3.3. Configuring Oracle Solaris 11 Trusted Extensions

3.3.1. How to Configure Sun Ray Software on Oracle Solaris 11 Trusted Extensions

This section provides the procedure that needs to be done when using Sun Ray Software on Oracle Solaris 11 Trusted Extensions. For more information, refer to the Oracle Solaris 11 Trusted Extensions Configuration and Administration Guide.

Oracle Solaris 11 uses zones to permit multiple virtualized operating system environments to coexist in a single instance of Oracle Solaris 11, allowing processes to run in isolation from other activity on the system for added security and control. Sun Ray Software is supported only in the global zone.

Based on your Sun Ray environment, perform the following procedure as root from ADMIN_LOW (global zone).

3.3.1. How to Configure Sun Ray Software on Oracle Solaris 11 Trusted Extensions

This procedure is required to configure Sun Ray Software on Oracle Solaris 11 Trusted Extensions. The labeled zone named public is used in examples throughout this procedure.

  1. Become root from ADMIN_LOW (global zone).

  2. Configure the following Multilevel ports for the global zone.

    1. Run the txzonemgr script:

      # txzonemgr
    2. Choose Global Zone > Configure Multilevel Ports > Add MLP-shared-tcp

    3. Add the following Multilevel ports:

      • 4120 - Smart card service daemon (pcscd)

      • 6000-6050 - Xserver ports (if more than 50 sessions are needed, increase this port range accordingly.)

      • 7007 - Session manager daemon (utsessiond)

      • 7010 - Authentication manager daemon (utauth-cb)

      • 7012 - Data store daemon (utds)

      • 7014 - Windows connector daemon (uttscpd)

      • 7015 - Audio daemon

  3. If you are providing Windows remote desktops through the Windows connector, enable access to each system through the labeled zone:

    1. Add an entry for each Windows system to the /etc/security/tsol/tnrhdb file:

      windows-IP:labeled-zone 
      

      The following example enables access to a Windows system with an IP address of 10.178.231.24 from the public zone:

      10.178.231.24:public           
    2. Restart network services:

      # svcadm restart tnctl  
  4. (Optional) For TLS peer verification to work, make sure the CA certificates to be trusted are available under the /etc/sfw/openssl/certs folder in each labeled zone.

  5. Loopback mount the following directories and applications for each labeled zone. The following example shows how to do this for the public zone.

    Note

    Setting up a loopback mount for libmlib.so and libmlib.so.2 is required only for SPARC-based Sun Ray servers

    # zoneadm -z public halt
    # zonecfg -z public
    
    zonecfg:public> add fs
    zonecfg:public:fs> set dir=/opt/SUNWut
    zonecfg:public:fs> set special=/opt/SUNWut
    zonecfg:public:fs> set type=lofs
    zonecfg:public:fs> end
    zonecfg:public> add fs
    zonecfg:public:fs> set dir=/etc/opt/SUNWut
    zonecfg:public:fs> set special=/etc/opt/SUNWut
    zonecfg:public:fs> set type=lofs
    zonecfg:public:fs> end
    zonecfg:public> add fs
    zonecfg:public:fs> set dir=/usr/lib/libpcsclite.so
    zonecfg:public:fs> set special=/usr/lib/libpcsclite.so
    zonecfg:public:fs> set type=lofs
    zonecfg:public:fs> end
    zonecfg:public> add fs
    zonecfg:public:fs> set dir=/usr/lib/libpcsclite.so.1
    zonecfg:public:fs> set special=/usr/lib/libpcsclite.so.1
    zonecfg:public:fs> set type=lofs
    zonecfg:public:fs> end
    zonecfg:public> add fs
    zonecfg:public:fs> set dir=/etc/opt/SUNWuttsc
    zonecfg:public:fs> set special=/etc/opt/SUNWuttsc
    zonecfg:public:fs> set type=lofs
    zonecfg:public:fs> end
    zonecfg:public> add fs
    zonecfg:public:fs> set dir=/opt/SUNWuttsc
    zonecfg:public:fs> set special=/opt/SUNWuttsc
    zonecfg:public:fs> set type=lofs
    zonecfg:public:fs> end
    zonecfg:public> add fs
    zonecfg:public:fs> set dir=/usr/lib/libmlib.so
    zonecfg:public:fs> set special=/usr/lib/libmlib.so
    zonecfg:public:fs> set type=lofs
    zonecfg:public:fs> end
    zonecfg:public> add fs
    zonecfg:public:fs> set dir=/usr/lib/libmlib.so.2
    zonecfg:public:fs> set special=/usr/lib/libmlib.so.2
    zonecfg:public:fs> set type=lofs
    zonecfg:public:fs> end
    zonecfg:public> exit
    
    # zoneadm -z public boot
  6. Reboot the Sun Ray server.

    # reboot