Hiya, There's an issue which hasn't been mentioned here yet, so I figured I'd better weigh in with it: Trusted Extensions.
It's no secret that the Trusted Extensions / Sun Ray combination is popular in various Governments worldwide, particularly in the highly-compartmentalised arenas typically associated with high threat and multinational working. To this effect, Sun Ray has "curious security things" associated with it, such as Letters of Volatility to feed into assurance processes around a disconnected Sun Ray provably having no trace of user session information on it. Presumably other "zero clients" have similar Letters and assurances associated with them - if readers know which, it may be helpful to construct a list. Also, there's the manner in which other "zero clients" obtain and render their displays. The nature of the Trusted Extensions X server means that clients using standard remote X11 probably wouldn't work; Glenn Faden has helpfully blogged about how a VNC server can be persuaded to work in a Trusted Extensions environment (https://blogs.oracle.com/gfaden/entry/an_update_on_using_xvnc ) so VNC-using clients could potentially be used, but in all cases there would need to be software installed on Trusted Path, so that software (as well as the client hardware and any smart cards, which would also fall within the scope of Trusted Path) would have to be subject to considerable scrutiny by appropriate security assessors. Again, constructing a list looks like something which needs to be done, and I can potentially offer some help. (I've had Trusted Extensions sessions working just fine using VirtualBox's vRDP server too, which removes the need to install software on Trusted Path, but you're more likely to find a hen with teeth, than a security assessor happy to approve a multilevel or cross-domain Trusted Extensions environment installed on anything other than bare metal.) Of course, there's the matter of what Oracle is going to do, as a consequence of discontinuing Sun Ray - and I'd guess that this is something that is currently being figured-out. I reckon there's a large enough installed base of Sun Ray that the product could be spun out and picked up as a going concern, especially given its proven track record and ongoing assurance in high-security environments, and would strongly encourage Oracle to consider this option... Cheers, -- Dave Walker Labelled Security Limited Tel: +44 780 3079264 Twitter: @labeledsecurity http://www.labelledsecurity.co.uk/slides Labelled Security Limited is registered in England and Wales, No. 7666489 ; VAT 114 6198 23 Registered Office: 1 Andromeda House, Calleva Park, Aldermaston, Berkshire, RG7 8AP _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
