Exit Print View

Oracle Secure Global Desktop Gateway Administration Guide for Version 4.6

Document Information

Preface

1.  Installing the SGD Gateway

2.  Configuring the SGD Gateway

Deploying the SGD Gateway

Basic Deployment

Load-Balanced Deployment

SGD Gateway Configuration Tasks

Client Device to SGD Gateway Connections

How to Configure the Ports and Connections for the SGD Gateway

How to Install an SSL Certificate for Client Connections Into the Client Keystore

SGD Gateway to SGD Server Connections

How to Install SGD Server Certificates

How to Install SGD Gateway Certificates on the SGD Array

How to Configure SGD Client Connections

Client Device to Load Balancer Connections

Load Balancer to SGD Gateway Connections

Controlling the SGD Gateway

Starting the SGD Gateway

Stopping the SGD Gateway

Restarting the SGD Gateway

Removing the SGD Gateway

How To Remove the SGD Gateway

A.  SGD Gateway Architecture Overview

B.  Command-Line Reference

C.  Advanced Configuration

D.  Troubleshooting the SGD Gateway

Deploying the SGD Gateway

This section describes the following SGD Gateway deployment scenarios:

Basic Deployment

This section describes the configuration tasks for a basic deployment of the SGD Gateway.

A basic deployment uses a single SGD Gateway, as shown in Basic Deployment Using a Single SGD Gateway.

Figure 2-1 Basic Deployment Using a Single SGD Gateway
Network Diagram Showing a Basic Deployment Using a Single SGD Gateway

Configuring a basic deployment involves configuring the connections shown in Connections For a Basic Deployment of the SGD Gateway.

Table 2-1 Connections For a Basic Deployment of the SGD Gateway
Connection
Configuration Steps
Client device to SGD Gateway
  1. Configure the ports and connections used by the SGD Gateway.

    You configured these settings when you installed the SGD Gateway.

    See How to Configure the Ports and Connections for the SGD Gateway if you want to change the configuration of the SGD Gateway.

  2. On the SGD Gateway, install a Secure Sockets Layer (SSL) certificate for client connections.

    See How to Install an SSL Certificate for Client Connections Into the Client Keystore.

SGD Gateway to SGD servers
  1. Enable SGD security services for the array.

    The SGD servers must be running in secure mode. Firewall forwarding must not be enabled.

    See “Secure Connections to SGD Servers ” in Chapter 1 of the Oracle Secure Global Desktop 4.6 Administration Guide for details of how to do this.

  2. On the SGD Gateway, install security certificates for the SGD servers.

    Use the gateway server command to import CA certificates and SSL certificates for the SGD servers in the array into the SGD Gateway keystore.

    See How to Install SGD Server Certificates.

  3. Set up the SGD servers in the array to use the SGD Gateway.

    Install the SGD Gateway certificate on the SGD array, and use the tarantella gateway add command to register the SGD Gateway with the SGD array.

    See How to Install SGD Gateway Certificates on the SGD Array.

  4. Configure which SGD Client connections can use the SGD Gateway.

    See How to Configure SGD Client Connections.

Load-Balanced Deployment

This section describes the configuration tasks for a load-balanced deployment of SGD Gateway.

A load-balanced deployment uses multiple SGD Gateways and a load balancer as the network entry point, as shown in Network Deployment Using Multiple SGD Gateways and a Load Balancer.

Figure 2-2 Network Deployment Using Multiple SGD Gateways and a Load Balancer
Network Diagram Showing a Load-Balanced Deployment Using Multiple SGD Gateways and a Load Balancer

Configuring a load-balanced deployment involves configuring the connections shown in Connections For a Basic Deployment of the SGD Gateway.

Table 2-2 Connections For a Load-Balanced Deployment of the SGD Gateway
Connection
Configuration tasks
Client device to load balancer
  1. Enable incoming connections from client devices.

    Typically, this uses Transmission Control Protocol (TCP) port 443.

    See your load balancer documentation for details of how to do this.

  2. (Optional) On the load balancer, install the SSL certificate used by the SGD Gateways for client connections.

    See your load balancer documentation for details of how to do this.

Load balancer to SGD Gateway
  1. Configure your load balancer to forward connections to the SGD Gateway.

    See your load balancer documentation for details of how to do this.

  2. Configure the ports and connections used by the SGD Gateway.

    Set the network entry point to the address of the load balancer.

    You configured these settings when you installed the SGD Gateway.

    See How to Configure the Ports and Connections for the SGD Gateway if you want to change the configuration of the SGD Gateway.

  3. On each SGD Gateway, install an SSL certificate for client connections.

    See How to Install an SSL Certificate for Client Connections Into the Client Keystore.

SGD Gateway to SGD servers
  1. Enable SGD security services for the SGD array.

    The SGD servers must be running in secure mode. Firewall forwarding must not be enabled.

    See “Secure Connections to SGD Servers ” in Chapter 1 of the Oracle Secure Global Desktop 4.6 Administration Guide for details of how to do this.

  2. On the SGD Gateway, install security certificates for the SGD servers.

    Use the gateway server command to import CA certificates and SSL certificates for the SGD servers in the array into the SGD Gateway keystore.

    See How to Install SGD Server Certificates.

  3. Set up the SGD servers in the array to use the SGD Gateways.

    Install SGD Gateway certificates on the SGD array, and use the tarantella gateway add command to register the SGD Gateways with the SGD array.

    See How to Install SGD Gateway Certificates on the SGD Array.

  4. Configure which SGD Client connections can use the SGD Gateways.

    See How to Configure SGD Client Connections.