Sun Ray Server Software allows administrators to enable traffic encryption between servers and DTUs. In addition, server authentication and client authentication can be enabled to further increase security and to prevent man-in-the-middle attacks. This feature is optional; the system or network administrator can configure it based on site requirements.
The security mode affects how Sun Ray servers behave if a DTU does not support the configured security settings. Soft security mode ensures that every DTU that requests a session gets one. If security requirements cannot be met by the DTU firmware, the session is still granted but is not secure. If hard security mode is selected and the security requirements cannot be met, the session is refused. There are separate security mode settings for encryption (this setting also subsumes server authentication) and client authentication. Security mode settings are only applied to connections from hardware Sun Ray DTUs. Connections from Sun Desktop Access Clients are always denied if the configured security requirements can not be met by the client.
You can also limit access to devices attached to DTUs. The Sun Ray system allows Sun Ray peripheral devices to be enabled or disabled on all DTUs connected to the failover group. This includes USB devices connected through USB ports, embedded serial ports, and the internal smart card readers of every DTU. By default, all devices are enabled after Sun Ray Server Software installation.
Much like the utcrypto and utdevadm commands, the Security tab (under the Advanced Tab) allows you to change security settings for the whole failover group.
Note – Changes to security settings require a Cold Restart of Sun Ray services.