Sun Ray, Smart Cards, and Citrix



Similar documents
Sun Management Center Change Manager Release Notes

Solaris 10 Documentation README

Sun StorEdge A5000 Installation Guide

Sun Management Center 3.6 Version 5 Add-On Software Release Notes

Sun StorEdge Availability Suite Software Point-in-Time Copy Software Maximizing Backup Performance

Solaris 9 9/05 Installation Roadmap

SunFDDI 6.0 on the Sun Enterprise Server

N1 Grid Service Provisioning System 5.0 User s Guide for the Linux Plug-In

Sun Cobalt Control Station. Using the LCD Console

Sun TM SNMP Management Agent Release Notes, Version 1.6

Sun Ray Connector for Windows OS, Version 2.1 Release Notes

Sun Management Center 3.6 Version 4 Add-On Software Release Notes

Distributed Application Management using Jini Connection Technology

Sun StorEdge Enterprise Backup Software 7.2

Sun Management Center 3.5 Update 1b Release Notes

Sun Management Center 3.0 Platform Update 4 Release Notes for Sun Fire 15K/12K Systems

Sun StorEdge RAID Manager Release Notes

Sun StorEdge network FC switch-8 and switch-16 Release Notes

Solaris Resource Manager

Upgrading the Solaris PC NetLink Software

Optimizing Solaris Resources Through Load Balancing

Sun Cluster 2.2 7/00 Data Services Update: Apache Web Server

Sun Enterprise Optional Power Sequencer Installation Guide

Sun Ultra TM. 5 and Ultra 10 Product Notes. Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, CA U.S.A.

Sun SNMP Management Agent Release Notes, Version 1.5.5

Sun Fire V20z Server Release Notes

Sun Fire B10n Content Load Balancing Blade Product Notes

A Strategy for Managing Performance

Service Level Definitions and Interactions

Sun Grid Engine Release Notes

Sun StorEdge Network FC Switch-8 and Switch-16 Release Notes

Sun Fire 6800/4810/4800/3800 Systems Firmware Release Notes

Comparing JavaServer Pages Technology and Microsoft Active Server Pages

RAID Controller PCI Card for the Sun Fire V60x and V65x Servers Release Notes

Using Linux mdadm Multipathing with Sun StorEdge Systems

SCSI Sense Key Error Guide

Scrubbing Disks Using the Solaris Operating Environment Format Program

Sun StorEdge N8400 Filer Release Notes

Solaris 9 Installation Roadmap

Service Level Agreement in the Data Center

Sun SM Remote Services Net Connect Solaris TM 9 4/04

Solaris Bandwidth Manager

Sun Ray Server Software 3 Release Notes

Sun Blade 150 CD-ROM, DVD-ROM, and Hard Drive Installation Guide

Sun Fire 15K/12K Dynamic Reconfiguration Installation Guide and Release Notes

Sun StorEdge T3 Dual Storage Array - Part 1

Sun Enterprise 420R Server Product Notes

Power Savings in the UltraSPARC T1 Processor

Brocade SilkWorm 4100 FC Switch Release Notes

Sun Blade 100 CD-ROM or DVD-ROM and Hard Disk Drive Installation Guide

Sun StorEdge SAN Foundation Release Notes

Rapid Recovery Techniques: Auditing Custom Software Configuration

Netra Data Plane Software Suite 2.0 Update 2 Release Notes

Java Dynamic Management Architecture for Intelligent Networks

LAN-Free Backups Using the Sun StorEdge Instant Image 3.0 Software

Exploring the iplanet Directory Server NIS Extensions

JumpStart : NIS and sysidcfg

Java Technologies for Interactive Television

Data Center Design Philosophy

Sun Fire V480 Server Product Notes

Disaster Recovery Requirements Analysis

SUN SEEBEYOND egate INTEGRATOR RELEASE NOTES. Release 5.1.1

Operations Management Capabilities Model

Sun N1 Service Provisioning System User s Guide for Linux Plug-In 2.0

Reducing the Backup Window With Sun StorEdge Instant Image Software

Sun Ultra 80 SCSI Cable Installation Guide

Start Here. Installation and Documentation Reference. Sun StorEdgeTM 6120 Array

Developing a Security Policy

Managing NFS Workloads

Veritas Storage Foundation 5.0 Software for SPARC

Service Level Management in the Data Center

Sun GlassFish Mobility Platform 1.1 Deployment Guide

Sun Blade 1500 Workstation Product Notes

HelloWorld SOAP Sample:

