Friday, February 29, 2008

HP Thin Clients And USB Access For Users

We have been incrementally adding features to our new HP thin clients. The initial install gave the users their previous functionality, with much better performance. The next step was to enable 3D support for Compiz. Next, we pushed a build that included PULSEAUDIO and enabled full multimedia support. I just built and pushed a new build to about 10 people that allows USB stick access from desktops. Previously, the loading of outside files was handled using email or media was uploaded and verified by our support staff. Users out of the office and working from home log into our servers remotely, so there isn't a huge need for files to be transferred back and forth; the files always stay here at the City where they can be backed up and retained. Increasingly there are photos and other documents that require USB and immediate uploads, and this build will help resolve that need.

I blogged about this topic when I built my first proof of concept. I read the feedback and considered all options and have decided that my original plan seems the most robust, stable and feature rich. The HP thin clients run a Debian build, so I installed proftpd and got it working. The beauty of FTP is that it's stateless. Anyone that supports users of differing skills knows they will find ways to disrupt the best laid technology plans. :) I therefore did not want any stateful mounts from the servers to the thin clients. With the various techniques used by people, I know they would find a way to cause a problem with a mount or get something locked/stuck. FTP performs a task (list, upload, download) and then is immediately finished. Very clean, to me. I added a permissions based icon to the desktop:

When launched, the script gets the hostname of the thin client currently connected and then opens a nautilus window. The FTP account on the thin client has a password that is entered via the dialog window.

SDISPLAY=` echo $DISPLAY | awk -F ":" ' {print $1}'`
nautilus ftp://media@$SDISPLAY

From the users perspective they don't think about the technology, and simply get a file manager as expected. The files can be moved to the server or desktop as desired. Files on USB sticks at remote sites will upload and move right to the servers located here at City Hall.

Here are the lines in proftpd.conf of interest in this deployment:

ScoreboardFile /etc/proftpd.scoreboard # file system allows writes

DefaultRoot /media # FTP can only get to media only

MaxInstances 100 #Lots of quick UI clicking counts as new users, increased

HideFiles (\.bas|\.bat|\.cab|\.cmd|\.com|\.dll|\.exe|\.inf|\.js|\.mdb|\.msi|\.vb|\.vbe)

IgnoreHidden on

The last section hides most executables from view completely. If they are on the users USB stick, GNOME won't even see or display them. If you can't see them, you can't drop and drag them.

I'm sure there will be some tuning, but it's working well enough for a pre-release.

We are testing some perks of this design:
- Being able to share your USB stick with other users, from any facility.
- Someone in our support group might be at a remote site fixing something, and they need a utility or program here at City Hall. Staff can push it right to them.

Fun stuff, it will be interesting to see how it goes.


mariodebian said...

We have developed and alternate solution (more complex) that support mount/umount from a systray menu.

TcosDevices-NG screencast

Marc Carson said...

Love to read this stuff! I had no idea that you could do USB via FTP, but it makes sense. Especially as someone who yanks his USB disk out all the time and then says "oops..."

Dave Richards said...

FTP finds the USB drives because they are just mounted as /media/usb0 and so on. Devices always become files.

HP 5500 toner said...

Your blog is awesome and you too are awesome! Just felt the need to say that (hehe) Plus your work is simply great! I don't want to boast on and on you really did a good job formatting this blog!