pc security etc it isn't that it's hard to do, it's that it can't be done

% fortune -ae paul murphy

Trying to clarify the Sun Ray difference

Frequent contributor Erik Engbrecht had this to say last week in response to my comment that the Sun Ray does no processing and isn't, therefore, a client-server client: thin, fat, or otherwise:

Smart, Thick, Thin, Display

It's all word games. Depending on how you define "processing," there is processing going on. It still has to render graphics, translate keyboard and mouse events, etc. A SunRay is just a compacted Sun workstation of yesteryear without a harddrive and special firmware designed to work solely as an X-Windows server.

The problem is the attempt to make "smart displays" seem more fundamentally different from other similar solutions just muddies the waters. People like me groan because yet another term has been introduced that means almost the same as other terms that will need to be explained to the higher-ups. The higher-ups get confused and either latch onto it or, more likely, have their eyes glaze over.

Anyway, enough with our industry's incredible ability to make sure words are completely meaningless...

The problem with Sun Ray and other similar solutions is that they are really a local optimum based on today's technology and practices for a relatively narrow range of priorities. Change the priorities and the solution is no longer optimum. Introduce distributed computing techniques with the same low administrative overhead and they lose out entirely.

It's hard to argue with that last paragraph, but the other stuff contains errors of both fact and interpretation - and because his comments are often extremely perceptive I thought it reasonable to assume that both issues affect a lot of other people too.

First the issue of fact: the Sun Ray is not an X-terminal. In fact I don't know of anyone who makes a decent X-terminal anymore, and that's too bad because the NCD approach implemented the real network computing model and was, I thought, optimal for a wide range of business desktop needs.

What makes the Sun Ray different is that it interfaces a remote user to an application, including graphics display, running on a server. That's all it does: if you take your PC, put the CPU, graphics controller, and memory on a card accessing a SAN in the data center, and connect your USB keyboard, mouse, and monitor to it via the network then you've got the guts of a PC style Sun Ray.

The PC thing is, of course, a worst of all worlds option because it puts whole rackmounts of PC cards under IT's direct control, needs virtualization to minimise hardware while maximising user wait, and is resolutely a collection of single users wired together via the network - think of it as the most complicated and expensive known way of achieving data processing's goals for the 1960s IBM VM/CMS product set with Windows GUI replacing CMS, and you've got it:

Sun Ray, in contrast, allows users to share resources and information independently of IT - because it inherently combines extreme simplicity with the true multi-user nature of the Unix backend. Its advantages therefore include:

  1. portability: the classic illustration is someone who's typing up overheads for a talk, looks at his watch, stops in the middle of entering a bullet point, walks to the lecture hall, and continues that sentence on the Sun Ray there while waiting for the seats to fill.

    As servers got bigger and more distributed this has meant that you can now use your personal computing environment from the office, from home, and from other people's offices without having to carry anything beyond some sign-on information (optionally on a smart card used in a two part identification system).

  2. reliability: once you've got your software running on at least two physically separated servers, Sun Rays become virtually unstoppable. Hardware will, of course, always fail unexpectedly; but such a system has enough redundancy to make failure a non issue for users - and failures are in any case less likely because networks are simpler and there are fewer components, including people, overall.

    The Sun Ray itself is, of course, a 100% interchangeable device: if the one you're using fails, your work is completely unaffected - just get another one and continue.

  3. flexibility: a Sun Ray connected to one network can open windows to another - it's possible, for example, to access Windows Terminal Services sessions running on Windows servers. As a result there's virtually no software you can't use - it's not licensible, but people have made MacOS X work on Sun Rays accessing X-serves.

  4. security: if you don't use x86 servers than both Linux and Solaris Sun Ray servers are essentially immune from most of the common attacks. You are still vulnerable to intelligently directed, particularly socially engineered, attacks, but the vast majority of the daily threats affecting the desktop PC are simply irrelevant.

  5. processing power: the desktop machine paradigm is limited in what it can deliver first by server and network bandwidth, and then by local processing capabilities. Thus when 500 people return from lunch and check their email, the system stalls waiting on the machine handling Exchange Server, and when a user hits a big compile, turnaround time is generally limited by memory and disk or network I/O on the desktop machine.

    In contrast the Sun Ray user has full access to much bigger instantaneous resources - 500 email users hitting a pair of T2000s at very nearly the same time have essentially no effect on anyone's response time, and a big compile will get an order of magnitude more resources than are available on the desktop.

  6. cost: if you compare the total set-up costs for PC client-server versus Sun Ray systems with comparable screens, software, and disk you usually get near parity. Compare operating costs, however, and the Sun Ray side can dispense with the entire PC babysitting (helpdesk, software maintenance, security, evergreen policies, license management, rack operations, HVAC upgrades) infrastructure while using significantly less space, power, and admin time at the server end.

  7. user freedom: if you do things right (and most people don't) you can use the simplicity of the Sun Ray set-up to relax most of the systems management rules we've all become used to. In particular you can have your sysadmins interact directly with users and thereby pass day to day tactical IT control to user communities - trusting your sysadmins to directly customise systems operations to fit user needs.

    That difference comes down to this: with either Wintel or data processing technologies you spend most of your time as an IT manager finding acceptable ways to say "No" to users. With Sun Ray you do the opposite: you work at finding ways to say "Yes" -largely because there's very little risk in any of the things business users tend to want. Thus stuff they usually to ask for - like trying out some new software, creating sandbox copies of major databases, prototyping new applications for existing or modified databases, or recovering files from previous OS/Application generations - that would rightly cause heart palpitations in traditional environments pose no threat in the Unix/Sun Ray world and can therefore be freely negotiated between sysadmins and users without management involvement.

Notice that the big practical differences between the Sun Ray and PC all evolve from the simplicity of the device in combination with the inherently multi-user nature of Unix. In contrast the differences between the Sun Ray and X-terminal arise because the X-terminal handles graphics computation and network routing -making it more bandwidth efficient, but marginally less secure.

The perceptional difference is, however, more important and consists essentially of this fact: the Sun Ray does no application processing and is therefore no more a client than are the screen and keyboard on a PC - it is purely and only an interface between a user and a set of application resources. Thus you can be in the middle of faking up your 10-K report when someone blows up your Sun Ray - and exactly nothing will happen to your application -you just scrape the glass and plastic residues off your face, plug in a replacement Sun Ray, and continue.


Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.