Secure Global Desktop 4.31 Administration Guide > Applications, documents and hosts > Configuring client drive mapping

Configuring client drive mapping

To give users access to the drives or file systems on their client device from UNIX, Linux or Microsoft Windows applications running through Secure Global Desktop, you have to:

1. Install the Sun Secure Global Desktop Enhancement Module on your application servers and configure the application servers for client drive mapping.
2. Enable client drive mapping.
3. Configure which drives you want users to access from Secure Global Desktop.

Configuring UNIX and Linux application servers

1. Install the Sun Secure Global Desktop Enhancement Module for UNIX/Linux.

   The Secure Global Desktop Installation Guide has details of how to install the Enhancement Module. The Secure Global Desktop Release Notes lists the supported platforms for Enhancement Module.

   Note By default, the Enhancement Module is installed in /opt/tta_tem. If you install it in a different location, you must edit the /opt/tarantella/var/serverresources/expect/vars.exp Expect script and amend the ttatdmclexe variable with the correct location.

2. Configure the Network File System (NFS) share (export) that will be used for client drive mapping.

   You must have an NFS server installed and running on the application server. The NFS server must share (export) a directory that will be used for client drive mapping. By default, the directory is /smb. You have to manually create and export this directory. The share must be accessible to localhost and users must have read and write access to it. Consult your system documentation for details of how to configure an NFS server and export a directory.

   You can specify an alternative NFS share in the client drive mapping configuration file, /opt/tta_tem/etc/client.prf. Edit the [nfsserver/mount/mountpoint={(/smb)}] setting to reflect the name of the share.

3. Start the client drive mapping processes, using the /opt/tta_tem/bin/tem startcdm command.

Configuring how drives are displayed

When client drive mapping is enabled, the user's client drives or file systems are available by default in the My SGD drives directory in the user's home directory. The My SGD drives directory is a symbolic link to the NFS share that is used for client drive mapping.

You can configure the name and location of the symbolic link by adding one or more of the following settings to the client drive mapping configuration file, /opt/tta_tem/etc/client.prf:

• [nfsserver/user/symlinkname={(symlink)}]

  The name of the symbolic link. Default: My SGD Drives

  For example, to change the name of the symbolic link to Client Shares, add the following line to the configuration file:
  [nfsserver/user/symlinkname={(Client Shares)}]

• [nfsserver/user/symlinkdir={(dir)}]

  The directory where the symbolic link is created. Default: $HOME

  For example, to create the symbolic link in the /tmp directory, add the following line to the configuration file:
  [nfsserver/user/symlinkdir={(/tmp)}]

  The directory can also be specified using environment variables. The variables you can use are controlled by the nfsserver/user/envvars setting.

  For example, to create the symbolic link in the /tmp/username directory, add the following line to the configuration file:
  [nfsserver/user/symlinkdir={(/tmp/$USER)}]

• [nfsserver/user/envvars={(var)...}]

  The list of environment variables that can be used when specifying the directory where the symbolic link is created. Default: (USER)(HOME)(LOGNAME)

  Enclose each variable in parentheses. Do not include the dollar sign ($) before the variable name.

  The variables in the list replace the default variables.

  For example, to be able to use the HOME, USER, DISPLAY and TMPDIR variables, add the following line to the configuration file:
  [nfsserver/user/envvars={(HOME)(USER)(DISPLAY)(TMPDIR)}]

Note After making any changes to this file, you must restart the client drive mapping processes by running the /opt/tta_tem/bin/tem stopcdm and /opt/tta_tem/bin/tem startcdm commands.

Configuring Microsoft Windows application servers

1. Install the Sun Secure Global Desktop Enhancement Module for Windows.

   The Secure Global Desktop Installation Guide has details of how to install the Enhancement Module. The Secure Global Desktop Release Notes lists the supported platforms for Enhancement Module.

2. (Optional) Reconfigure the application server's drives.

   By default, the application server's drives are also listed when users access their client drives from a Windows application. If you want Windows client users to see familiar drive letters, such as drive A for their client's floppy drive, you can configure the application server to remap its drive letters or hide its drives.

Note Client drive mapping is only available for Windows application objects that are configured to use the Microsoft RDP Windows Protocol.

