Thursday Mar 28, 2013

Oracle VDI 3.5 Installation notes for Solaris 11.1

Oracle released Oracle VDI 3.5 last week. You may have seen the announcements on the Oracle website, Blogs or social media. In this article I want to share my installation notes of Oracle VDI 3.5 software on the newly supported Solaris 11.1 platform. 

For me, this was also my first Solaris 11 server installation experience and I was happy to find out that installing Solaris 11.1 and Oracle VDI 3.5 was a rather easy activity. On my lab server I used the Solaris 11.1 text-based installation, this is the image for server deployments and during the initial configuration I configured the server with static IP-address, my lab DNS server and DNS domain.

During installation I created the initial user account with username vdiadmin. As you may know you can't login as the super-user root in Solaris 11 and for all the remaining system commands with root-privileges you can use the sudo command (or just change to the root-role with the su command).

Solaris Package Repository

After the basic Solaris 11.1 installation you need to configure the Solaris Support repository. By default only the Release repository is configured. This is important, because Oracle VDI needs more Solaris packages then installed in the standard configuration, the Oracle VDI installer will download the packages automatically from the repository.

Run the below pkg command in Solaris to check the repository, initially it shows you the Release repository:

    # pkg publisher 
    PUBLISHER   TYPE   STATUS   URI 
    solaris     origin online   http://pkg.oracle.com/solaris/release/ 
    

I used the information from the Solaris documentation to configure the online Solaris Support repository. If your server is not connected to the Internet, then you should configure your own, local repository by using the Solaris 11.1 Repository Image

To configure the Solaris Support repository, obtain key and certificate files from https://pkg-register.oracle.com/. Login with your MOS credentials and follow the steps for Solaris 11 support. After you have finished the steps you can verify the changed repository and run a pkg update to install the latest Oracle Solaris 11 Support Repository Update (SRU) and reboot:

    # pkg publisher
    PUBLISHER   TYPE    STATUS  URI 
    solaris     origin  online  https://pkg.oracle.com/solaris/support
    # sudo pkg update 
    # sudo init 6
    

Oracle VDI Installation Process

If you download the Oracle VDI 3.5 software package, you should pay attention to download the correct installation zip-file. There is now a difference between Solaris 10 and Solaris 11 installation zip-files. 

After unpacking the VDI 3.5 installation zip-files, I decided to run vda-install and vda-config separately:

    # sudo ./vda-install -i

The installer starts to check the required libraries and packages in Solaris 11.1. In my case (text-based Solaris 11.1 installation) it needed to download about 600 MB of data from the Solaris 11 repository. After the download and installation of the packages, the Oracle VDI installer automatically continues with the basic Oracle VDI installation.

Depending on your network connection, downloading 600 MB of Solaris packages takes some time. You may monitor the process by viewing the installation log file (in a separate Terminal window) for information about the progress of downloading and installing the packages.

    # tail -f  /var/sadm/install/logs/vda-install.timestamp.log

I decided to do a reboot when vda-install was finished because of all the newly installed packages. I'm not sure if this is really necessary. After the reboot I continued with the vda-config command to start the configuration of my single-node Oracle VDI server. In the configuration settings I used my initial user vdiadmin as VDI Administrator:

    # sudo /opt/SUNWvda/sbin/vda-config
    ...
    Review the settings for a new Oracle VDI Center:
       Name: VDI Center
       Administrator Password: ********
       VDI Administrator (super-user): vdiadmin
       DNS name of this host: ovdi-host20.ovdi.local
       Maximum number of sessions on this host: 100
       User ID range start: 150000
       Database: Embedded Oracle VDI
    Do you want to create the Oracle VDI Center now?
    Enter 'c' to customize the settings. ([y]/c):

 

Virtual Box Installation Process

Because of the changes in Solaris 11 for the root-role, I decided to configure the Virtual Box processes under non-root privileges: you can use your standard user ('vdiadmin' in my case). 

Because of the non-root priviliges, you are also forced to configure a non-privileged TCP port for the Virtual Box web-service. I used the TCP port that was suggested by the installer:

    # sudo ./vb-install 
    Oracle VM VirtualBox Installation for Solaris
 
    Unpacking Oracle VM VirtualBox package.
 
    Select an existing user for VirtualBox: vdiadmin
    Enter the password for user 'vdiadmin': #########

    Specify the VirtualBox SSL port [18083]: 18083
 
    Oracle VM VirtualBox 4.2.10 Installation
    + Installing Oracle VM VirtualBox Core
    ...etc etc....

