scenario is the same for every application you have in mind for a kiosk session.

There are multiple ways to configure different kiosk applications in the Oracle VDI server environment:

  1. Write your own Kiosk Mode scripts. The Think Thin Blog is a very good source to get your inspiration,
  2. Use the Meta Kiosk add-on developed by Daniel Cifuentes,
  3. Use the standard Kiosk Mode interface as described in Jörg's Desktop Blog.

I decided to use method three, it is a less known feature in the Sun Ray Server software (which is embedded in the Oracle VDI software), easy to configure via the CLI (unfortunately it is not yet integrated in the GUI) and you do not need to write a shell-script to control the multiple applications Kiosk Mode logic.

To refresh your mind from the earlier blog post about Opera: you need to install the Opera web-browser on your Oracle VDI servers and you need to store the kiosk description file and launcher in the directory /etc/opt/SUNWkio/sessions.

When this is done you let the Oracle VDI server know that for a pre-determined number of Sun Ray DTUs you do not want to use the default (Oracle VDI) kiosk session, but the alternative Opera Webkiosk session (or any session that you have in mind as alternative). This is a three step process:

1. First you have to store the Opera browser kiosk session configuration in the Sun Ray server data store. You have to create a little configuration file and use this file to store the information in the data store. After this is done you check if it is stored together with the default session

    # I have created the WebkioskSession.conf with an editor.
    root@vdiserver:# cat WebkioskSession.conf
    KIOSK_SESSION=webkiosk
    KIOSK_SESSION_TIMEOUT_DETACHED=12000
    root@vdiserver:# utkiosk -i WebkioskSession -f WebkioskSession.conf
    root@vdiserver:# utkiosk -l
    session
    WebkioskSession
    root@vdiserver:#

2. Then you register the token of the device (e.g. pseudo.00144f5787d1) or the token of a smart-card. Adding a name to the registration is mandatory, I use dummy01 as a not existing username.

    root@vdiserver:# utuser -a "pseudo.00144f5787d1,,,dummy01,"
    root@vdiserver:#

3. In the last step you override the default kiosk configuration by the alternative and restart the session by killing the current session for that token. 

    root@vdiserver:# utkioskoverride -r pseudo.00144f5787d1 -s kiosk -c WebkioskSession
    root@vdiserver:# utsession -k -t pseudo.00144f5787d1
    root@vdiserver:#

If you have multiple tokens (for example 20 Sun Ray DTUs in your reception area), then step two and three are very easy to script in a shell command or shell script. I let this to the user as this is out-of-scope for this article.

Tuesday Jun 08, 2010

SysAdmin access in Oracle VDI

The Oracle VDI server software is an integrated stack with a single installer. It installs several components in the Solaris server system such as the vdi-core, the embedded cluster database, the rdp-broker and last but not least, the Sun Ray server software.

Oracle VDI Desktop Login screenAfter the installation and configuration of your Oracle VDI cluster, the Sun Ray server software is by default configured in kiosk mode policy with Oracle VDI as the standard application. When you connect a Sun Ray DTU device to the network it always displays the standard Desktop Login screen as shown on the left, both for smartcard or non-smartcard access.

When you enter your user credentials you are connected to your assigned virtual desktop. Wherever you are, wherever you go, you are always connected to your own desktop. This is perfect for the end-user, but the System Administrator always has more wishes to connect to the IT-system.

The SysAdmin responsible for the Oracle VDI cluster manages the infrastructure of the virtual desktop platform with the web-based Oracle VDI GUI. With the GUI the SysAdmin manages the following components:

  • the connection to the user-directory (such as the Active Directory),
  • the connection to the virtualization platforms (Virtual Box or VMware) and the storage infrastructure,
  • the assignment of users to desktops,
  • the pools where the virtual desktops resides on the platform.

Oracle VDI Web-admin GUI

For the more advanced features the SysAdmin has the possibility to access the underlying Solaris system and use CLI-commands or inspect log-files. Most likely, the SysAdmin desktop device or laptop is connected to a management network and he logs into the Oracle VDI server using the SSH-protocol.

I always find it useful to add another access mechanism for the SysAdmin. This is typically needed when you want to support the end-user at his desk in his office and want fast access to the Oracle VDI server to troubleshoot for example. I configure a smart-card which offers me a regular Solaris desktop on the Oracle VDI server (note: this is unsupported for end-users in the VDI model, but IMHO fine for limited use for SysAdmins).

Configuring the smart-card for Solaris access is very easy to do, a few CLI- commands on the Oracle VDI server while your smart-card is inserted in the Sun Ray DTU. First you discover your smart-card tokenID with utsession -l (in my case it is MicroPayflex.500406f700130100), you register the smart-card with utuser -a in the Sun Ray server data-store and then you override the standard smart-card policy with utkioskoverride -s regular for this smart-card tokenID:

    # utsession -l
      Configuration for token ID 'MicroPayflex.500406f700130100':
      encryptUpType=ARCFOU
      encryptDownType=ARCFOUR
      authenticateUpType=DSA
      authenticateDownType=simple
      securityMode=hard
      clientAuthenticationMode=soft
      clientKeyStatus=unconfirmed
      clientKeyID=5f368b597f32fd5944229e5a676add14
      terminalCIDs=IEEE802.0021281506de
    # utuser -a "MicroPayflex.500406f700130100,,,jaap,"
      Added one user.
    # utkioskoverride -s regular -r MicroPayflex.500406f700130100
      The session type has been successfully changed. Please note that changes
      will only take effect the next time a session is started for the specified
      token
    # utsession -t MicroPayflex.500406f700130100 -k
    # 

The last CLI-command utsession kills your current Sun Ray session (the one with the Oracle VDI Desktop Login screen) and returns with a regular Solaris Desktop login as shown in the picture below.

