alias token

An alias token enables a card owner to access the same Sun Ray session with more than one physical token. This can be useful, for example, when a user needs a duplicate smart card.


Automatic Multigroup Hotdesking. See regional hotdesking.


Authentication headers, used as part of an IPSec implementation.

authentication policy

The Authentication Manager, using the selected authentication modules, decides what tokens are valid and which users, as token owners, have access to the system and sessions.

authentication token

Although all tokens are used by the Authentication Manager to grant or deny access to Sun Ray sessions, this term usually refers to a user’s smart card token.


backplane bandwidth

Sometimes also referred to as switch fabric. A switch’s backplane is the pipe through which data flows from an input port to an output port. Backplane bandwidth usually refers to the aggregate bandwidth available amongst all ports within a switch.

barrier mechanism

To prevent clients from downloading firmware that is older than the firmware they already have, the administrator can set a barrier mechanism. The barrier mechanism symbol BarrierLevel is defined by default in the DHCP table of Sun Ray servers running version 2.0 or later of Sun Ray Server Software.


Bits per pixel.



Controlled Access Mode, also known as kiosk mode. As of SRSS 4.0, the CAM module has been replaced by a rewritten Kiosk module.

card reader

See token reader.

category 5

The most common type of wiring used in LANs. It is approved for both voice and data (at up to 100Mhz). Also called cat 5.


A common way to describe network services and the user processes (programs) of those services.

cold restart

Pressing the Cold Restart button terminates all sessions on a given server before restarting Sun Ray services. See restart.

cut-through switches

The switch begins forwarding the incoming frame onto the outbound port as soon as it reads the MAC address, while it continues receiving the remainder of the frame.



Dynamic Host Configuration Protocol, which is a means of distributing IP addresses and initial parameters to the DTUs.


A set of one or more system boards that acts as a separate system capable of booting the OS and running independently of any other board.


Sun Ray desktop units were originally known as Desktop Terminal Units.



Encapsulating Security Payloads, used as part of IPSec.


Physical and link-level communications mechanism defined by the IEEE 802.3 family of standards.

Ethernet address

The unique hardware address assigned to a computer system or interface board when it is manufactured. See MAC address.

Ethernet switch

A unit that redirects packets from input ports to output ports. It can be a component of the Sun Ray interconnect fabric.



The process of transferring processes from a failed server to a functional server

failover group

Two or more Sun Ray servers configured to provide continuity of service in the event of a network or system failure. Sometimes abbreviated as FOG.

filling station

When a client’s firmware is downgraded to an earlier version because it connects to a server running the earlier version, it needs to be connected to a filling station so that it can download newer firmware. For this purpose, a filling station can be any private network configured for Sun Ray services or any shared network in which the Sun Ray DHCP server is the only DHCP server.

firmware barrier

See barrier mechanism.


See failover group.


File Transfer Protocol. The name of the Internet protocol and the program used to transfer files between hosts.



Gigabit Ethernet.


Across a failover group.



Colloquial term for a screen, or display, or monitor, especially in a context where more than one is used in conjunction with the same keyboard and mouse, as in “multihead” feature.


The ability for a user to remove a smart card, insert it into any other DTU within a server group, and have the user’s session “follow” the user, thus allowing the user to have instantaneous access to the user’s windowing environment and current applications from multiple DTUs.

hot key

A pre-defined key that causes something to appear on your screen. A hot key is used to bring up the Settings screen on the Sun Ray DTU.


A property of a hardware component that can be inserted into or removed from a system that is powered on. USB devices connected to Sun Ray DTUs are hot-pluggable.


idle session

A session that is running on a Sun Ray server but to which no user (identified by a smart card token or a pseudo-token) is logged in.


Internet Key Exchange, a component of IPSec.

interconnect fabric

All the cabling and switches that connect a Sun Ray server’s network interface cards to the Sun Ray DTUs.


A collection of networks interconnected by a set of routers that enable them to function as a single, large virtual network.


The largest internet in the world, consisting of large national backbone nets (such as MILNET, NSFNET, and CREN) and myriad regional and local campus networks all over the world. It is a global collection of networks connecting a wide range of computers using a common protocol to communicate and share services.


Any network that provides similar services within an organization to those provided by the Internet but which is not necessarily connected to the Internet.