Important Note on New Product Names

Sun Blade 100 and Sun Blade 150 Workstations

Sun GlassFish Enterprise Manager SNMP Monitoring 1.0 Installation and Quick Start Guide

The UltraSPARC T1 Processor - High Bandwidth For Throughput Computing

Rapid Recovery Techniques: Exploring the Solaris Software Registry

Sun Fire 6800/4810/4800/3800 Systems Software Release Notes

Sun Fire 6800/4810/4800/ 3800 Systems Product Notes

Getting StartedWith Sun Java System Application Server 9.1 Update 2

Consolidation in the Data Center

Netra X4200 M2 Server Site Planning Guide

N1 Grid Engine 6 Release Notes

Sun Ray Server Software 4.0 Release Notes

Sun Blade 150 Product Notes

Brocade 5300 Switch Hardware Release Notes

Sharing NFS and Remote File Systems via Solaris PC NetLink Software

Automating Centralized File Integrity Checks in the Solaris 10 Operating System

Brocade 300 Switch Hardware Release Notes

Security and the Sun Java System Web Server

Sun GlassFish Enterprise Manager Performance Monitor 1.0 Getting Started Guide

Java Management Extensions SNMP Manager API

A Patch Management Strategy for the Solaris Operating Environment

ProjectWebSynergy Milestone 4 Release Notes

Sun ONE Grid Engine, Enterprise Edition Administration and User s Guide

Sun Java System Connector for Microsoft Outlook 7.2 Installation Guide

Sun StorEdge Instant Image 3.0 and Oracle8i Database Best Practices

How To Start A Glassfish V3 Application Server Quick Start (Windows) On A Microsoft Server (Windows 7)

Transcription:

Sun Ray, Smart Cards, and Citrix Enabling Sun Ray Smart Card Pass-through to Citrix Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. 650-960-1300 May 2004, Version 1.0

Copyright 2004 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents, and one or more additional patents or pending patent applications in the U.S. and in other countries. This document and the product to which it pertains are distributed under licenses restricting their use, copying, distribution, and decompilation. No part of the product or of this document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, Sun Ray, Sun WebServer, Sun Enterprise, Ultra, UltraSPARC, SunFastEthernet, Sun Quad FastEthernet, Java, JDK, HotJava, and Solaris are trademarks, registered trademarks, or service marks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. Netscape is a trademark or registered trademark of Netscape Communications Corporation. The OPEN LOOK and Sun Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun s written license agreements. Federal Acquisitions: Commercial Software Government Users Subject to Standard License Terms and Conditions. Use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth in the Sun Microsystems, Inc. license agreements and as provided in DFARS 227.7202-1(a) and 227.7202-3(a) (1995), DFARS 252.227-7013(c)(1)(ii) (Oct. 1998), FAR 12.212(a) (1995), FAR 52.227-19, or FAR 52.227-14 (ALT III), as applicable. DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Copyright 2004 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés. Sun Microsystems, Inc. a les droits de propriété intellectuels relatants à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et sans la limitation, ces droits de propriété intellectuels peuvent inclure un ou plus des brevets américains énumérés à http://www.sun.com/patents et un ou les brevets plus supplémentaires ou les applications de brevet en attente dans les Etats-Unis et dans les autres pays. Ce produit ou document est protégé par un copyright et distribué avec des licences qui en restreignent l utilisation, la copie, la distribution, et la décompilation. Aucune partie de ce produit ou document ne peut être reproduite sous aucune forme, parquelque moyen que ce soit, sans l autorisation préalable et écrite de Sun et de ses bailleurs de licence, s il y ena. Le logiciel détenu par des tiers, et qui comprend la technologie relative aux polices de caractères, est protégé par un copyright et licencié par des fournisseurs de Sun. Des parties de ce produit pourront être dérivées des systèmes Berkeley BSD licenciés par l Université de Californie. UNIX est une marque déposée aux Etats-Unis et dans d autres pays et licenciée exclusivement par X/Open Company, Ltd. Sun, Sun Microsystems, le logo Sun, Sun Ray, Sun WebServer, Sun Enterprise, Ultra, UltraSPARC, SunFastEthernet, Sun Quad FastEthernet, Java, JDK, HotJava, et Solaris sont des marques de fabrique ou des marques déposées, ou marques de service, de Sun Microsystems, Inc. aux Etats-Unis et dans d autres pays. Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc. Netscape est une marque de Netscape Communications Corporation aux Etats-Unis et dans d autres pays. L interface d utilisation graphique OPEN LOOK et Sun a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun reconnaît les efforts de pionniers de Xerox pour la recherche et le développment du concept des interfaces d utilisation visuelle ou graphique pour l industrie de l informatique. Sun détient une license non exclusive do Xerox sur l interface d utilisation graphique Xerox, cette licence couvrant également les licenciées de Sun qui mettent en place l interface d utilisation graphique OPEN LOOK et qui en outre se conforment aux licences écrites de Sun. LA DOCUMENTATION EST FOURNIE EN L ETAT ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L APTITUDE A UNE UTILISATION PARTICULIERE OU A L ABSENCE DE CONTREFAÇON.

