Security

Sun Ray Software allows administrators to enable traffic encryption between servers and DTUs. In addition, server authentication and client authentication can be enabled to further increase security and to prevent man-in-the-middle attacks. This feature is optional; the system or network administrator can configure it based on site requirements.

The security mode affects how Sun Ray servers behave if a DTU does not support the configured security settings. Soft security mode ensures that every DTU that requests a session gets one. If security requirements cannot be met by the DTU firmware, the session is still granted but is not secure. If hard security mode is selected and the security requirements cannot be met, the session is refused. There are separate security mode settings for encryption (this setting also subsumes server authentication) and client authentication. Security mode settings are only applied to connections from hardware Sun Ray DTUs. Connections from virtual desktop clients are always denied if the configured security requirements can not be met by the client.

You can also limit access to devices attached to DTUs. The Sun Ray system allows Sun Ray peripheral devices to be enabled or disabled on all DTUs connected to the failover group. This includes USB devices connected through USB ports, embedded serial ports, and the internal smart card readers of every DTU. By default, the above devices are enabled after Sun Ray Software installation. Sun Ray Software uses a customized protocol called scbus to exchange smart card transactions between a Sun Ray server and its clients. Previous to Sun Ray Software 5.3, there was only one version of the scbus protocol. With Sun Ray Software 5.3 and later, scbus version 2 can also be selected. This option is only available on Solaris Operating System and scbus version 1 is enabled by default. You can also enable copy and paste operations between an application running in an Oracle Virtual Desktop Client session and an application running on the client computer.

Much like the utcrypto and utdevadm commands, the Security tab (under the Advanced Tab) allows you to change security settings for the whole failover group.


Note - Changes to security settings require a Cold Restart of Sun Ray services.



Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices