Torsten Kasch schrieb:
Hi,
we are currently in the process of redesigning our SunRay infrastructure and
need to switch from a dedicated interconnect setup to a "remote shared
subnet" setup for technical and administrative reasons. In the new setup we
will neither have control over the DHCP parameters provided to the DTUs nor
the DNS name space so we cannot easily configure the list of SunRay and
firmware servers for the DTUs.
It would be really nice if there were some kind of mechanism that allows us to
generate a custom firmware that either
- contains a fixed list of (names or addresses) of SunRay and/or firmware
servers to contact, or
The closest to this is probably downloading a config file (with a
password to prevent user tampering) using the GUI firmware.
BTW: Even if you could create such a firmware, you still would need to
point the DTUs to the server where they get that firmware.
There is no way to create modified firmware nor to make a DTU load a
config file for the GUI setup automatically for security reasons. This
would make it relatively easy to trick a whole population of DTUs into
downloading a malicious configuration or firmware - and it would be very
hard to detect and fix that situation when it happens.
- issues DNS queries for the full qualified names sunray-servers.my.domain
and/or sunray-config-server.my.domain.
How is that different from what the DTUs actually do? Of course the DTU
needs to know the domain first - either via DHCP or via GUI config. But
then it does query for sunray-config-servers.my.domain for
firmware/parms server and later it queries for sunray-servers.my.domain,
if it hasn't found a session server list in the parms file.
If you have DHCP servers that interfere by serving Sun Ray parameters,
then they take precedence over the fixed names.
See <http://blogs.sun.com/ThinkThin/entry/sun_ray_provisioning> for more
detail, if you weren't aware of it.
Deploying the "GUI firmware" and configuring each DTU manually works
fine but isn't really an option for 250+ terminals. Apart from that
it really seems attractive to not have a settings menu where a user
might (accidentally or intentionally) misconfigure the device.
See above. With config file download you can automatically provision a
password. You will need to actively perform the download. But even with
firmware or automatic configuration download you would need to point the
units to the right firmware server first.
Equipped with such a firmware, the DTUs spread across the campus would be
really "zero-admin" devices for us.
So the question is: does anyone know if it is possible to get/buy such a
toolset that allows to create a custom firmware? Of course other hints to
achieve the same result are welcome as well... :-)
It is not possible to get/buy/create a toolset that creates modified
firmware.
Regards
- Jörg Barfurth
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
