The Sun Ray data store (admin) password is set to the password entered during Oracle VDI configuration. If no password is specified, a secure auto-generated password is used by default.

Sun Ray Software is prepared for use in a failover group, with a secure, auto-generated Sun Ray group signature. As further hosts are added to the Oracle VDI Center, they are added to the Sun Ray Software failover and replication group.

The Sun Ray Administration Tool (Admin GUI) is enabled and set up for remote HTTPS access. Administrator authentication is set up to use system authentication.

The system root account is added to the list of authorized Sun Ray administrators.

The fixed Sun Ray administrator admin account is removed.

Kiosk mode is configured with the Oracle VDI vda kiosk session type.

Kiosk mode is set up with the number of kiosk user accounts on each host specified during Oracle VDI configuration.

Sun Ray access policy is set up to use kiosk mode with all kinds of tokens and to allow access using the Oracle Virtual Desktop Client.

Session access is allowed for any client connecting via (routed) LAN.

Oracle VDI and Sun Ray Software services are running and accepting connections.

ALP encryption is set to default (off).

Oracle VDI and Sun Ray Software Manager user interfaces are running.

Administrator Password

If you accept the default for this setting, a random, automatically generated password is used. Typically, such a password is more secure than a password specified by a human operator. You do not need to know this password for normal Oracle VDI operation. Unless you have special requirements, it is recommended that you accept the automatically generated default.

If you later need direct access to the Oracle VDI database or to the Sun Ray Software data store, Oracle VDI provides methods to retrieve this password.

User ID Range Start

This setting defines the lowest number in a range of user IDs. The size of the range is determined by the Maximum Number of Sessions on This Host parameter. If you grow your installation, you may need to expand this range later.

Do not assign an ID in this range for any actual user. During initial configuration, this is verified and the range moved to higher numbers, if necessary, but this cannot easily be enforced for the future, if you use a central naming service, such as LDAP or NIS for your user accounts.

Specify this range so that it cannot collide with the range of user IDs you allocate for regular users, preferably by specifying a significantly higher number here.

Enable the Oracle VDI screen lock (see How to Enable Desktop Screen Locking on Sun Ray Clients).

Keep Oracle VDI authentication enabled (default), unless there is a strong reason to disable it.

# /opt/SUNWvda/sbin/vda settings-setprops -p clientscreenlock=Enabled

If authentication is disabled at the Oracle VDI level, then authentication must be enforced on the desktop OS.

# /opt/SUNWvda/sbin/vda settings-setprops -p clientauthentication=Enabled

Configure the session idle timeout to a reasonably low value (the default is 180 seconds, i.e., three minutes).

VDA kiosk session arguments: -t (timeout in seconds)

Keep the desktop logout always policy enabled (default).

# /opt/SUNWvda/sbin/vda settings-setprops -p client.logout.always=Enabled

If smart cards/tokens are used, they should be registered explicitly for the desired users, whether through the Sun Ray administration tool or through Oracle VDI administration.

Use the Sun Ray Software utcrypto CLI or the Sun Ray Web Admin tool to enable ALP encryption and server authentication (see Admin GUI Tools and Commands in the Sun Ray Software 5.3 Administration Guide).

Synchronize primary and secondary hosts.

Configure administrators and their roles.

Disable the Oracle VDI RDP Broker service, if it is not needed.

Use the Sun Ray Software utdevadm CLI to enable or disable device services as needed (see the utdevadm(1M) man page and How to Enable or Disable USB Services in the Sun Ray Software 5.3 Administration Guide).

Oracle VDI and Sun Ray Software services are running and accepting connections.

Oracle VDI and Sun Ray Software Manager user interfaces are running. The local root user can log into each management UI with full privileges.

Oracle VDI desktops are not configured and are not offered to connecting users.

ALP encryption is set to the default (off).

The Admin GUI is enabled and set up for remote HTTPS access.

The system root account is added to the list of authorized Sun Ray administrators (see Administrative Name and Password in the Sun Ray Software 5.3 Administration Guide). The fixed Sun Ray administrator admin account is removed.

The Sun Ray data store (admin) password is set to the password entered during Oracle VDI configuration. A secure auto-generated password is used by default.

Sun Ray Software is prepared for use in a failover group, with a secure, auto-generated Sun Ray group signature. As further hosts are added to the Oracle VDI Center, they are added to the Sun Ray Software failover and replication group.

Sun Ray access policy is set up to use kiosk mode for all kinds of access and to allow access using the Oracle Virtual Desktop Client with all kinds of tokens.

Kiosk mode is configured with the Oracle Virtual Desktop Infrastructure vda kiosk session type.

Kiosk mode is set up with the number of kiosk user accounts on each host specified during Oracle VDI configuration.

Session access is allowed for any client connecting over a routed LAN.