By supporting various network configurations, Sun Ray Clients and Oracle Virtual Desktop Clients can be deployed virtually anywhere, subject only to a sufficient quality of network service between the clients and the Sun Ray server. The most common and recommended configuration is a shared network, where the Sun Ray server and clients are part of a Local Area Network (LAN) or Wide Area Network (WAN) and where network services such as DHCP and DNS are already provided by existing servers. The default installation and configuration procedures in this document target this configuration.
A client subnet in a typical shared network configuration meets the following criteria:
DHCP services are available for Sun Ray Client's IP/network configuration (Sun Ray Clients can be individually configured for static addressing using the Configuration GUI on the Sun Ray Client).
DNS services are available to resolve the Sun Ray servers providing firmware (
sunray-config-servers) and the Sun Ray servers providing sessions (sunray-servers).The subnet must be able to route to the Sun Ray servers.
Sun Ray Clients can be behind a Network Address Translation (NAT) device, such as a router or firewall that implements NAT.
Sun Ray servers must not be behind a NAT device, such as a router or firewall that implements NAT.
A Sun Ray server requires both a fixed host name and a static IP address. A Sun Ray server cannot be a DHCP client.
Figure 2.1, “Shared Network Configuration Example” shows an example of using a shared network for a Sun Ray environment.
Given the topology, Sun Ray traffic on shared networks is potentially exposed to an eavesdropper. Modern switched network infrastructures are far less susceptible to snooping activity than earlier shared technologies, but to obtain additional security the administrator may choose to activate the client's encryption and authentication features. These capabilities are discussed in Chapter 11, Client-Server Security.
If you use the utsetup command for the installation, you are asked to configure the Sun Ray Software to support a shared network with external DHCP/DNS services.
Do you want to enable LAN access for Sun Ray clients at this time?
If you accept, the utsetup command runs the utadm -L on command to configure a shared network. See Section 3.2.1, “Using the utsetup Command” for more information.
Sun Ray Clients are able to provide a VPN solution for remote
users. The IPsec capability in the Sun Ray Client firmware
enables the Sun Ray Client to act as a VPN endpoint device. The
most commonly used encryption, authentication, and key exchange
mechanisms are supported, along with Cisco extensions that
enable a Sun Ray Client to interoperate with Cisco gateways that
support the Cisco EzVPN protocol. Sun Ray
Clients currently support IPsec VPN concentrators from Cisco and
Netscreen (Juniper).
For more information, see Chapter 14, Sun Ray Client Firmware.
Sun Ray Software supports arbitrary IP MultiPathing, or IPMP. IPMP provides failure detection and transparent network access failover for a system with multiple interfaces on the same IP link. IPMP can also provide load spreading of packets for systems with multiple interfaces.
This feature can be very useful on a Sun Ray server by increasing its network availability and performance. IPMP is supported only on Sun Ray servers running Oracle Solaris 10 in a shared network configuration (LAN with fully-routed subnets).
For more information about the IPMP feature in Oracle Solaris and how to configure it, see the System Administration Guide: IP Services manual.
When configuring IPMP, use the if_mpadm command to test NIC failure.
Sun Ray Software supports both the IPv4 and IPv6 internet protocols. By default, the Sun Ray Clients are configured for the IPv4 protocol. For the Sun Ray Clients to work with IPv6, you need to update the firmware configuration on each client with by using the Configuration GUI or remote configuration file. See Chapter 14, Sun Ray Client Firmware for more information.
The Sun Ray Software protocol is designed to operate well in conditions where other protocols would fail. However, if you detect sustained packet loss greater than 10 percent in the network, it may indicate other network problems. See Chapter 20, Performance Tuning for help.
Network latency between any Sun Ray client and its server is an important determinant of the quality of the user experience. The lower the latency, the better; latencies under 50 milliseconds for round trip delay are preferred. However, like familiar network protocols, the Sun Ray Client does tolerate higher latencies, but with degraded performance. Latencies up to 300 milliseconds provide usable, if somewhat sluggish, performance.
Sun Ray Clients can tolerate small occurrences of out-of-order packet delivery, such as might be experienced on an Internet or wide-area intranet connection. Current Sun Ray firmware maintains a reordering queue that restores the correct order to packets when they are received out of order.
The process used to reorder packets can handle up to eight packets in a row that are out of order. For example, if the packets arrive as 7, 6, 5, 4, 3, 2, 1, the reorder process will hold packets 2 through 7 until packet 1 arrives and then it will process the packets in the correct sequence. Typically, packets do not get out of order unless they are traveling over a complex wide area network. Most out-of-order packets occur when packets can travel over a choice of paths, and most corporate networks provide very few redundant paths for packets to be routed over.
