Friday Nov 13, 2009

Sun System configurator available

Ever wanted to build your own custom configuration for Sun servers?  Find that the Sun store provides a limited set of preconfigured systems?  Try the Sun Desktop system Configurator. It allows you to build supported configurations of Sun servers, disk, tape, desktop systems and racks.  With a completed configuration you can export to a CSV file that opens in OpenOffice or Excel with standard list pricing.  You can then send this configuration to your favorite Sun reseller for a discounted pricing quote.

It is a Java Webstart Application that support multiple OS platforms that run Java 1.6.  Click on the link and the application will start on your desktop.  

Wednesday Jul 02, 2008

Using your Mac as a Sun Ray server

Like most System Engineers at Sun, I'm often called upon to demonstrate Sun's technology especially Solaris 10 and Sun Ray thin clients.  In the past, demonstrating Sun Rays meant bringing a customer into our Sun office OR setting up a network server and device at the customer's location. 

To make this much easier, I decided to follow the example of others and turn my Sun issued MacBook Pro into a Sun Ray server.  As a result of this configuration, I can set two devices on my customer's desk with only one ethernet cord and no power cords (have to keep those batteries charged) to display the power of the Sun Ray thin client.  I also have a configuration (thanks to Matt) the provides a multi-level Solaris environment via Solaris 10 Trusted Extensions along with the ability to display an MS Windows desktop using Win2003 running in a separate virtual machine on the same Mac.  Very Cool!

To do this I needed:

Here's how I did it:

  • Install Solaris 10 using VMware Fusion and these settings.
    • 1024 MB of RAM
    • Bridged networking
  • Install the Solaris 10 Entire Distribution
  • Configur the Solaris IP address as
  • Download the Sun Ray Server Software (it's free)
  • unpack the downloaded tar image, this creates a directory srss_4.0
  • install the apache tomcat server.  In my case:
    • su
    • cd /opt
    • tar xvf /Documents/srss_4.0/Supplemental/Apache_Tomcat/apache-tomcat-5.5.20.tar
    • mv apache-tomcat-5.5.20 apache-tomcat
  • install Sun Ray Server Software

    • cd ~jlaurent/Dcouments/srss_4.0
    • ./utinstall  (installs the Sun Ray server tools in /opt/SUNWut)
  • patchadd 127554-02
  • reboot
  • PATH=$PATH:/opt/SUNWut/sbin
  • Use utadm to add the subnet as a shared Sun Ray network.  Make sure to choose the option to offer IP addresses.
 # utadm -A
### Configuring /etc/nsswitch.conf
### Configuring Service information for Sun Ray
### Disabling Routing
  Selected values for subnetwork ""
    net mask: 
    no IP addresses offered
    auth server list:
    firmware server:
  Accept as is? ([Y]/N): n
  new netmask: []
  Do you want to offer IP addresses for this subnet? (Y/[N]): y
  new first Sun Ray address: []
  number of Sun Ray addresses to allocate: [10]
  auth server list:
To read auth server list from file, enter file name:
Auth server IP address (enter <CR> to end list):
If no server in the auth server list responds,
should an auth server be located by broadcasting on the network? ([Y]/N):
  new firmware server: []
  new router: []
  Selected values for subnetwork ""
    net mask: 
    first unit address:
    last unit address:
    auth server list:
    firmware server:
  Accept as is? ([Y]/N): y
### Configuring firmware version for Sun Ray
### Successfully enabled tftp for firmware downloads
        All the units served by "sunray" on the
        network interface, running firmware other than version
        "4.0_127553-02_2008." will be upgraded at their next power-on.

### Configuring Sun Ray Logging Functions
### Turning on Sun Ray LAN connection

NOTE: utrestart must be run before LAN connections will be allowed

DHCP is not currently running, should I start it? ([Y]/N): y
  • utrestart -c
  • utconfig

Configuration of Sun Ray Core Services Software

This script automates the configuration of the Sun Ray Core Services
software and related software products.  Before proceeding, you should
have read the Sun Ray Core Services 4.0 Installation Guide and filled
out the Configuration Worksheet.  This script will prompt you for the
values you filled out on the Worksheet.  For your convenience, default
values (where applicable) are shown in brackets.