Contents Overview 1 Software Requirements 2 Solaris Operating Environment 2 Sun Ray Server Software and Patches 2 Sun Ray PC/SC Bypass 3 Citrix Client 3 Microsoft/Citrix Server Components 3 Hardware Requirements 3 Sun Ray Requirements 4 Smart Card Requirements 4 Installation Notes 5 Configuring and Testing Citrix Smart Card Support 6 To Install and Configure Citrix ICA Client 6 Required Reading/Other Resources 10 iii

iv Book Title Month 2004

Enabling Sun Ray Smart Card Pass-through to Citrix This document is designed to help users configure the Sun Ray environment so that the smart card channel is available from the Citrix Server to the Sun Ray desktop. It covers the software required to establish this channel as well as how to install, configure, and test the feature. Note The information in this document supersedes the requirement for the PC/SC Lite package as listed in the Citrix Administrators Guide for UNIX ICA Clients in so far as it applies to Sun Ray configuration. NB: This is not applicable to other Sun workstations. Overview The primary (or out-of-the-box) function of smart cards in a Sun Ray environment is to provide session mobility via the hot desking feature of the Sun Ray Server and its clients, or desktop units (DTU). However, some smart cards, when combined with middleware, also enable the ability to provide strong, two-factor authentication for access control and the ability to digitally sign, encrypt, and decrypt files, email, etc. It is also possible to use Citrix MetaFrame XP to extend this functionality from the Sun Ray environment to a Windows environment. Citrix MetaFrame XP added smart card support in Feature Release 2 and enabled this support on the client side starting with the 6.30 version of ICA Client for Solaris /SPARC. 1

The end result is that a Sun Ray user can perform certain tasks in a Windows environment, including: PIN-based logins Digital signing, encrypting, and decrypting of email messages from Windowsbased email clients such as Microsoft Outlook. Note The configuration of Citrix and Windows servers and potential applications, including smart card middleware, to be smart card-aware is beyond the scope of this document; however, pointers are given where appropriate. Software Requirements The following software is required to ensure the proper operation of smart card pass-through from the Sun Ray DTU to the Citrix Server. Solaris Operating Environment The only Solaris requirements are those that are required by Sun Ray Server Software 2.0: Solaris 9 Update 1 or better with the latest Solaris Cluster Patch or Solaris 8 Update 7 or better with the latest Solaris Cluster Patch Sun Ray Server Software and Patches Sun Ray Server 2.0 http://wwws.sun.com/software/download/products/3e3af226.html Sun Ray Server Patch 114880-04 or later http://sunsolve.sun.com/pub-cgi/patchdownload.pl?target=114880&method=h 2 Sun Ray, Smart Cards, and Citrix May 2004

