Sun Ray Software provides optional functionality to modify a Sun Ray Client's local configuration through a Graphical User Interface (GUI) tool. A Sun Ray Client's local configuration is checked first before using the configuration from the Sun Ray server, so this enables you to individually configure a Sun Ray Client's behavior at the local level.
Most of the firmware values are stored in the Sun Ray Client's flash memory. Certain control key combinations are used to invoke the Configuration GUI, which enables you to examine and set the local configuration values.
The Configuration GUI enables several features that require the ability to set and store configuration information on the Sun Ray Client itself, including:
Non-DHCP network configuration for standalone operation, when configuring local DHCP operation is impossible
Local configuration of Sun Ray specific parameters, such as server list, firmware server, MTU, and bandwidth limits
DNS servers and domain name for DNS bootstrapping
VPN configuration
802.1x configuration
IPsec configuration
The firmware server specified in a client's local configuration is
the default server used to provide configuration information for
download, such as certificate files, .pcf
files, the .parms
file, and configuration
files.
A security configuration repository is provided in a Sun Ray Client's firmware to store specific configuration files and certificates/keys for features such as VPN or 802.1x authentication. You can copy files to a firmware's repository through the file copy entry in a remote configuration file. See Table 14.3, “Remote Configuration File Key Values” for details.
Files stored in the firmware's repository are typed by the directory in which they are placed. The current directories and types are:
802.1x authentication
/certs
- X509 certificate files
/keys
- Public/private key files
/wpa
- wpa_supplicant configuration
files
IPsec
/ike/default.conf
- IKE configuration file (racoon
configuration file)
/preshared/keys
- Pre-shared key file (used when
authentication_method
statement set
to pre_shared_key)
VPN
/profiles
- Cisco VPN configuration
profiles (.pcf
files)
In addition to the files that you copy to the firmware's repository, other files may be created by some configuration operations.
Table 14.1, “Configuration GUI Main Menu Items” and Table 14.2, “Configuration GUI Advanced Menu Items” provide descriptions for the Configuration GUI menu items.
Press one of the following key combinations on a Sun Ray Client to open the Configuration GUI and display the main menu:
Stop-S or Ctrl-Pause-S
Stop-M or Ctrl-Pause-M
Some of the menus have an Exit entry, but the Escape key always invokes one level higher than the current menu. Escape at the top level prompts for any changes to be saved or discarded. If changes have been written to the flash memory, the Escape key resets the Sun Ray Client.
Table 14.1. Configuration GUI Main Menu Items
Main Menu Item | Menu Item Descriptions |
---|---|
VPN Setup | Cisco EzVPN authentication model
|
802.1x Configuration |
Note: A certificate with a passphrase is not supported. |
VPN Profiles |
|
Certificates |
Note: A certificate with a passphrase is not supported. |
Servers |
|
Network |
|
TCP/IP |
|
DNS |
|
Authentication | Set if network connection requires a simple HTTP authentication before it can be used.
|
Security | Set password (lock configuration under password control) |
Status | Version (equivalent to Stop-V) |
Advanced | See below. |
Clear Configuration | Equivalent to Stop-C. |
Exit | Exit the Configuration GUI. |
Table 14.2. Configuration GUI Advanced Menu Items
Main Menu Item | Description |
---|---|
Download Configuration | Prompts for a server name and the file name of a remote configuration file to be downloaded from the server, in the form: [{tftp|http}://][ This field can be overwritten when selected. Pressing Return causes the corresponding remote configuration file to be read and the configuration values parsed and set on the client. For configuration values, see Table 14.3, “Remote Configuration File Key Values”.
The default transport used is TFTP and the default
port is the corresponding port for the transport, 69
for TFTP and 80 for HTTP. The default server is the
firmware server value in the local configuration (if
When using TFTP, the remote configuration file must be accessible from the server's TFTP home directory. When using HTTP, the remote configuration file must be located in or linked to the web server's document directory. |
Keyboard Country Code | A keyboard country code (keyboard map) that is applied to a keyboard that returns a country code of 0, for use with non-U.S. USB keyboards that do not report a country code. For the list of valid keyboard country code values, see Section 13.2.10, “Keyboard Country Codes”. |
Bandwidth Limit | The maximum amount of network bandwidth in bits per second that a given client will use. |
Session Disconnect (Stop-Q) | Enables or disables the ability to terminate a session by pressing Stop-Q. This feature is useful when you want to terminate a VPN connection and leave the Sun Ray in an inactive state. Pressing the Escape key after the session has terminated reboots the Sun Ray Client. |
Force Compression | Sets a tag sent from the Sun Ray Client to the Xserver telling it to enable compression regardless of available bandwidth. |
Lossless Compression | Disables the use of lossy compression for image data. |
Disallow utload |
Disables the ability to explicitly force a firmware
load into a Sun Ray Client. In this way, firmware can
be tightly controlled using
|
