Many thin clients have no support whatsoever for local audio from a Linux terminal server. Those that do typically have only ESD. This requires that the applications be configured to use ESD (most have this option, but not all). The following also must be added to the .bash_profile of thin-client users to identify the IP:port of the thin client's ESD server:
Because thin clients have no built-in drives, the only local storage of interest is USB-connected. We want locally inserted devices to be accessible from a desktop icon. But as the desktop is running on the terminal server, we need to make the terminal server see these local files.
This requires a thin client with a local NFS server configured to automatically detect and share USB devices. On the terminal server, we configure the autofs dæmon to detect these remotely mounted devices automatically and mount them locally. Create a directory /etc/auto on the terminal server. For each user that is allowed to access local storage, create a file /etc/auto/username with the following contents:
usb -rw,soft,intr 192.168.0.64:/autofs/usb0
Replace 192.168.0.64 with the thin client's IP address, and the path /autofs/usb0 will vary by manufacturer. Create a directory /home/username/media, then add the following to /etc/auto.master:
/home/username/media /etc/auto/username --timeout=15
Finally, create a symlink on username's desktop to /home/username/media/usb. The user now can insert a USB drive, and clicking the symlink will cause autofs to mount it on the terminal server.
This method works and has been used in real deployments, but it has an inherent limitation. The thin clients must have static IPs, and each user is tied to an IP address. In cases where users need to float between stations, this will not be adequate.
In many cases, it is actually required that user access be restricted to specific locations. This is easily accomplished using the PAM login access control table. First, the thin client must be given a static IP address. Then, add the following entry to /etc/security/access.conf on the terminal server:
-:username:ALL EXCEPT 192.168.0.64
The format of this file is permissions:users:origins. So the above example removes (-) permission for user username from all addresses except 192.168.0.64.
Besides the obvious security application, this is also useful for public-access thin clients. While creating a separate generic account for each thin client (user1, user2 and so on) gives each one a separate home directory so users will not trip over each other, it is easy to log in accidentally using the wrong generic account at a given workstation. This procedure prevents that.
Thin clients have matured and are ready for widespread use. Their benefits are too compelling to ignore, and most have a commitment to Linux as their primary platform. Unfortunately, most are myopically focused on MS Windows terminal servers and are neglecting support for Linux on the server side. As they become more widely deployed, the ironic possibility of Linux systems becoming an impediment to the deployment of open source on the desktop is very real.
Some specific items that must be addressed are:
Thin clients are too proprietary. Open tools are needed for building Flash images and other system management tasks.
Universal support for full-duplex, low-latency audio.
Secure, easy and mobile access to local USB storage devices.
Support for local non-PostScript printers.
Encryption and compression.
The solution is likely NX or something very similar—something that retains the modularity of the system while integrating the components into a cohesive whole. I have not yet seen a thin client with a fully functional NX client.
Resources for this article: /article/9388.
Lyle Frost is a consultant with Citadel Network (www.citadelnetwork.com), an IT management firm in Indiana.
|Nativ Disc||Sep 23, 2016|
|Android Browser Security--What You Haven't Been Told||Sep 22, 2016|
|The Many Paths to a Solution||Sep 21, 2016|
|Synopsys' Coverity||Sep 20, 2016|
|Naztech's Roadstar 5 Car Charger||Sep 16, 2016|
|RPi-Powered pi-topCEED Makes the Case as a Low-Cost Modular Learning Desktop||Sep 15, 2016|
- Android Browser Security--What You Haven't Been Told
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Nativ Disc
- The Many Paths to a Solution
- Naztech's Roadstar 5 Car Charger
- Synopsys' Coverity
- Securing the Programmer
- RPi-Powered pi-topCEED Makes the Case as a Low-Cost Modular Learning Desktop
- Glass Padding
- Identity: Our Last Stand
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide