This section provides the procedure that needs to be done when using Sun Ray Software on Oracle Solaris 11 Trusted Extensions. For more information, refer to the Oracle Solaris 11 Trusted Extensions Configuration and Administration Guide.
Oracle Solaris 11 uses zones to permit multiple virtualized operating system environments to coexist in a single instance of Oracle Solaris 11, allowing processes to run in isolation from other activity on the system for added security and control. Sun Ray Software is supported only in the global zone.
Based on your Sun Ray environment, perform the following procedure as root from ADMIN_LOW (global zone).
This procedure is required to configure Sun Ray Software on
Oracle Solaris 11 Trusted Extensions. The labeled zone named
public
is used in examples throughout this
procedure.
Become root from ADMIN_LOW (global zone).
Configure the following Multilevel ports for the global zone.
Run the txzonemgr script:
# txzonemgr
Choose Global Zone > Configure Multilevel Ports > Add MLP-shared-tcp
Add the following Multilevel ports:
4120 - Smart card service daemon (pcscd)
6000-6050 - Xserver ports (if more than 50 sessions are needed, increase this port range accordingly.)
7007 - Session manager daemon (utsessiond)
7010 - Authentication manager daemon (utauth-cb)
7012 - Data store daemon (utds)
7014 - Windows connector daemon (uttscpd)
7015 - Audio daemon
If you are providing Windows remote desktops through the Windows connector, enable access to each system through the labeled zone:
Add an entry for each Windows system to the
/etc/security/tsol/tnrhdb
file:
windows-IP
:labeled-zone
The following example enables access to a Windows system
with an IP address of 10.178.231.24 from the
public
zone:
10.178.231.24:public
Restart network services:
# svcadm restart tnctl
(Optional) For TLS peer verification to work, make sure the
CA certificates to be trusted are available under the
/etc/sfw/openssl/certs
folder in each
labeled zone.
Loopback mount the following directories and applications
for each labeled zone. The following example shows how to do
this for the public
zone.
Setting up a loopback mount for
libmlib.so
and
libmlib.so.2
is required only for
SPARC-based Sun Ray servers
# zoneadm -z public halt # zonecfg -z public zonecfg:public> add fs zonecfg:public:fs> set dir=/opt/SUNWut zonecfg:public:fs> set special=/opt/SUNWut zonecfg:public:fs> set type=lofs zonecfg:public:fs> end zonecfg:public> add fs zonecfg:public:fs> set dir=/etc/opt/SUNWut zonecfg:public:fs> set special=/etc/opt/SUNWut zonecfg:public:fs> set type=lofs zonecfg:public:fs> end zonecfg:public> add fs zonecfg:public:fs> set dir=/usr/lib/libpcsclite.so zonecfg:public:fs> set special=/usr/lib/libpcsclite.so zonecfg:public:fs> set type=lofs zonecfg:public:fs> end zonecfg:public> add fs zonecfg:public:fs> set dir=/usr/lib/libpcsclite.so.1 zonecfg:public:fs> set special=/usr/lib/libpcsclite.so.1 zonecfg:public:fs> set type=lofs zonecfg:public:fs> end zonecfg:public> add fs zonecfg:public:fs> set dir=/etc/opt/SUNWuttsc zonecfg:public:fs> set special=/etc/opt/SUNWuttsc zonecfg:public:fs> set type=lofs zonecfg:public:fs> end zonecfg:public> add fs zonecfg:public:fs> set dir=/opt/SUNWuttsc zonecfg:public:fs> set special=/opt/SUNWuttsc zonecfg:public:fs> set type=lofs zonecfg:public:fs> end zonecfg:public> add fs zonecfg:public:fs> set dir=/usr/lib/libmlib.so zonecfg:public:fs> set special=/usr/lib/libmlib.so zonecfg:public:fs> set type=lofs zonecfg:public:fs> end zonecfg:public> add fs zonecfg:public:fs> set dir=/usr/lib/libmlib.so.2 zonecfg:public:fs> set special=/usr/lib/libmlib.so.2 zonecfg:public:fs> set type=lofs zonecfg:public:fs> end zonecfg:public> exit # zoneadm -z public boot
Reboot the Sun Ray server.
# reboot