Sun Ray Connector for Windows Operating Systems 2.0 Installation and Administration Guide

The Sun Ray Connector’s Kiosk Mode^[1] Session enables the administrator to set up groups of DTUs to access a restricted set of applications, typically in settings where users are expected to use only one application, or where security is an especially important consideration. In Kiosk Mode, the Sun Ray DTU behaves like a Windows Based Terminal, and users do not interact with the Solaris or Linux login.

The core components of the Kiosk Mode Session are:

• a Kiosk Session Service session descriptor (/etc/opt/SUNWkio/sessions/uttsc.conf)
• a Kiosk Session Service session script (/etc/opt/SUNWkio/sessions/uttsc/uttsc).

Added applications are not supported.

Session Descriptor

The session descriptor defines a number of attributes useful for the administration and launching of the session. These include the following:

For more details, see Session Script Arguments.

Session Script

The session script is responsible for launching the Sun Ray Connector. The script provides a simple wrapper on the Sun Ray Connector executable, /opt/SUNWuttsc/bin/uttsc.

A two-minute timeout is imposed on Windows sessions that remain at the Windows login screen. When this timeout elapses, the associated Windows session is terminated, and the Sun Ray Connector terminates subsequently. This can result in a user experience where, assuming no Windows login takes place, a desktop unit appears to reset every two minutes. To avoid this, the session script supports its own timeout, which affects its behavior when it detects that the Sun Ray Connector has terminated. If the timeout interval has not elapsed, the session script relaunches the Sun Ray Connector. If the timeout has elapsed, the session script terminates, and the Kiosk session also terminate as a result. The timeout may be specified as a session script argument. It has a default value of 30 minutes.

Session Script Arguments

A number of arguments are supported by the session script. These may be specified using the Sun Ray Admin GUI. The list of supported arguments may be split into Sun Ray Connector and non-Sun Ray Connector arguments. Sun Ray Connector arguments are not processed in any way by the session script and are simply passed directly to the Sun Ray Connector. Non-Sun Ray Connector arguments are processed by the session script itself.

The complete argument list should be formatted according to the following example:

[<Non Sun Ray Connector arguments>] [ "--" <Sun Ray Connector arguments>]

Non-Sun Ray Connector Arguments

Currently, only a single non-Sun Ray argument, -t, is supported. It is defined as follows:

-t <timeout> sets the value of a timeout interval (in seconds) after which the session script will terminate in the event of a Sun Ray Connector termination. If Sun Ray Connector terminates before the timeout has elapsed it will be restarted by the session script. The default value for <timeout> is 1800 (30 minutes). Values less than or equal to 0 indicate that the session script should never restart the Sun Ray Connector.

Sun Ray Connector Arguments

You may specify any valid uttsc arguments here. The -m and -b uttsc arguments are used by default. These arguments enable full-screen mode and disable the pull-down header respectively.

Installation and Configuration

The Sun Ray Connector Kiosk Session is installed automatically as part of Sun Ray Connector installation. The package name is SUNWuttsc-kio. With the Sun Ray Connector Kiosk Session is installed, the user no longer needs to specify the uttsc command.

To configure a Kiosk implementation for the Sun Ray Connector, follow the instructions in “Kiosk Mode” in the Sun Ray Server Software 4.0 Administration Guide. Select Predefined Descriptor, choosing Sun Ray Connector for Windows OS from the drop-down menu on the Kiosk Mode page, which is located under the Advanced tab in the Sun Ray Administration tool.

The user then must add session arguments to the Arguments field at the bottom of the same page (see Session Script Arguments). The minimal required argument is the host name, so the field content should have at least:
<myhost.mydomain>.com

A timeout option (-t <timeout>) can be added before the --, and further uttsc options can be added after the --. For example, the example line below specifies:

• a 10-minute timeout (specified in seconds) until the session is cycled if the user does not log in
• printer forwarding
• smart card redirection
• optimized SRWC hotdesking behavior


-t 600 -- -r printer:officelaser -r scard:on -O myhost.mydomain.com

FIGURE B-1 Selecting a Kiosk Session

Supplemental Information

Two features linked to Sun Ray Connector are commonly implemented at customer sites: Follow-Me-Printing and Windows Session Locking. Implementations of these features rely on technology not available by default and non-public Sun Ray interfaces as well as the use of certain public Sun Ray interfaces for purposes other than their intended use. For these reasons, these features are not provided as supported elements of this session; however, descriptions of how these features are commonly implemented are provided in the following sections.

Follow-Me Printing

This feature is used to allow the default printer for a given Windows session to appear to move with a user from one Sun Ray DTU to another. Use the following steps to provide this feature.

1. For each Sun Ray of interest, specify an associated printer in the Sun Ray Data Store.

This may be done by navigating to the relevant Desktop Unit in the Sun Ray Admin GUI and setting its Other Information field to the name of the relevant printer.

2. Provide a shell script which queries the printer name stored in the Sun Ray Data Store for the current Sun Ray DTU and writes that name to the user’s $HOME/.printers file.

For example:

#!/bin/sh
if [ ‘uname‘ = Linux ] ; then
 theFlag="-P"
fi
theMACAddress=‘cd $theFlag $UTDEVROOT ; /bin/pwd | sed ’s/.*‹............›/\1/’‘
thePrinter=‘/opt/SUNWut/sbin/utdesktop -o |
            grep $theMACAddress           |
            /usr/bin/awk -F, ’{print $3}’‘
echo "_default $thePrinter" > $HOME/.printers

3. Use utaction to invoke the script above on an initial connection and subsequently whenever a user moves from one Sun Ray DTU to another.

This can be done by providing an Xsession.d script if you are using dtlogin as your login manager or an xinitrc.d script if you are using Gnome Display Manager (GDM) as your login manager. For example, you might create the script /usr/dt/config/Xsession.d/1100.SUNWut for dtlogin or /etc/X11/xinit/xinitrc.d/1100.SUNWut for GDM as follows:

#!/bin/sh
/opt/SUNWut/bin/utaction -i -c <path-to-script> &

where <path-to-script> is the path to the script you created to retrieve the printer name.

4. Modify your Kiosk session script arguments to redirect the printer to Windows.

You may modify these arguments using the Sun Ray Admin GUI. In this example you need to add the argument -r printer:_default to the existing arguments, resulting in an argument list similar to the following:

 -t 1800 -- -m -b -r printer:_default myHost

where myHost corresponds to the server argument passed to uttsc.

Windows Session Locking

It may be preferable that a Windows session be locked when a user’s session moves away from a given Sun Ray DTU. A commonly used approach to implement this is to send the lockscreen keystrokes to the Windows Session using xvkbd (invoked by utaction).

As with the previous example, you may invoke utaction from an Xsession.d or xinitrc.d script as follows:

#!/bin/sh
XVKBD=/usr/openwin/bin/xvkdb
/opt/SUNWut/bin/utaction  -d "$XVKBD -text ’\Ml’" &

^{1 (Footnote) An earlier implementation of similar functionality was called Controlled Access Mode (CAM).}

Sun Ray Connector for Windows Operating Systems 2.0 Installation and Administration Guide

820-0419

Copyright © 2007, Sun Microsystems, Inc. All Rights Reserved.