I've been lurking for a while, and this thread prompted me to sign up.
I know this is an old post, but I figured id put my 2c worth in anyways.
I am the IT / Manager for a health clinic and have recently implemented Sun's SunRay Server with Sun Ray thin clients. The security side of the system has its benefits for us, but the technology really fits our working model.
The reason for the change is because all the staff move around between workstations during the day. Not only was this a security issue, the main problem I had was that at the end of the day come balancing time, I could never pin down the "problem" entries on the balance sheet to any one particular person.
"oh, that wasn’t me, I wasn’t here then, someone else was using my profile"
In the morning, the staff would come in and log onto a workstation and then move around with all the rest of the staff between workstations. This is something that is part of the job and the staff do actually need to do, but logging in and out upon moving was too much of a hassle, so they didn’t bother.
So the application of the smart cards and SRSS was to enable my staff the ability to continue moving between workstations, but have their session follow them with their smart card. Although I know its possible, I don't use the Smart Cards for authentication to the TS box, each user still needs to input a valid password to access the terminal server.
So now at the end of the day when it comes time to balance, I know that each user entry on the balance sheet is correct, and have identified staff who need more training.
Additional benefits have been:
1. Increased privacy as workstations are no longer left logged in and unattended.
2. Increased security as you can only access the TS box from a Sun Workstation if you have a card.
3. Reduction of power consumption as the thin clients really are very thin!
The biggest hassle I had to begin with was making sure the staff actually DID take their damn card with them when they left a workstation. Being so used to just moving between workstations made it hard to break this habit. Although a few unannounced trips around the office collecting cards from unattended workstations fixed the problem fairly quickly. Staff felt rather stupid having to come to me to get their card back after a number of times.
If anyone is interested in more detail about the setup, please let me know. I'm more than happy to share exp / thoughts.
How did everyone go with their smart card implementations?