Continue ([y]/n)? y
Enter Sun Ray admin password:
Re-enter Sun Ray admin password:

Configure Sun Ray Web Administration? ([y]/n)?
Enter Apache Tomcat installation directory [/opt/apache-tomcat]:
Enter HTTP port number [1660]:
Enable secure connections? ([y]/n)?
Enter HTTPS port number [1661]:
Enter Tomcat process username [utwww]:
Enable remote server administration? (y/[n])?

Configure Sun Ray Kiosk Mode? (y/[n])? y

Enter user prefix [utku]:

Enter group [utkiosk]:

Enter userID range start [150000]:

Enter number of users [25]:
Configure this server for a failover group? (y/[n])?
About to configure the following software products:

Sun Ray Data Store 3.0
    Hostname: sunray
    Sun Ray root entry: o=utdata
    Sun Ray root name: utdata
    Sun Ray utdata admin password: (not shown)
    SRDS 'rootdn': cn=admin,o=utdata

Sun Ray Web Administration hosted at Apache Tomcat/5.5.20
    Apache Tomcat installation directory: /opt/apache-tomcat
    HTTP port number: 1660
    HTTPS port number: 1661
    Tomcat process username: utwww
    Remote server administration: Disabled

Sun Ray Core Services 4.0
    Failover group: no
    Sun Ray Kiosk Mode: yes

Sun Ray Kiosk Mode 4.0
  User name prefix:   utku
  Base user ID:       150000
  Number of accounts: 25
  Kiosk group name:   utkiosk
  Kiosk group ID:     auto

Continue ([y]/n)? y
Updating Sun Ray Data Store schema ...
Updating Sun Ray Data Store ACL's ...
Creating Sun Ray Data Store ...
Restarting Sun Ray Data Store ...
Starting Sun Ray Data Store daemon .
Wed Jul  2 11:02 : utdsd starting

Loading Sun Ray Data Store ...
Executing '/usr/bin/ldapadd -p 7012 -D cn=admin,o=utdata' ...
adding new entry o=utdata
adding new entry o=v1,o=utdata
adding new entry utname=sunray,o=v1,o=utdata
adding new entry utname=desktops,utname=sunray,o=v1,o=utdata
adding new entry utname=users,utname=sunray,o=v1,o=utdata
adding new entry utname=logicalTokens,utname=sunray,o=v1,o=utdata
adding new entry utname=rawTokens,utname=sunray,o=v1,o=utdata
adding new entry utname=multihead,utname=sunray,o=v1,o=utdata
adding new entry utname=container,utname=sunray,o=v1,o=utdata
adding new entry utname=properties,utname=sunray,o=v1,o=utdata
adding new entry cn=utadmin,utname=sunray,o=v1,o=utdata
adding new entry utname=smartCards,utname=sunray,o=v1,o=utdata
adding new entry utordername=probeorder,utname=smartCards,utname=sunray,o=v1,o=utdata
adding new entry utname=policy,utname=sunray,o=v1,o=utdata
adding new entry utname=resDefs,utname=sunray,o=v1,o=utdata
adding new entry utname=prefs,utname=sunray,o=v1,o=utdata
adding new entry utPrefType=resolution,utname=prefs,utname=sunray,o=v1,o=utdata
adding new entry utPrefClass=advisory,utPrefType=resolution,utname=prefs,utname=sunray,o=v1,o=utdata

Added 18 new LDAP entries.

Creating Sun Ray Core Services Configuration ...
Adding user account for 'utwww' (ut admin web server user) ...done
Sun Ray Web Administration enabled to start at system boot.
Starting Sun Ray Web Administration...
See /var/opt/SUNWut/log/utwebadmin.log for server logging information.

Unique "/etc/opt/SUNWut/gmSignature" has been generated.

Restarting Sun Ray Data Store ...
Stopping Sun Ray Data Store daemon
Sun Ray Data Store daemon stopped
Starting Sun Ray Data Store daemon .
Wed Jul  2 11:02 : utdsd starting
Adding user admin ...
User(s) added successfully!

Creating new Sun Ray Kiosk Mode configuration ...

Validating new user ids.
Validating new user accounts.
Creating kiosk group utkiosk
Configuring new kiosk user accounts:
25 users configured

The current policy has been modified.  You must restart the
authentication manager to activate the changes.
Configuration of Sun Ray Core Services has completed.  Please check
the log file, /var/adm/log/utconfig.2008_07_02_11:01:42.log, for errors.

