The Policy tab (under the Advanced tab) enables the definition of high-level access rules either for users with smart cards or for users without smart cards (the latter automatically take advantage of pseudo-tokens, see Tokens help page). For example, you can allow only users with registered smart cards (tokens) to access Sun Ray sessions. Or, you might or might not want to allow users to self-register their tokens.
Some check boxes or radio buttons in the Admin GUI are enabled or disabled, based on your selections, to prevent invalid policies from being specified.
Additional settings that, may be offered, depending on your operating system and Sun Ray Server Software configuration, include:
Kiosk Mode: If Kiosk Mode functionality has been installed and configured on your system, you can enable (or disable) this mode for all DTUs connected to the failover group. You can override this group-wide default for individual tokens (see Tokens help page).
Non-smart card mobility (NSCM): This functionality allows mobile sessions for users without relying on smart cards. This feature is available only on the Solaris operating system.
By default all users must pass an authentication dialog when hotdesking, i.e., upon reconnection to an existing session using any DTU on their network. After successful authentication, the Sun Ray DTU is connected directly to the user's session. This security policy feature, called remote hotdesking authentication (RHA) can be turned off if desired. This allows to bypass the Sun Ray authentication and enables direct session access, but may weaken the system security.
Note – Changes to system policy require a Cold Restart of Sun Ray services.