Sun Ray PC/SC Bypass Sun library to provide direct access to the Sun Ray smart card reader via the PC/SC API bypassing both the Open Card Framework (OCF) and the Solaris Card Framework (SCF). Package name is SUNWsrcbp.Use version 1.0_07 or later. Available from the Sun download center free of charge. http://www.sun.com/software/download/ Citrix Client Citrix ICA Client for Solaris/SPARC 6.30 or better. The current version as of this writing is 7.02. http://www.citrix.com/site/ss/downloads/details.asp?did= 2755&downloadID=3283#top Microsoft/Citrix Server Components Windows 2000 or 2003 with the latest Service Pack and Hot fixes Citrix MetaFrame XP (a, s, or e) FR2 or better See Using Smart Cards incitrix MetaFrame Advanced Concepts Guide http://support.citrix.com/servlet/kbservlet/download/2951-102- 9534/Feature_Release_3_Advanced_Concepts.pdf Smartcard Client software installed in Citrix Server (such as ActivCard or Netsign) Hardware Requirements The following hardware is required to ensure the proper operation of smart card pass-through from the Sun Ray DTU to the Citrix Server. Sun Ray thin client (No specific DTU model) Sun SPARC-based Server (i.e., Sun Ray Server) Intel Server (For Windows/Citrix Server) Enabling Sun Ray Smart Card Pass-through to Citrix 3

Sun Ray Requirements Configuring your Sun Ray Server to allow smart card support for Citrix sessions requires the following steps: 1. Ensure that you are running a current version of Solaris that supports Sun Ray Server Software 2.0. 2. Apply the latest Solaris Cluster Patch. 3. Apply the latest Sun Ray Server Patch 114880. The current version as of this document is 114880-04 4. Ensure that smart card middleware is installed on the Citrix Server 5. Install the Sun Ray PC/SC Bypass package. Patch 114880-04 or later must be installed prior to installation 6. Configure/test Citrix ICA Client for Solaris/SPARC. The first four steps are either general Solaris administration tasks or are beyond the scope of this document, such as installing third-party middleware on the Citrix Server. The steps that deal with installing Sun Ray PC/SC Bypass and configuring and testing the ICA client are covered in detail below. Smart Card Requirements Microsoft Windows natively supports a limited number of smart cards. It is important to have the correct drivers for the smart cards to be used in this environment. Support for various smart cards varies by smart card client software (often referred to as middleware) installed on the Citrix Server. For example, the U.S. Department of Defense Common Access Card is not natively supported by Windows and requires that middleware be installed on the Citrix Server (i.e. ActivCard for CAC, Netsign CAC, Schlumberger CACtus, etc.). Cards supported with Windows 2003 Server can be viewed here: http://www.microsoft.com/technet/treeview/default.asp?url= /technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_sc_us e_sctypes.asp Cards supported with Windows 2000 Server can be viewed here: http://www.microsoft.com/windows2000/en/server/help/default.asp?url =/windows2000/en/server/help/sag_sc_use_sctypes.htm 4 Sun Ray, Smart Cards, and Citrix May 2004

