[OpenIndiana-discuss] Vnc to mimic SunRay behaviour, how??
DormitionSkete@hotmail.com
dormitionskete at hotmail.com
Thu Feb 28 19:47:25 UTC 2013
On Feb 28, 2013, at 12:20 PM, Jim Klimov wrote:
> On 2013-02-28 18:15, DormitionSkete at hotmail.com wrote:
>> Dear Mr. Albertsson,
>>
>> I'm not sure you understand what LTSP is. It's basically an xorg (or whatever) connection into the server, along with goodies like the ability to use USB sticks, printers, scanners, and some other devices, including SCSI, Serial, and Parallel port devices, on the workstations.
>
> Sunrays are basically the same thing, with overall about a dozen client
> models made by Sun and some of its licensees, with a special protocol
> which allows to pass usb-over-ip, smartcard auth, and quite importantly
> session hot-seating (what Hans wants to achieve with VNC) - when you
> walk to another "desktop unit", you pull your smartcard from the old
> DTU; then put it into a new one - and your session pops up there, same
> as it was. It can live on the server for months, and you can access it
> in turns from dozens of locations, often from work office and then from
> home (over internet and optional VPN).
>
> One substantial technological benefit is that they have no OS in its
> usual understanding - just a firmware several hundred kilobytes big.
> This is a very little attack surface. As their blog stated, some of
> their competitors issued about a hundred security patches for their
> thin client OSes which were embedded/scaled-down variants of "real"
> OSes. Sunrays' firmwares over their history (over a decade by that
> time) had just 4 issues, two of which were caught in engineering
> labs before public release. It is also signed by vendor's key, also
> embedded into (Sun or OEM) DTU's chip, so that only the original
> firmware (including that vendor's updates) would install and boot.
> (This might be an unsolvable problem with DTUs bought off eBay,
> though non-Sun lines are quite rare).
>
> All in all, this is a wonderful product, but rather pricey with both
> hardware (comparable to low-end desktop computers and now laptops)
> and software licenses. Real end prices are subject to haggling with
> the vendor/distributor, but there's only so much lower they can get.
> Now, however, many models are sold off on Amazon/eBay or even given
> away for "you pay the postage for 50 boxes", so you might look around
> on the sun-rays mailing list for occasional hints. Getting the legit
> software and firmware is now the key problem, with pricing for the
> required right-to-use licenses and support from Oracle. Often, the
> support price is the reason why companies get rid of deployments
> that served well for years.
>
> Also, there are no moving parts (not even a power switch on many
> models), so there's almost nothing to break, short of scratching
> off the contacts in the smartcard reader. For many deployments
> (working with text documents, programming, browsing) even the early
> 90's models of DTUs are still sufficient and they still work, too.
> All upgrades are needed (and possible) only on the server side.
> Compare with the PC's recommended turnaround of about 3 years ;)
>
> One problem with the solution is that it is essentially a networked
> keyboard-video-mouse-usb-smartcard extension to the server's GUI
> sessions. The DTUs are intentionally low-power (including processing
> power) and while recent models are built on respectable modern CPUs
> and graphics co-processors, it took a few years for the software team
> to embed into the protocol (and firmwares) support for pass-through
> of some codecs so that they render on the client, faster (IIRC).
> And this (last when I checked) worked only for passthrough from
> Windows desktops with the sunray client (uttsc), not with Solaris
> or Linux desktops which failed to be a big market. So the good
> tech was mostly a "proxy" for Windows RDP (TS or VDI) farms.
>
> HTH,
> //Jim Klimov
Well, if they're basically the same thing, then LTSP may not be a bad thing for Mr. Albertsson, and anyone else interested, to look at.
There is no thin client software to deal with, per se. The thin clients don't need an embedded OS. I know some thin client units that you see sold today have a Windows CE or Linux embedded OS. You don't need that at all with LTSP. I wouldn't know how you'd use it if you had it!
Most of our thin clients are old PC's. We'd take the hard drive out, as well as anything else we didn't want or need in the machine....
Since there's no embedded OS on the thin clients, there are no security issues to speak of with that part.
There are no licensing issues to deal with, either.
You don't need that smart card, either.
All of the software for LTSP is free.
It works on very inexpensive thin clients that have no fans or other moving parts, or on old repurposed PC's.
It is a well developed and mature project used with great success for many years all over the world.
If the SunRay clients won't PXE or Etherboot, you could probably put the boot image on a smart card, and boot it with that. I don't see why that wouldn't work.
Now, the LTSP part is only for the LAN. It won't work over the internet. But like I said, you can use NX or VNC for those kind of connections to the same server.
There really is no reason why it could not be made to run on OI, if a person wanted OI desktops for their users in a thin client situation.
HTH.
fp
More information about the OpenIndiana-discuss
mailing list