[SunRay-Users] Customizing firmware for SunRay DTUs?

Joerg Barfurth jub at sun.com
Tue Mar 23 17:49:39 EET 2010 

Torsten Kasch schrieb:
> Hi,
> 
> we are currently in the process of redesigning our SunRay infrastructure and 
> need to switch from a dedicated interconnect setup to a "remote shared 
> subnet" setup for technical and administrative reasons. In the new setup we 
> will neither have control over the DHCP parameters provided to the DTUs nor 
> the DNS name space so we cannot easily configure the list of SunRay and 
> firmware servers for the DTUs.
> 

> It would be really nice if there were some kind of mechanism that allows us to 
> generate a custom firmware that either
> 
> - contains a fixed list of (names or addresses) of SunRay and/or firmware
>   servers to contact, or
> 

The closest to this is probably downloading a config file (with a 
password to prevent user tampering) using the GUI firmware.

BTW: Even if you could create such a firmware, you still would need to 
point the DTUs to the server where they get that firmware.

There is no way to create modified firmware nor to make a DTU load a 
config file for the GUI setup automatically for security reasons. This 
would make it relatively easy to trick a whole population of DTUs into 
downloading a malicious configuration or firmware - and it would be very 
hard to detect and fix that situation when it happens.

> - issues DNS queries for the full qualified names sunray-servers.my.domain
>   and/or sunray-config-server.my.domain.
> 

How is that different from what the DTUs actually do? Of course the DTU 
needs to know the domain first - either via DHCP or via GUI config. But 
then it does query for sunray-config-servers.my.domain for 
firmware/parms server and later it queries for sunray-servers.my.domain, 
if it hasn't found a session server list in the parms file.

If you have DHCP servers that interfere by serving Sun Ray  parameters, 
then they take precedence over the fixed names.

See <http://blogs.sun.com/ThinkThin/entry/sun_ray_provisioning> for more 
detail, if you weren't aware of it.

> Deploying the "GUI firmware" and configuring each DTU manually works 
> fine but isn't really an option for 250+ terminals. Apart from that
> it really seems attractive to not have a settings menu where a user
> might (accidentally or intentionally) misconfigure the device.
> 

See above. With config file download you can automatically provision a 
password. You will need to actively perform the download. But even with 
firmware or automatic configuration download you would need to point the 
units to the right firmware server first.

> Equipped with such a firmware, the DTUs spread across the campus would be 
> really "zero-admin" devices for us.
> 
> So the question is: does anyone know if it is possible to get/buy such a 
> toolset that allows to create a custom firmware? Of course other hints to 
> achieve the same result are welcome as well... :-)
> 

It is not possible to get/buy/create a toolset that creates modified 
firmware.

Regards

- Jörg Barfurth

More information about the SunRay-Users mailing list