Note If you connect to a Windows Server and receive the following message: The card supplied requires drivers that are not on the system. Please try another card. then you do not have a supported smart card for Windows and need middleware to support your smart card in a Windows environment. Installing the Sun Ray PC/SC Bypass Note Make sure that patch 114880-04 or later is installed before installing the Sun Ray PC/SC Bypass. 1. Get the SUNWsrcbp package from the Sun Download Center. http://www.sun.com/software/download 2. Extract the package. 3. Install the SUNWsrcbp package via pkgadd. Installation Notes A reboot of the server or a restart of Sun Ray Services should not be required; however, the use of ActivCard Gold for Solaris or other implementations of PC/SC lite, such as MUSCLE, may require a reboot. If the Sun Ray PC/SC Bypass is used in conjunction with ActivCard Gold for Solaris, the following additional tasks must be performed to allow the ActivCard product to operate correctly: 1. Remove /etc/rc3.d/s99pcscd 2. Rename /usr/local/acgold/lib/libpcsclite.so to /usr/local/acgold/lib/libpcsclite.ac 3. Symlink (ln s) /opt/sunwut/lib/libpcsc-srcom.so to /usr/local/acgold/lib/libpcsclite.so Enabling Sun Ray Smart Card Pass-through to Citrix 5

Configuring and Testing Citrix Smart Card Support This document assumes that you know how to install and create connections using the Citrix ICA Client. For information on installing and configuring the Citrix Client for UNIX please read the Administrators Guide available at: http://download2.citrix.com/files/en/products/client/ica/current /docs/unixcag.pdf To Install and Configure Citrix ICA Client 1. Install the latest Citrix ICA Client for Solaris (SPARC). Use the latest version available from http://www.citrix.com/download 2. Uncompress and extract the distribution. 3. Run setupwfc from the location to which the distribution was extracted. 4. Take all defaults (install in /usr/lib/icaclient). If this step is not followed, the ICAROOT variable must set for each user 5. Launch the Citrix Client. # /usr/lib/icaclient/wfcmgr 6 Sun Ray, Smart Cards, and Citrix May 2004

The Citrix ICA Client for Solaris window appears. FIGURE 1 Citrix ICA Client for Solaris Window 6. Highlight the Connection you wish to test Smart Card support for, and click the properties button. Enabling Sun Ray Smart Card Pass-through to Citrix 7

The Connection Properties Screen appears. FIGURE 2 Connection Properties Screen a. Select the drop down box labeled Network and select Login. This presents the properties screen for Logon attributes. b. For testing purposes, check the box labeled Allow Smart Card Logon. c. Click OK. d. Launch your connection. 8 Sun Ray, Smart Cards, and Citrix May 2004

When the Windows Desktop or Published Application appears, you should be prompted for a PIN-based Login. FIGURE 3 Windows Desktop with Prompt for PIN-based Login Note If you connect to a Windows Server and receive the following message: The card supplied requires drivers that are not on the system. Please try another card. then you do not have a supported smart card for Windows and need middleware to support your smart card in a Windows environment; however, this message indicates that the smart card channel is operating correctly. You have now successfully enabled and tested the smart card channel from the Sun Ray DTU to the Citrix Server. Enabling Sun Ray Smart Card Pass-through to Citrix 9

Note Unless your Windows environment is configured to perform PIN-based logins (either via a Microsoft Certificate Server infrastructure or via middleware) you should disable the Allow Smart Card Logon option for your Citrix Connection. It is important to note that this does NOT disable the smart card channel for use with other smart card-aware applications; it is just a very simple way to test the channel. Required Reading/Other Resources Smart card support in a Citrix environment depends on more than just the communication channel being established. Out-of-the-box Citrix smart card support is limited to logins only. Unfortunately, smart card-based logins are not trivial and require a fair amount of work to ensure proper operation. For more information on configuring the Windows environment for smart card logins see the following Microsoft article: http://support.microsoft.com/default.aspx?scid=kb;en-us;257480 For information on enabling Smart Card Logon with Third Party Certification Authorities (such as would be the case with the Common Access Card) please see the following Microsoft Knowledge Base article: http://support.microsoft.com/default.aspx?scid=kb;en-us;281245 Administrators of Citrix environments must configure Citrix to allow other applications, such as Outlook, middleware utilities, etc., to use the smart card channel. Use the SCCONFIG utility. For more information on using smart cards and Citrix please see the Citrix Advanced Concepts Guide. http://support.citrix.com/servlet/kbservlet/download/2951-102- 9534/Feature_Release_3_Advanced_Concepts.pdf 10 Sun Ray, Smart Cards, and Citrix May 2004

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information