IP address

A unique number that identifies each host or other hardware system on a network. An IP address is composed of four integers separated by periods. Each decimal integer must be in the range 0-255 (for example,

IP address lease

The assignment of an IP address to a computer system for a specified length of time, rather than permanently. IP address leasing is managed by the Dynamic Host Configuration Protocol (DHCP). The IP addresses of Sun Ray DTUs are leased.


The Internet Protocol (Security) set of protocols seeks to secure IP communications by encoding data packets through authentication headers (AH) and encapsulating security payloads (ESP) and by providing a key exchange mechanism (IKE).


kiosk mode

Used interchangeably with CAM in earlier versions of SRSS. As of version 4.0, this module, now called Kiosk, has been completely rewritten.



Local Area Network. A group of computer systems in close proximity that can communicate with one another through some connecting hardware and software.

layer 2

The data link layer. In the OSI (Open Standards Interconnection) model, there are a total of seven layers. Layer 2 is concerned with procedures and protocols for operating the communication lines between networks as well as clients and servers. Layer 2 also has the ability to detect and correct message errors.

local host

The CPU or computer on which a software application is running.

local server

From the client’s perspective, the most immediate server in the LAN.


The process of gaining access to a computer system.

login name

The name by which the computer system knows the user.


MAC address

Media Access Control. A MAC address is a 48-bit number programmed into each local area network interface card (NIC) at the time of manufacture. LAN packets contain destination and source MAC names and can be used by bridges to filter, process, and forward packets. 8:0:20:9e:51:cf is an example of a MAC address. See also Ethernet address.


mobile token

If mobile sessions are enabled, a user can log into an existing session from different locations without a smart card, in which case the user name is associated with the session. This type of pseudo-token is called a mobile token.


For the purposes of the Sun Ray Server Software, the property of a session that allows it to follow a user from one DTU to another within a server group. On the Sun Ray system, mobility requires the use of a smart card or other identifying mechanism.


Authentication modules are used to implement various site-selectable authentication policies.


Maximum Transmission Unit, used to specify the number of bytes in the largest packet a network can transmit.


The process of enabling communication between Sun Ray servers over their Sun Ray network interfaces in a failover environment.


See head.


The process of transmitting multiple channels across one communications circuit.



See network address translation.


A set of names in which a specified ID must be unique.


Technically, the hardware connecting various computer systems enabling them to communicate. Informally, the systems so connected.

network address

The IP address used to specify a network.

network address translation

NAT. Network address translation typically involves the mapping of port numbers to allow multiple machines (Sun Ray DTUs in this case) to share a single IP address.

network interface

An access point to a computer system on a network. Each interface is associated with a physical device. However, a physical device can have multiple network interfaces.

network interface card

NIC. The hardware that links a workstation or server to a network device.

network latency

The time delay associated with moving information through a network. Interactive applications such as voice, video displays and multimedia applications are sensitive to these delays.

network mask

A number used by software to separate the local subnet address from the rest of a given Internet protocol address. An example of a network mask for a class C network is

network protocol stack

A network suite of protocols, organized in a hierarchy of layers called a stack. TCP/IP is an example of a Sun Ray protocol stack.


Network interface card.

non-smart card mobility

A mobile session on a Sun Ray DTU that does not rely on a smart card. NSCM requires a policy that allows pseudo-tokens.


See non-smart card mobility.



On-screen display. The Sun Ray DTU uses OSD icons to alert the user of potential start-up or connectivity problems.



Pluggable Authentication Module. A set of dynamically loadable objects that gives system administrators the flexibility of choosing among available user authentication services.

PAM session

A single PAM handle and run time state associated with all PAM items, data, etc.


A collection of files and directories that replace or update existing files and directories that prevent proper execution of the software on a computer system. The patch software is derived from a specified package format and can only be installed if the package it fixes is already present.


See authentication policy.

Pop-up GUI

A mechanism that allows the entry of configuration parameters for a Sun Ray DTU from the attached keyboard.


(1) A location for passing data in and out of a computer system. (2) The abstraction used by Internet transport protocols to distinguish among multiple simultaneous connections to a single destination host.

power cycling

Using the power cord to restart a DTU.


A Sun Ray session associated with a pseudo-token rather than a smart card token.