Enabling client drive mapping on the Secure Global Desktop server

1. On the Array properties panel in Array Manager, check Let Users Access Client Drives.
2. (Optional) Check Use WINS for better performance.
   Only enable WINS if either of the following is true:
   • Your Microsoft Windows application servers are on the same subnet as an array member.
   • Your Microsoft Windows application servers list an array member as a WINS server.
3. For Fallback drive, choose a drive letter and a direction.
   These settings are used if the desired drive letter is already allocated on a Microsoft Windows application server. When this happens, the first available fallback drive letter is allocated instead. By default, this is drive V, then drive U, then drive T, and so on.
4. Click Apply, and then exit.
5. Either restart all the Secure Global Desktop servers in the array or run the tarantella start cdm command on each array member.

After you enable client drive mapping, users must log out and log in again (start a new webtop session) to be able to access their client drives or file systems.

If you use another Server Message Block (SMB) server, such as Samba, on the same host as the Secure Global Desktop server, you will not be able to start the client drive mapping service as both services use port 139/tcp. To use client drive mapping, you must either disable the other SMB server or configure the host to allow more than one service to use port 139/tcp.

Configuring the drives available to Unix, Linux and Mac OS X clients

By default, users on Unix, Linux and Mac OS X clients have access to their home directory and this is mapped to a drive called "My Home".

Note The Java technology client does not support client drive mapping on UNIX, Linux and Mac OS X client platforms.

Users can configure which part of their client file system they can access from applications by editing the $HOME/.tarantella/native-cdm-config configuration file. This file is automatically created when either the Secure Global Desktop Client or the Native Client is installed. The file contains detailed instructions for users on how to create mapped drives.

The configuration file contains entries with the form <path> <type> <label> where:

• <path> is the absolute path name of the client file system.
• <type> is either unknown, fixed, floppy, cdrom or remote.
• <label> is the name that will be used in the application session.

Use a separate line for each drive and separate each of the fields with a space or a tab. If either the <path> or the <label> fields contains spaces or tabs, enclose the field in quotes.

You can use environment variables in the <path> or <label> fields. You delimit these with a dollar sign ($). To use a literal $, escape it with another $.

The following is an example configuration file:

[CDM]
$HOME$ fixed "My Home"
/tmp/$USER$ fixed Temp
"/mnt/win/My Documents" fixed "My Local Documents"
[/CDM]
    

Note Changes to the configuration file only take effect for new webtop sessions.

Configuring the drives available to Microsoft Windows clients

For Microsoft Windows clients, you configure the drives you want users to access with the Client Drive Mapping attribute for person objects, organizational unit objects and organization objects. Client drive mapping uses inheritance. You define access to client drives at an organization level, which you can override at an organizational unit level, and override again at a person object level. By default, users have

When a user logs in to a Secure Global Desktop server, information is gathered about the drives on the client device. For each available drive, the Client Drive Mapping attribute on the user's person object is checked. If there is no matching client drive configured, the parent organizational unit's Client Drive Mapping attribute is checked, and so on up the organizational hierarchy to the organization object.

If a match is found, then the associated access rights are granted for that drive, using the configured drive letter. If that drive letter is already in use on the application server, the Fallback Drive configured on the Array panel of Array Manager is used to determine the drive letter to use.

At each level you configure a number of drive mapping specifications. Each of these states a client drive letter, the access rights to that drive, and the application server drive letter to allocate. For example, you might specify that a user has read-write access to client drive A using application server drive Z. The first matching entry in the list is used, so make sure the most specific settings (for example, A or B) appear before more general settings (for example, All Drives).

Note Changes to client drive specifications only take effect for new webtop sessions.

Example

You want to disable access to all client drives for all users and then give only Ruby Port access to her PC's floppy drive.

To disable access to all client drives:

1. In Object Manager, display the properties for the o=Indigo Insurance object.
2. Click the Attributes tab and choose Client Drive Mapping from the list.
3. Change the row that specifies access for All Drives so that the Access Rights are None.
4. Click Apply.

To give Ruby Port access to her PC's floppy drive:

1. In Object Manager, display the properties for Ruby Port's person object.
2. Click the Attributes tab and choose Client Drive Mapping from the list.
3. Click New.
4. Specify the client drive.
   • For Client Drive, choose A: (the drive letter of Ruby's floppy drive) or R/W Removable (this matches all read-write removable drives, such as floppy drives).
   • For Access Rights, choose Read-write. This lets Ruby have full access the drive, as long as the floppy disk is not write-protected.
   • For Drive Letter, choose Same As Client. With this setting, client drive mapping services attempts to use the same drive letters on the application server as are used on the client device.
5. Click Apply.

Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.