Force Full Duplex | Allows the Sun Ray Client to operate correctly when the network port that it is connected to does not auto-negotiate. In that case, the auto-negotiation results in the Sun Ray running at half duplex, which significantly impacts network performance. This setting allows the Sun Ray to operate with better performance in this situation. |
Enable Fast Download | If set, the Sun Ray Client uses the maximum TFTP transfer size if the TFTP server supports it. Over a high latency connection, this setting typically doubles the speed of firmware downloads. There are no disadvantages to enabling fast downloads on low latency LANs. This parameter is disabled by default and the transfer size is set at 512-byte packets. It is disabled by default for backwards compatibility with TFTP servers that might not support the more advanced protocol. If this parameter were on by default and a firmware download were to fail, there would be no way to recover. |
Power Off Timer |
Energy star power off feature for Sun Ray 3 Series
Clients. The value for the power off feature is in
minutes. The default power off time is 30 minutes. A
value of |
Enter Alternate STOP modifiers | Specifies an alternative combination of modifier keys to perform the same function as the Stop key on an Oracle keyboard or the Ctrl-Pause key sequence on a non-Oracle keyboard. By default, this alternative combination is Ctrl-Shift-Alt-Meta. See Section 13.2.2, “Sun Ray Client Hot Keys” for details. You can change Ctrl-Shift-Alt-Meta to any other combination of the same keys, but at least two of the keys must be used. For example, you can set this value to Ctrl-Alt or Meta-Ctrl-Shift. If this parameter is set to none, the alternative key combination is disabled. Note that the Meta key has different names on different keyboards: on a PC keyboard, it is the "Windows" key, and on a Mac keyboard, it is the "Command" key. |
Command Cache Size | Specifies the size, in Kbytes, of the command cache look-back buffer. This area is used to store a list of recent commands used by the firmware, and the commands are replayed from the cache if used again. The default value is 512 Kbytes, maximum value is 8192 Kbytes, and a zero value disables the command cache. |
Video |
|
Video input disable | Sun Ray 270 Client only. If set, turns off the input selector on the front of the client and locks the monitor so that it displays only the Sun Ray output. This feature prevents users from connecting a PC to the VGA video input connector on a client and using it as a monitor. |
To help avoid error-prone manual entry of local configuration data or to help configure a lot of Sun Ray Clients more quickly, you can use the Download Configuration menu item to download a pre-defined remote configuration file from a server via TFTP or HTTP.
The keywords shown in Table 14.3, “Remote Configuration File Key Values”
correspond to configuration values that can be set from the
Configuration GUI menus. To group items that are logically
related, some of the keywords take the form
family
.field
.
Table 14.3. Remote Configuration File Key Values
Key Values | Description |
---|---|
| You can copy configuration files and certificates/keys to the firmware's security
configuration repository by using a file copy entry. A file copy entry follows the
normal
For example, the file copy entry
|
VPN/IPsec Submenu | |
vpn.enabled | Enable toggle |
vpn.peer | Remote gateway name/IP address |
vpn.group | VPN group |
vpn.key | VPN key |
vpn.user | Xauth user |
vpn.passwd | Xauth password |
vpn.pin | PIN lock for use of user/passwd |
vpn.peertype | Cisco or Netscreen |
vpn.authtype | Xauth, Preshared, or Hybrid |
vpn.dhgroup | Diffie-Hellman group to use |
vpn.pfsgroup | PFS group to use |
vpn.lifetime | Lifetime of IKE connection |
vpn.ipsectime | Lifetime of IPsec connection |
vpn.dpdswitch | Dead peer detection |
vpn.killtime | Idle timeout value to drop VPN connection. |
DNS Submenu | |
dns.domain | Domain name |
dns.servers | Server list (comma-separated IP addresses) |
Servers Submenu | |
servers | Sun Ray server |
tftpserver | Firmware (TFTP) server |
loghost | Syslog host |
Security Submenu | |
password | Set administrator password |
Network Submenu | |
network |
Type of network ( |
TCP/IP Submenu | |
ip.ip | Static IPv4 address |
ip.mask | Static netmask |
ip.bcast | Static broadcast address |
ip.router | Static router |
ip.mtu | MTU |
ip.type |
IP address source ( |
TCP/IPv6 Submenu | |
ip.ip6 | Static IPv6 address |
ip.prefix | Static IPv6 prefix |
ip.router | Static router |
ip.mtu | MTU |
ip.type |
IP address source ( |
Advanced Submenu | |
kbcountry | Keyboard country code |
bandwidth | Bandwidth limit in bits per second. |
stopqon | Enable (1) or Disable (0) Stop-Q for disconnect |
compress | Force compression on when 1 |
lossless | Force use of lossless compression when 1 |
utloadoff | Disallow use of utload to force firmware download when 1 |
fastload | Force maximum TFTP transfer rate when 1 |
fulldup | Force full-duplex when 1 |
poweroff | Poweroff time in minutes |
stopkeys | Change alternate combination of keys used for Stop key |
cmdcachesize | Command cache size |
videoindisable | Disable input selector of Sun Ray 270 Client when 1 |
The format of the file is a set of
key
=value
lines, each terminated by a newline character, which are parsed
and the corresponding configuration items set (see the sample
file below). No whitespace is permitted. Key values are
case-sensitive and should be always lower case, as listed above.
Setting a keyword to have a null value results in the
configuration value being cleared in the local configuration.