Solaris Desktop Login screen

The utkioskoverride is a very powerful CLI-command. One of the Sun Ray engineers has written a nice blog about Using different Kiosk Sessions for different tokens. Recommended to read if you need some more flexibility in Kiosk configuration settings.

Wednesday Jun 02, 2010

Opera: a Sun Ray Webkiosk browser

In one of my recent projects I had to install Sun Ray DTU devices in a reception area of an office building. The requirement was to use the Sun Ray as an information stand:

  • Deny access to the Desktop operating system, but provide Web browsing
  • Reset after periods of inactivity

I decided to give it a try with the Opera web browser which runs both on Solaris and Linux systems. My example installation is on Oracle Enterprise Linux, but it is also tested on Solaris x86.

Opera is a web browser with increasing popularity and runs on multiple platforms. Opera has some nice kiosk mode features such as:

  • Start-up dialogs are not shown
  • Full-screen mode is enabled by default, you can't escape from it
  • Toolbars and application bar are disabled
  • URL Filtering

Before I start configuring and customizing Opera for Sun Ray I did the following standard installation steps:

  • Download and install Opera on my Sun Ray server
  • Configure Flash, Java and Acroread plugins (follow the instructions on this webpage)

My next step is to perform some Opera configuration settings. I will do this as a standard Linux user (I did it as the root user) by launching the Opera browser. When launched for the first time Opera will create a $HOME/.opera configuration directory.

Opera has a Preferences Editor which you access via entering the opera:config URL. I used the following two configurations settings to adjust my Kiosk Mode preferences:

  • "Go Home Time Out": which is found under the Special section. This setting is used for resetting the kiosk after a certain period of inactivity in seconds. I used a setting of 600 (which is 10 minutes).
  • "URL Filter File": which is found under the Network section. Here you can choose your file path (or use the default setting $HOME/.opera/urlfilter.ini) where you store your URL filter rules.
  • I also changed the default home page, in my case I changed it to http://www.oracle.com/.

After exiting the Opera web browser, I created the URL filter rules in the default URL Filter File:

# vi $HOME/.opera/urlfilter.ini
[prefs]
   prioritize excludelist=1
[include]
   http://\*/\*
   https://\*/\*
[exclude]
   ftp://\*.bmp
   ftp://\*.gif
   ftp://\*.jpg
   ftp://\*.jpeg
   ftp://\*.png

See the Opera Kiosk Mode webpage for the explanation of the URL Filter File. I used these settings to allow http(s) URLs only. With these URL filters I also disallow the file://localhost/\* URLs to prevent viewing local files from the Sun Ray Software server.

At this time, my Opera configuration is ready for Sun Ray kiosk mode. I copied the configuration files to the default kiosk mode prototypes directory on all my Sun Ray servers in the Server Group. The Sun Ray kiosk mode module takes care of copying the profile to the right place in the server system when a user accesses the Sun Ray and his Opera kiosk session

# cd $HOME
# cp -r .opera /etc/opt/SUNWkio/prototypes/default/
#

The last step in my configuration is to tell the Sun Ray server how to start the Opera browser in kiosk mode. You do this by creating a kiosk descriptor file and a kiosk session executable. The descriptor will be detected in the Sun Ray server Admin GUI where you enable the service. In the below steps you see the kiosk files I used in my server.

1. create the Sun Ray kiosk descriptor 

  # vi /etc/opt/SUNWkio/sessions/webkiosk.conf 
    KIOSK_SESSION_EXEC=$KIOSK_SESSION_DIR/opera-kiosk.sh
    KIOSK_SESSION_LABEL="Webbrowser Kiosk Mode"
    KIOSK_SESSION_DESCRIPTION="Webbrowser (Opera) in limited Kiosk Mode to provide I
    nternet Web services to Sun Ray Kiosk Users"

2. create the session execution script

  # mkdir /etc/opt/SUNWkio/sessions/webkiosk
  # vi /etc/opt/SUNWkio/sessions/webkiosk/opera-kiosk.sh 
    #!/bin/sh

    # Set sleep and blanking timeouts to 0
    # Uncomment if on Solaris
    #/usr/openwin/bin/xset -dpms s off
    #OPERA_EXEC=/usr/local/bin/opera
    # Uncomment if on Linux
    /usr/bin/xset -dpms s off
    OPERA_EXEC=/usr/bin/opera

    $OPERA_EXEC -kioskmode -kioskbuttons -nosave -noprint  \\
            -nochangebuttons -nocontextmenu -nodownload \\
            -nokeys -nomail -nomaillinks -nomenu 

Again, see the Opera Kiosk Mode website for the explanation of the Opera switches. With these switches you still see the main toolbar and address bar. Some of the buttons (such as the print button) are greyed-out. If you want to disable the address bar and toolbar you remove the -kioskbuttons switch, then you only see the viewed web-page.

About

I post here hands-on examples which I have used in my Oracle VDI Desktop Virtualization projects at customers and partners.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today