Sun VDI 3 - What is it about - Directory Integration

Name a customer who is not using a directory service. There are barely any. In the Sun VDI 2 world there hasn't really been an integration with the directory world. Simple identifier have been used, that happen to match with an user ID in a directory. Things changed with Sun VDI 3:


A directory is now a key element of the Sun VDI story. Basically, without a directory binding it is not possible to assign a user to a desktop. And here we focus primarily on Active Directory being dominant in the Windows world. In addition we support Sun's LDAP directory. Other directories might need some manual intervention and are not covered out of the box or we simply don't know at this point.

200902090829.jpg

Main purpose for the binding to the directory is to identify the entities that should get access to a desktop in one way or the other. Entities are users and user groups. Sun VDI 3 has a predefined understanding of what a user and a user group is. This understanding is identical to the one implemented in Secure Global Desktop (SGD). Besides the fixed definition of a user or a user group we have a custom query mechanism for LDAP similar to the one found in SGD.

Next to entities from the directory we have also included tokens into the list of managed objects. Tokens are the IDs of a smartcard or the ID of a Sun Ray Desktop Unit (DTU). You may ask, why is this included into a VDI solution. Sun Ray Server Software provides this feature as well.

Quick answer to that question is, Sun VDI 3 targets to be a self-contained solution that can be used by various clients, where one - a prominent one, of course - is the Sun Ray. Managing in this context the relationship between a smartcard, a user and a desktop is a core functionality that should be in one place and not spread around various places.

Effectively this gives an administrator a number of choices:

  • Assignment of a user to an individual desktop
  • Assignment of a user to a pool
  • Assignment of a user group or custom query to a desktop or pool
  • Assignment of a token to a user - so when you stick in your card, the desktop(s) of a user are presented to the user.
  • Assignment of a token to a desktop or a pool - this allows to have different smartcards for a desktop or to assign a DTU to a desktop, which is then more or less acting like a real PC.
Another nice thing about having this all in one place is the fact, that it should be fairly easy to combine an Identity Management solution with management of virtual desktops. You can easily imagine that on-boarding of people can imply the assignment of a smartcard to a user and a user to a desktop. The reverse applies to the off-boarding. And in-between identity management can provide all means of user self service, like requesting a restart of a stuck VM, asking for an additional VM etc ... This in combination with the management of application access is a very strong value proposition. If you have more interest on how an Identity management integration looks like, please contact Paul Walker from the Sun Identity Management group.
Well, that's it in on the directory integration. At least on the surface ;-) Give it a try with the current public Early Access Program and let me know what you think about.
Cheers, Dirk
« previous | next »
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This one is about VDI, Sun Ray, SGD and sports, in particular basketball, and any combination of it. And of course other interesting stuff.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today