A user accessing a Sun Ray session without a smart card is identified by the DTU’s built-in type and MAC address, known as a pseudo-token. See token.


regional hotdesking

Originally known as Automatic Multigroup Hotdesking (AMGH), this SRSS feature allows users to access their sessions across wider domains and greater physical distances than was possible in earlier versions of SRSS. Administrators enable this feature by defining how user sessions are mapped to an expanded list of servers in multiple failover groups.


Sun Ray services can be restarted either from the utrestart command or with the Warm Restart or Cold Restart buttons on the GUI. A a cold restart terminates all Sun Ray sessions; a warm restart does not.


screen flipping

The ability to pan to individual screens on a DTU with a single head that were originally created by a multihead group.


A computer system that supplies computing services or resources to one or more clients.


For the purposes of the Sun Ray Server Software, any application that can directly connect to the Sun Ray DTU. It can include audio, video, X servers, access to other machines, and device control of the DTU.


A group of services associated with an authentication token. A session may be associated with a token embedded on a smart card. See token.

session mobility

The ability for a session to “follow” a user’s login ID or a token embedded on a smart card.

smart card

Generically, a plastic card containing a microprocessor capable of making calculations. Smart cards that can be used to initiate or connect to Sun Ray sessions contain identifiers, such as the card type and ID. Smart card tokens may also be registered in the Sun Ray Data Store, either by the Sun Ray administrator or, if the administrator chooses, by the user.

smart card token

An authentication token contained on a smart card. See token.

spanning tree

The spanning tree protocol is an intelligent algorithm that allows bridges to map a redundant topology and eliminates packet looping in Local Area Networks (LAN).

store-and-forward switches

The switch reads and stores the entire incoming frame in a buffer, checks it for errors, reads and looks up the MAC addresses, and then forwards the complete good frame out onto the outbound port.


A working scheme that divides a single logical network into smaller physical networks to simplify routing.


The naming convention for the earliest incarnation of the Sun Ray thin client used the stock symbol for Sun Microsystems (SUNW) plus the letters “ut” to stand for Unix Terminal. Similarly, Sun Ray-specific commands begin with the characters “ut”.



Transmission Control Protocol/Internet Protocol (TCP/IP) is a networking protocol that provides communication across interconnected networks, between computers with diverse hardware architectures and operating systems.

thin client

Thin clients remotely access some resources of a computer server, such as compute power and large memory capacity. The Sun Ray DTUs rely on the server for all computing power and storage.

timeout value

The maximum allowed time interval between communications from a DTU to the Authentication Manager.


The Sun Ray system requires each user to present a token, which the Authentication Manager uses to allow or deny access to the system and to sessions. A token consists of a type and an ID. If the user uses a smart card, the smart card’s type and ID are used as the token. If the user is not using a smart card, the DTU’s built-in type and ID (the unit’s Ethernet, or MAC, address) are used instead as a pseudo-token. If mobile sessions are enabled, a user can log into an existing session from different locations without a smart card, in which case the user name is associated with the session. A pseudo-token used for mobile sessions is called a mobile token. Alias tokens can also be created to enable users to access the same session with more than one physical token.

token reader

A Sun Ray DTU that is dedicated to reading smart cards and returning their identifiers, which can be associate with card owners (i.e. with users).

trusted server

Servers in the same failover group “trust” one another.



Uniform Resource Locator. A standard for writing a textual reference to an arbitrary piece of data in the World Wide Web (WWW). The syntax of a URL is protocol://host/localinfo where protocol specifies a protocol to use to fetch the object (such as HTTP or FTP), host specifies the Internet name of the host on which to find it, and localinfo is a string (often a file name) passed to the protocol handler on the remote host.


Universal Serial Bus.

user name

The name a computer system uses to identify a particular user. Under UNIX, this is a text string of up to eight characters composed of letters (a-z and A-Z), digits (0-9), hyphens (-), and underscores (_), for example, jpmorgan, jp_morg, jpm-888. The first character must be a letter.

user session

A session that is running on a Sun Ray server and to which a user (identified by a smart card token or a pseudotoken) is logged in.


See SUNWut.


virtual frame buffer

A region of memory on the Sun Ray server that contains the current state of a user’s display.


Virtual Private Network.


Virtual Local Area Network.


warm restart

See restart.

work group

A collection of associated users who exist in near proximity to one another. A set of Sun Ray DTUs that are connected to a Sun Ray server provides computing services to a work group.


X server

A process which controls a bitmap display device in an X window system. It performs operations on request from client applications.