[SunRay-Users] Customizing firmware for SunRay DTUs?
jub at sun.com
Tue Mar 23 17:49:39 EET 2010
Torsten Kasch schrieb:
> we are currently in the process of redesigning our SunRay infrastructure and
> need to switch from a dedicated interconnect setup to a "remote shared
> subnet" setup for technical and administrative reasons. In the new setup we
> will neither have control over the DHCP parameters provided to the DTUs nor
> the DNS name space so we cannot easily configure the list of SunRay and
> firmware servers for the DTUs.
> It would be really nice if there were some kind of mechanism that allows us to
> generate a custom firmware that either
> - contains a fixed list of (names or addresses) of SunRay and/or firmware
> servers to contact, or
The closest to this is probably downloading a config file (with a
password to prevent user tampering) using the GUI firmware.
BTW: Even if you could create such a firmware, you still would need to
point the DTUs to the server where they get that firmware.
There is no way to create modified firmware nor to make a DTU load a
config file for the GUI setup automatically for security reasons. This
would make it relatively easy to trick a whole population of DTUs into
downloading a malicious configuration or firmware - and it would be very
hard to detect and fix that situation when it happens.
> - issues DNS queries for the full qualified names sunray-servers.my.domain
> and/or sunray-config-server.my.domain.
How is that different from what the DTUs actually do? Of course the DTU
needs to know the domain first - either via DHCP or via GUI config. But
then it does query for sunray-config-servers.my.domain for
firmware/parms server and later it queries for sunray-servers.my.domain,
if it hasn't found a session server list in the parms file.
If you have DHCP servers that interfere by serving Sun Ray parameters,
then they take precedence over the fixed names.
See <http://blogs.sun.com/ThinkThin/entry/sun_ray_provisioning> for more
detail, if you weren't aware of it.
> Deploying the "GUI firmware" and configuring each DTU manually works
> fine but isn't really an option for 250+ terminals. Apart from that
> it really seems attractive to not have a settings menu where a user
> might (accidentally or intentionally) misconfigure the device.
See above. With config file download you can automatically provision a
password. You will need to actively perform the download. But even with
firmware or automatic configuration download you would need to point the
units to the right firmware server first.
> Equipped with such a firmware, the DTUs spread across the campus would be
> really "zero-admin" devices for us.
> So the question is: does anyone know if it is possible to get/buy such a
> toolset that allows to create a custom firmware? Of course other hints to
> achieve the same result are welcome as well... :-)
It is not possible to get/buy/create a toolset that creates modified
- Jörg Barfurth
More information about the SunRay-Users