Secure Global Desktop Administration Guide > Applications, documents and hosts > Setting up and configuring client drive mapping

Setting up and configuring client drive mapping

Case study

Ruby Port keeps confidential information on Indigo Insurance staff on floppy disks rather than on the network. She wants to use her Webtop to access all her applications, including the applications she uses to update the confidential records. Ruby needs to be able to access her PC's floppy drive from applications that run through Secure Global Desktop.

Solution

1. You need to install the Sun Secure Global Desktop Enhancement Module for Windows on all Windows 2000/2003 application servers that Ruby uses. Log in to each application server as a user with administrative privileges, and use a web browser to download the Sun Secure Global Desktop Enhancement Module Setup program from:
   
   http://server.com/tarantella/cgi-bin/modules.cgi
   
   (where server.com is the name of a Secure Global Desktop server).
   
   Run the Setup program, and follow the instructions on your screen.
2. If you want, remap or disable the drives on the application server to free up the drive letters for use by client drive mapping services.
3. Log in to a Secure Global Desktop server as a Secure Global Desktop Administrator.
4. On your webtop, click Array Manager. If you've used Array Manager before, it appears just how you left it.
5. Open Array properties, and select Let Users Access Client Drives. Click Apply, and then exit Array Manager.

   Note If you use a product, such as Samba, that provides Windows file and print services on the same host as the Secure Global Desktop server, follow these instructions.

6. To enable drive mapping services for all new webtop sessions, either restart all Secure Global Desktop servers in the array (tarantella restart) or run the tarantella start cdm command on all members of the array.
7. On your webtop, click Object Manager. If you've used Object Manager before, it appears just how you left it.
8. By default, when client drive mapping is enabled all users are allowed read-write access to all client drives. This configuration is specified using the Client Drive Mapping attribute on the organization object, o=Indigo Insurance. In this example we only want to allow Ruby to access her client drives, so we need to change the o=Indigo Insurance object to allow no access, and then override this on Ruby's person object.
9. To disable access to all client drives by default: in properties for the o=Indigo Insurance object, click the Attributes tab and choose Client Drive Mapping from the list. Change the row that specifies access for All Drives so that the Access Rights are None, and then click Apply.
10. To override client drive access for Ruby: in properties for Ruby Port's person object, click the Attributes tab and choose Client Drive Mapping from the list. (Or if you want the settings to apply for everyone in the same organizational unit, change the Client Drive Mapping attribute for the OU object.) Click New, and fill in the details for the mapping:
    • For Client Drive, choose R/W Removable. This matches all read-write removable drives, such as floppy drives.
    • For Access Rights, choose Read-write. This lets Ruby have full access the drive, as long as the floppy disk is not write-protected.
    • For Drive Letter, choose Same As Client. With this setting, client drive mapping services attempts to use the same drive letters on the application server as are used on the client device: for floppy drives, usually drives A and B. If these drive letters are in use (if you haven't remapped or disabled the drives on the application server) then client drive mapping services will use the Fallback Drive settings to choose a drive letter.
11. Click Apply. The next time Ruby logs in to her webtop, she can access her PC's floppy drives from the Windows 2000/2003 applications she runs using Secure Global Desktop. If the Sun Secure Global Desktop Security Pack is in use then client drive reads and writes are encrypted between her client device and the Secure Global Desktop server she logs in to.
12. You can create other drive mappings if you want. The first matching entry in the list is used, so make sure the most specific settings for Client Drive (for example A or B) appear before more general settings (for example All Drives).

Next steps

• You can add more rows to the Client Drive Mapping attribute for a person, organizational unit or organization object to specify other drives to map.
• We recommend that you configure the Windows 2000/2003 application server to hide or remap its own drives, so the drive letters can be used for client drive mapping.
• You might want to enable WINS services across the array to improve performance issues.
• Find out how users on non-Windows client devices can use client drive mapping.

Copyright © 1997-2005 Sun Microsystems, Inc. All rights reserved.