In MacOS

  • Apple Menu > System Preferences > Network
  • Location > Edit Locations
  • Click the '+' Sign to create a new location and name it.
  • Click on Ethernet
  • Configure Manually
  • IP address
  • Netmask
  • Click Apply
  • Turn your Airport Wireless connection OFF. (This appears to interfere with the networking path to Solaris)

Connect the Sun Ray device directly to the Mac with a single ethernet cord.  No hub required.

If you have done this correctly, when you power on the Sun Ray device it will get an IP address from Solaris and display a login screen.

Access the Sun Ray web based management tool by pointing your browser to http://localhost:1660

Tuesday Apr 01, 2008

Solaris 10 receives DoD IPv6 certification

Solaris 10 has become the first Unix or Linux Operating System to receive IPv6 Certification from the DoD Joint Interoperability and Test Command (JITC).  JITC is the DoD organization responsible for validating products for use in the US DoD.  This most recent certifcation of Solaris for IPv6 standards extends our earlier IPv6 logo certification performed at the University of New Hampshire Interoperabity Lab.

Solaris is the ONLY product currently listed in the "Advanced Server" Category.  Testing was completed on SPARC as well as x86/x64 platforms.

Why should you care?

Sun's continuing commitment to standards in support of the Federal Government means that our customers will be able to move quickly into their transition to the next generation of the internet.

If you'd like to try out Solaris 10 or our next generation of Solaris, known as Solaris Express, they are both available via free downloads and include free right-to-use license.  If you are not sure of the difference between the various Solaris editions, please see my earlier blog entry.

Wednesday Dec 19, 2007

Trip Report: DoD Open Conference sponsored by AFEI

Last week I attended:

3rd Annual DoD Open Conference
Sponsored by AFEI in McLean VA.  December 11-12th
Sun Attendees:  Jim Laurent, Tom Syster, Bill Vass (Keynote speaker) Paul Tatum

This is an annual conference attended by government, industry and consultants (Mitre/IDA) to discuss open source technology, open systems and open development methodologies.  Approximately 100 people in attendance.  The President and COO of Sun Federal Bill Vass was one of the keynote speakers.

It's clear from attending this conference again (this is my third time) that there is no avoiding the use of open source tools in the Federal Government.  Whether it is something as simple as glassfish and openssh or more advanced technologies like the UltraSPARC T1 and T2 processors, open source is everywhere in the DoD.

Nick Guertin, Directory Open Arch. PEO IWS Navy

Discussed the Navy's open architecture designed to achieve modularity, interoperability, standards compliance.
Discussed business issues and licensing issues around open source

Mark Tolliver, President of Palamida SW.  (formerly of Sun Micro)

Palamdia delivers auditing and compliance software that compares your software build to existing DB of open source projects providing you with an audit of which OSS you are using, there versions etc.

His experience in code analysis indicates that most projects consist of 30-50% open source components.  Many of these are often found to be below rev and have security vulnerabilities.  Most projects have 50% to 300% MORE OSS than they think they do.

Primary message:  Control your SW supply chain through:
    Compliance (his SW can help, of course)

Mentioned Solaris/OpenSolaris

Bill Vass discussed the value of OSS and Sun's use of it.

OSS is unstoppable because of:
    Security benefits
    No vendor lockin

Bill reviewed Sun's strong position in the open source communities and our benefits derived from open sourcing Solaris, Glassfish, OpenOffice etc.  Handed out complete JES CD kits to all attending.  (Sun was a platinum sponsor for the conference.)

He then lead a panel for Q and A including Dewey Houck of Boeing and Bob Gourley, former CIO of DIA.  Intelligence agencies a big proponent of open source.  There was active participation from the audience.

I received feedback from several people during the breaks at the Sun table that they didn't know Sun was so active and aggressive in the OSS community.

Terry Bollinger ASD/NII discussed open Source Governance including:

Evaluation of OSS
    Creating policy

Don Adams of Tibco discussed their Open AJAX toolkit known as Bossie.

Eric Pugh of OpenSource Connections discussed the use of the "Agile Methodology" and open source development for thePathFinder program, NGIC and GCGS-A.

Chris Runge of Red Hat provided two case studies of how open source technologies allowed something to happen that was "impossible otherwise."