 

Connect to the Oracle VDI Manager

If you connect with Firefox to the Oracle VDI Manager for the first time, you got the following error message on the secure port of the VDI Manager:


This error is mentioned in the Oracle VDI 3.5 Release Notes. Oracle Solaris 11 uses Transport Layer Security (TLS) version 1.1, which Firefox does not support yet. The workaround is to connect and authenticate with TLS 1.0 disabled in Firefox preferences:

    Advanced -> Encryption, unchecked Use TLS 1.0.

 

Some Closing Remarks

  • NTP services: works exactly the same as with Solaris 10, just make sure /etc/inet/ntp.conf has the right server settings before you start configuring Oracle VDI.
  • Kerberos: also works the same as Solaris 10. I used copied my /etc/krb/krb5.conf configuration file from Solaris 10 without any changes.
  • I also did another Solaris 11.1 installation where I used the Oracle Solaris 11.1 Live Media for x86, that also worked fine. I only had some difficulties changing IP-address from DHCP to static. Just read the documentation or Google to use the right procedure.

Thursday Jul 15, 2010

Solaris for Oracle VDI Administrators (2)

I continue with my articles about Solaris Administration for Oracle VDI Administrators, my first article was about adding Solaris Freeware packages, this article is about installing patches.

If you have a valid support-contract for your server software, you are able to download patches from the sunsolve.sun.com website. Sometimes (but not very often :-) there are patches released for Oracle VDI.

A good source to keep you up-to-date on Sun Ray and Oracle VDI patches is the Sun Ray Users Group website, where you can find an overview of current and older versions of patches (Edit: better to use the official Sun Ray Wiki page with an overview of Sun Ray Software patches).

Recently a patch for Sun Ray firmware was released to support the new Sun Ray 3+ client in the current Sun Ray server software. For example, to check if you already installed that 140994-02 patch (Edit: I just found out that there is a new revision of this patch: 140994-03) on your x86 Oracle VDI server, you can execute the followng CLI-commands on your Oracle VDI or Sun Ray server:

# To show patch versions of all the patches on your server
root@vdiserver:# showrev -p 

# Check if a specific patch have been applied to a system, e.g. 140994
# There is no result when the patch is NOT applied, otherwise
root@vdiserver:# showrev -p | grep 140994 

# To check which Sun Ray Server specific patches are installed on your
# server (output is a list with the installed patches) 
root@vdiserver:# /opt/SUNWut/lib/utspatches

I'm not going to tell how to patch the server, this information is provided in the README file of the patch description. Most likely before and after applying a patch with the patchadd CLI-command, you have to do some additional instructions.

Friday Jun 25, 2010

Solaris for Oracle VDI Administrators (1)

The core component of the Oracle VDI solution is the Oracle VDI broker/session manager which you deploy in your session management layer of your Virtual Desktop infrastructure. It is an integrated stack of software components with a single installer which you install on a Solaris server: one server if you want to demo or evaluate the software or in a cluster of servers for production use.

After initial installation and configuration the server behaves like an appliance, you administer the Oracle VDI platform through the web-interface. Also the Sun Ray server component is managed through the web-interface.

Although you do not need to be a Solaris expert (most VDI platforms are managed by administrators from the Windows domain) to manage a Oracle VDI broker/session manager server, some Solaris command line knowledge is a value add in managing the Oracle VDI platform.

I hope to write some articles in the future about common Solaris SysAdmin jobs that could be used in the daily life of Oracle VDI Administrator. In this post I like to show some commands that you use when you add additional software packages to your Solaris Server. I do not present the output of the CLI-commands, you are encouraged to execute the below instructions on your Solaris Oracle VDI server to understand the output.

Pkgadd: 

Usually when I have installed a Solaris server, I add additional packages from the public domain that I have downloaded from Sunfreeware.com, the Freeware for Solaris package repository. An example of such a package is rdesktop, the X-windows client for Windows terminal servers. You may think why should I install this package (Oracle VDI has its own uttsc RDP-connector), but I explain that later.

# Decompress the downloaded package
root@vdiserver:# gunzip rdesktop-1.5.0-sol10-x86-local.gz

# Install and transfer the software package to the system
root@vdiserver:# pkgadd -d rdesktop-1.5.0-sol10-x86-local

# Check software package installation accuracy (before you add to the system)
root@vdiserver:# pkgchk -d rdesktop-1.5.0-sol10-x86-local

# Check if software package is already installed
root@vdiserver:#  grep rdesktop /var/sadm/install/contents

# Or check if software package is already installed with pkginfo
root@vdiserver:#  pkginfo | grep rdesktop

If you do install this rdesktop package on your server, do not forget to install the dependency packages as described on the Sunfreeware.com website.

Sample rdesktop use-cases: 

As you may know, the uttsc RDP-connector in the Oracle VDI server (or the stand-alone Sun Ray server software) only displays on a Sun Ray client. It does not work when it is executed from the console of the server or via a remote SSH session. For this purpose I use the rdesktop RDP-connector.

