Hello Matthew and Dave,
I agree that the settings are needed in some cases but I am wondering if
there isn't a better way to implement them.
These settings are mostly used for roaming Sun Rays outside the Sun Ray
"capable" networks (tadpole, naturetech, accutech laptops, sun ray at home).
Why would you want to give users access to these options within a Sun
Ray "capable" network?
Giving them access has some nasty side effects:
1. How will this impact your Service Level agreement?
2. You do need new helpdesk scripts for if there are problems with these
settings.
3. How do you remotely monitor to see if all the settings are correct?
Suppose you are a service provider, or an institution with more than
1000 Sun Rays deployed.
With former upgrades it was easy to upgrade. With this one, you turn
some control over to your users.
Shouldn't you at least have a choice?
And I don't belief in security by obscurity. Students and others will
find these settings eventually.
The choices Sun proposes now are:
1. go physically to every station and lock it or set it up to download a
centrally located config file.
2. create a config.MAC file in /tftpboot for every Sun Ray before you
upgrade or roll out a Sun Ray.
Both options will take more time and don't scale.
I would like it if Sun would put some more effort in tools or mandatory
profiles for central administration of these settings.
This will make it possible to lockdown Sun Rays on Sun Ray "capable"
network and still give roaming Sun Rays the opportunity to set there own
settings. That way SLAs can still be met and helpdesk scripts can stay
the same.
I hope some larger Sun Ray sites might want to give some feedback on
this to Sun as well.
Ivar
matthew wrote:
I agree that the feature is much needed for certain environments.
I can also see how it can lessen the security of the devices.
This is a tough one because I need that pop-up option in my environment.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Partington, David R
Mr (NGIT) USAIC&FH
Sent: Friday, May 18, 2007 1:36 PM
To: SunRay-Users mailing list
Subject: RE: [SunRay-Users] Sun Ray Server 4 Update 2 Open Beta
Importance: High
Ivar,
The Pop-up gui has been enabled in Tadpole Laptops since they came
out. We have 45 Tadpoles in a classroom enviroment and I don't know of any
student that has ever discovered the feature. I applaud Sun for making this
capability available. The benefits far exceed the risk. There are many ways
to control firmware delivery to DTU's. Also if you read the Admin guide. You
can remotely load all the configuration data. Below is a snippet from the
Admin and Installation Guide. Looks like Sun did their homework.
To help avoid error-prone manual entry of configuration data for deployments
where pre-configuration is required, you can use the Pop-up GUI to download
a configuration to a Sun Ray DTU from a file on a server via TFTP, as
indicated in FIGURE 7-7.
The following keywords correspond to configuration values that can be set
from Pop-up GUI menus (see "Pop-up GUI" on page 113). To group items that
are logically related, some of the keywords take the form <family>.<field>.
TABLE 7-4 Pop-up GUI Menu Configuration Values VPN/IPsec Submenu
vpn.enabled enable toggle vpn.peer remote gateway name/IP address vpn.group
VPN group vpn.key VPN key vpn.user Xauth user vpn.passwd Xauth password
vpn.pin PIN lock for use of user/passwd vpn.dhgroup Diffie-Hellman group to
use vpn.lifetime Lifetime of IKE connection
Dave
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ivar Janmaat
Sent: Friday, May 18, 2007 9:30 AM
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] Sun Ray Server 4 Update 2 Open Beta
I would like to advise any educational institution on this list to have a
close look at this new Pop-up GUI "feature".
In my opinion it is a very bad "feature" for "hostile" environments like
kiosk locations, classrooms and libraries.
Since I believe most Sun Rays are placed in this kind of environments I
would advice all of you to inform Sun about how this would effect your
upgrade cost. I was told by Sun that you have to visit every SunRay to set
the password on this Pop-up GUI or leave the configuration unlocked.
I think this will dramatically increase the cost of upgrading or
administration......
Please inform Sun about your thoughts on this.
Ivar
Bob Doolittle wrote:
Kurt Schreiner wrote:
Wow! What a security "feature"! If this will be the same in the
released version I'll have to stay with older SRSS and firmware as
long as possible and plan on migrating my SunRays ASAP to PCs or some
other ThinClients, but ones which have no <Please change my
configuration> "feature".
I really can't understand why anyone would render SunRays useless
with such a silly "feature"!
Like OttoM said yesterday, just complaining to this list about it does
little good. Complaining to the beta aliases would be much more
likely to have the effect you want - of changing this behavior before
the product is officially released.
-Bob
Disclaimer: opinions expressed here are my own, not my employer's
_______________________________________________
SunRay-Users mailing list
[email protected]
http://node1.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://node1.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://node1.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://node1.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://node1.filibeto.org/mailman/listinfo/sunray-users