NSA dev of SE Linux being incorporated into productions OSes such as RHAT and Suse.  First MLS OS that is part of the standard OS distribution

Real-time Linux enhancements working with IBM, and DDG-1000 (aka DDX program) in the Navy.
RHEL 4 + Real time kernel + IBM RT Java + Blade servers

Coming Soon:  Red Hat MRG = RHEL 5.1 = Messaging toolkit + Real time + Grid technologies
Important in financial/trading communities

Nick Weatherby of the Open Source Software Initiative discussed how industry is trying to facilitate OSS adoption by working with Government.

Created Government Technology Task Force to help accelerate and clear out obstancles in standards, procurement, legal issues.  Working with DISA, DoNavy, Army, AF, OSD, JFCOM, DHS, Justice, etc

Example:  FIPS 140-2 validation of the Open SSH libraries

working on IAVA security validation and Common Criteria process for Open Source

Ball Aerospace rep provided a case study of how they took a GeoSpatial toolkit developed for the government through the process of putting it on a public open source project.  Goal was to increase adoption of their framework thereby increasing their bus. oppty for consulting services.
Obstacles included ITAR approvals, Legal, internal politics, ownership issues.

Ed Beck of CSC in NJ

discussed how they used open source modules to reduce costs and increase speed in their deployment of an AEGIS missile update for Display console and systems management tools
Display console now 60% open source based
Sys. Mgt. tools now 40% OSS based

#1 issue was licensing.  DoD is very sensitive about the fact that using the GPL license might mean giving away technology to the bad guys.  Tools used included tcl/tk, Flex/Bison, XPM, Mozilla, etc

BG Gen. Nick Justice of the US Army

discussed value and benefit of OSS in the DoD including acceleration of mission apps, lower cost, increased security etc.  Mentioned Red Hat several times.  FBPC2 is a huge RH deployment.  Future Combat System (FCS) is apparently also going to RHEL.

General Justice is a very engaging and entertaining speaker.  By all means, if you get a chance to here him speak, do it.  He is one of the few high level military people who runs Linux on is laptop.

Andre Boisvert of Pentaho SW (formerly at Oracle, IBM and SAS institute)

Discussed how he had worked at various proprietary, closed source companies and has invested money in 3 new ventures using only open source.
OSS provides:
    Better Code
    Faster innovation
    Self policing of quality, security
Pentaho provides OSS business intelligence including ETL, OLAP etc
Zenoss provides OSS Systems management based on Python
Compiere for OSS ERP SW
Described OSS as a "disruptive force in the SW industry."

KS Shanker of IBM Federal

discussed the security aspects of open source and how he took the linux community through the Common Criteria eval process even though they didn't think it mattered originally.

David Wheeler of Institute for Defense Analysis discussed the security aspects of OSS
Vendor lockin = a security problem.
Open design is a fundamental in creating a secure systems
"Would the Trojan Horse have worked if it had been made of glass?"

Not ALL OSS is secure:
    Developers need to have security skills
    Needs to be widely used and reviewed
    Problems must be fixed on demand when found.

When I asked him when IBM was going to release its huge software portfolio (Tivoli, z-OS, ClearCase, AIX, WebSphere) to the open source community, he responded by pointing out that Websphere has incorporated Apache as its web server.  That sound to me like taking from the OSS community rather than giving.

Booz Allen Hamilton rep discussed the use of an Open Source Security Test Methodology.

Tuesday Nov 27, 2007

U.S. Navy saves money with Sun Ray thin clients

If you've never heard of our Sun Ray thin client technology, you are missing the opportunity to save some real money while increasing your data security. You can read more about Sun Ray thin clients in my previous blog entry.  You don't have to believe me, however, see for yourself how the Navy's Integrated Warfare Systems Laboratory deployed 270 Sun Rays.

Some of the benefits they experienced include:

  • Improved performance over previous X terminal solution
  • Exceeded capabilities of existing, aging solution
  • Provided a solution that complied with security requirements
  • Reduced client deployment time by 80%
  • Simplified maintenance, updating only four servers instead of hundreds of desktops
  • Reduced cost per client by 50% to approximately $500 with a savings of about $500 per client

Why should you care?

Saves you money.  Enough said! 


Jim Laurent is an Oracle Sales consultant based in Reston, Virginia. He supports US DoD customers as part of the North American Public Sector hardware organization. With over 17 years experience at Sun and Oracle, he specializes in Solaris and server technologies. Prior to Oracle, Jim worked 11 years for Gould Computer Systems (later known as Encore).


« August 2016