Consider you are working on a Apple or Linux notebook (or your Windows desktop with a local X-display) and you want to test the RDP connection from a remote Oracle VDI server to a Windows system (might be Windows XP virtual machine or Windows 2003 Terminal server) then these are the commands that you can use:

# Connect with RDP from VDI server to a Windows Terminal server
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop ip-address-wts

# Assume you know Virtual Desktop VM IP-address via Oracle VDI 
# web-interface, connect with RDP from VDI server to a VM
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop ip-address-vm

# This is cool: use the VDI server's RDP broker to test a Virtual Desktop VM 
# of an assigned user
# Warning: passwd may be visible on vdiserver when tools like "ps" are used.
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop \\
                    -u username -p passwd ip-address-vdiserver

# Same use-case, but you hide the passwd and have to enter the windows passwd
# after you have entered the SSH passwd
jaap@notebook:# ssh -X root@vdiserver /usr/local/bin/rdesktop \\
                    -u username -p - ip-address-vdiserver

That's it for now, please let me know if you have specific wishes for this series of articles. Or let me know what CLI-commands you are struggling with as a Oracle VDI administrator.  

Tuesday Jun 08, 2010

SysAdmin access in Oracle VDI

The Oracle VDI server software is an integrated stack with a single installer. It installs several components in the Solaris server system such as the vdi-core, the embedded cluster database, the rdp-broker and last but not least, the Sun Ray server software.

Oracle VDI Desktop Login screenAfter the installation and configuration of your Oracle VDI cluster, the Sun Ray server software is by default configured in kiosk mode policy with Oracle VDI as the standard application. When you connect a Sun Ray DTU device to the network it always displays the standard Desktop Login screen as shown on the left, both for smartcard or non-smartcard access.

When you enter your user credentials you are connected to your assigned virtual desktop. Wherever you are, wherever you go, you are always connected to your own desktop. This is perfect for the end-user, but the System Administrator always has more wishes to connect to the IT-system.

The SysAdmin responsible for the Oracle VDI cluster manages the infrastructure of the virtual desktop platform with the web-based Oracle VDI GUI. With the GUI the SysAdmin manages the following components:

  • the connection to the user-directory (such as the Active Directory),
  • the connection to the virtualization platforms (Virtual Box or VMware) and the storage infrastructure,
  • the assignment of users to desktops,
  • the pools where the virtual desktops resides on the platform.

Oracle VDI Web-admin GUI

For the more advanced features the SysAdmin has the possibility to access the underlying Solaris system and use CLI-commands or inspect log-files. Most likely, the SysAdmin desktop device or laptop is connected to a management network and he logs into the Oracle VDI server using the SSH-protocol.

I always find it useful to add another access mechanism for the SysAdmin. This is typically needed when you want to support the end-user at his desk in his office and want fast access to the Oracle VDI server to troubleshoot for example. I configure a smart-card which offers me a regular Solaris desktop on the Oracle VDI server (note: this is unsupported for end-users in the VDI model, but IMHO fine for limited use for SysAdmins).

Configuring the smart-card for Solaris access is very easy to do, a few CLI- commands on the Oracle VDI server while your smart-card is inserted in the Sun Ray DTU. First you discover your smart-card tokenID with utsession -l (in my case it is MicroPayflex.500406f700130100), you register the smart-card with utuser -a in the Sun Ray server data-store and then you override the standard smart-card policy with utkioskoverride -s regular for this smart-card tokenID:

    # utsession -l
      Configuration for token ID 'MicroPayflex.500406f700130100':
      encryptUpType=ARCFOU
      encryptDownType=ARCFOUR
      authenticateUpType=DSA
      authenticateDownType=simple
      securityMode=hard
      clientAuthenticationMode=soft
      clientKeyStatus=unconfirmed
      clientKeyID=5f368b597f32fd5944229e5a676add14
      terminalCIDs=IEEE802.0021281506de
    # utuser -a "MicroPayflex.500406f700130100,,,jaap,"
      Added one user.
    # utkioskoverride -s regular -r MicroPayflex.500406f700130100
      The session type has been successfully changed. Please note that changes
      will only take effect the next time a session is started for the specified
      token
    # utsession -t MicroPayflex.500406f700130100 -k
    # 

The last CLI-command utsession kills your current Sun Ray session (the one with the Oracle VDI Desktop Login screen) and returns with a regular Solaris Desktop login as shown in the picture below.

Solaris Desktop Login screen

The utkioskoverride is a very powerful CLI-command. One of the Sun Ray engineers has written a nice blog about Using different Kiosk Sessions for different tokens. Recommended to read if you need some more flexibility in Kiosk configuration settings.

About

I post here hands-on examples which I have used in my Oracle VDI Desktop Virtualization projects at customers and partners.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today