3.1. Installation Overview

The Oracle VDI installation process itself can be fairly straightforward if proper attention is paid to pre-installation considerations such as:

The following table summarizes the most important pre-installation choices.

Table 3.1. Pre-installation Topics

Topic

More Information

Choosing the right operating system platform

Oracle VDI runs on Oracle Solaris and Oracle Linux. For ease of administration, it may make sense to use the operating system that IT staff find more familiar; however, please consider the following points:

  • Oracle VDI does not support Oracle Solaris Trusted Extensions.

  • For Sun Ray Software, there are some feature differences between Oracle Linux and Oracle Solaris platforms, see Feature Differences Between Oracle Solaris and Oracle Linux Platforms in the Sun Ray Software Administration Guide for details.

  • Oracle VDI has its own Role-Based Access Control (RBAC) scheme, unrelated to Oracle Solaris RBAC. To set up RBAC, see About Oracle VDI Role-Based Administration in the Oracle Virtual Desktop Infrastructure Administrator's Guide.

  • Oracle VDI does not support Security Enhanced (SE) Linux. Administrators who run Oracle VDI on Oracle Linux should disable the SE Linux mandatory access control function.

    In permissive mode, rules are not enforced, but incidents that violate rules are logged, and the logs may become flooded, so this mode is not recommended.

Choosing a virtualization platform (hypervisor)

Oracle VDI includes Oracle VM VirtualBox, which uses VRDP as the default virtualization platform. VirtualBox:

  • Enables Oracle Solaris and Oracle Linux as well as Windows desktops

  • Connects to desktops at the hypervisor level, which eliminates the need to open the operating system itself

  • Allows the use of multiple virtualization choices in parallel

Some customers already have VMware vCenter or Microsoft Hyper-V implementations in place, perhaps with customized security precautions configured. Oracle VDI supports the use of these products when customers find it appropriate; however, Oracle cannot be responsible for any security vulnerabilities incurred through the use of these hypervisors.

Choosing an external database model

Oracle VDI includes MySQL database software, but administrators can choose to use a different MySQL database, whether to utilize an existing database installation, to use a MySQL cluster as a database, or to get full control over security configuration of the database.

Choosing a User Directory

Make an account with appropriate privileges (read-only is enough) and a secure connection method available for Oracle VDI use.

Setting up a firewall

Review which ports must be open for Oracle VDI operation. Requirements depend on the network architecture and traffic segregation choices. See Firewall Ports and Protocols in the Oracle Virtual Desktop Infrastructure Administrator's Guide.

Accepting a randomly assigned primary host password

A randomly assigned password is normally more secure than one an administrator might choose; it is less likely to be mnemonic or to have been used before, and it is usually longer.

Determining administrative responsibilities

Determine in advance who shall initially be granted full administrative privileges, and specify one of these users as the initial primary administrator during Oracle VDI configuration.

The Oracle VDI configuration tool suggests an initial primary administrator. This is either the user that runs the configuration tool (if the user name can be determined) or the root account (if eligible). Do not accept the proposed default, unless it fits in with your administrative strategy.

In particular, it is generally not recommended to grant remote login and administration privileges to the root account.

After configuration is complete, you can make additional primary administration role assignments and also less privileged administration role assignments.

Assigning a range for user IDs

Assign a range of kiosk user IDs (user id range start) to avoid possible collisions with regular user IDs, for instance by making them a digit longer. This measure can prevent kiosk users from getting regular user or root privileges.