[OpenIndiana-discuss] Vnc to mimic SunRay behaviour, how??

[Jim Klimov]

On 2013-02-28 18:15, DormitionSkete at hotmail.com wrote:
> Dear Mr. Albertsson,
>
> I'm not sure you understand what LTSP is.  It's basically an xorg (or whatever) connection into the server, along with goodies like the ability to use USB sticks, printers, scanners, and some other devices, including SCSI, Serial, and Parallel port devices, on the workstations.

Sunrays are basically the same thing, with overall about a dozen client
models made by Sun and some of its licensees, with a special protocol
which allows to pass usb-over-ip, smartcard auth, and quite importantly
session hot-seating (what Hans wants to achieve with VNC) - when you
walk to another "desktop unit", you pull your smartcard from the old
DTU; then put it into a new one - and your session pops up there, same
as it was. It can live on the server for months, and you can access it
in turns from dozens of locations, often from work office and then from
home (over internet and optional VPN).

One substantial technological benefit is that they have no OS in its
usual understanding - just a firmware several hundred kilobytes big.
This is a very little attack surface. As their blog stated, some of
their competitors issued about a hundred security patches for their
thin client OSes which were embedded/scaled-down variants of "real"
OSes. Sunrays' firmwares over their history (over a decade by that
time) had just 4 issues, two of which were caught in engineering
labs before public release. It is also signed by vendor's key, also
embedded into (Sun or OEM) DTU's chip, so that only the original
firmware (including that vendor's updates) would install and boot.
(This might be an unsolvable problem with DTUs bought off eBay,
though non-Sun lines are quite rare).

All in all, this is a wonderful product, but rather pricey with both
hardware (comparable to low-end desktop computers and now laptops)
and software licenses. Real end prices are subject to haggling with
the vendor/distributor, but there's only so much lower they can get.
Now, however, many models are sold off on Amazon/eBay or even given
away for "you pay the postage for 50 boxes", so you might look around
on the sun-rays mailing list for occasional hints. Getting the legit
software and firmware is now the key problem, with pricing for the
required right-to-use licenses and support from Oracle. Often, the
support price is the reason why companies get rid of deployments
that served well for years.

Also, there are no moving parts (not even a power switch on many
models), so there's almost nothing to break, short of scratching
off the contacts in the smartcard reader. For many deployments
(working with text documents, programming, browsing) even the early
90's models of DTUs are still sufficient and they still work, too.
All upgrades are needed (and possible) only on the server side.
Compare with the PC's recommended turnaround of about 3 years ;)

One problem with the solution is that it is essentially a networked
keyboard-video-mouse-usb-smartcard extension to the server's GUI
sessions. The DTUs are intentionally low-power (including processing
power) and while recent models are built on respectable modern CPUs
and graphics co-processors, it took a few years for the software team
to embed into the protocol (and firmwares) support for pass-through
of some codecs so that they render on the client, faster (IIRC).
And this (last when I checked) worked only for passthrough from
Windows desktops with the sunray client (uttsc), not with Solaris
or Linux desktops which failed to be a big market. So the good
tech was mostly a "proxy" for Windows RDP (TS or VDI) farms.

HTH,
//Jim Klimov