Exit Print View

Oracle Secure Global Desktop Gateway Administration Guide for Version 4.6

Document Information

Preface

1.  Installing the SGD Gateway

2.  Configuring the SGD Gateway

A.  SGD Gateway Architecture Overview

B.  Command-Line Reference

The gateway Command

Syntax

Description

Examples

gateway start

Syntax

Description

Examples

gateway stop

Syntax

Description

Examples

gateway restart

Syntax

Description

Examples

gateway config

Syntax

Description

Examples

gateway config create

Syntax

Description

Examples

gateway config list

Syntax

Description

Examples

gateway config edit

Syntax

Description

Examples

gateway config enable

Syntax

Description

Examples

gateway config disable

Syntax

Description

Examples

gateway server

Syntax

Description

Examples

gateway server add

Syntax

Description

Examples

gateway server remove

Syntax

Description

Examples

gateway server list

Syntax

Description

Examples

gateway status

Syntax

Description

Examples

gateway version

Syntax

Description

Examples

gateway sslcert

Syntax

Description

Examples

gateway sslcert export

Syntax

Description

Examples

gateway sslcert print

Syntax

Description

Examples

gateway sslkey

Syntax

Description

Examples

gateway sslkey import

Syntax

Description

Examples

gateway sslkey export

Syntax

Description

Examples

gateway cert export

Syntax

Description

Examples

gateway key import

Syntax

Description

Examples

gateway setup

Syntax

Description

Examples

gateway uninstall

Syntax

Description

Examples

The tarantella gateway Command

Syntax

Description

Examples

tarantella gateway add

Syntax

Description

Examples

tarantella gateway list

Syntax

Description

Examples

tarantella gateway remove

Syntax

Description

Examples

The --security-gateway Attribute

C.  Advanced Configuration

D.  Troubleshooting the SGD Gateway

The --security-gateway Attribute

You use the --security-gateway attribute to enable SGD Gateway usage for the SGD array. The attribute defines the SGD Clients that can access the SGD Gateway, based on their IP address or DNS name.

Changes to the --security-gateway attribute apply to all SGD servers in the array.

The syntax for the attribute is as follows:

--security-gateway filter-spec...

Replace filter-spec with a filter specification of the type:

client-ip-address|*:gateway protocol:gateway-address:gateway-port

where client-ip-address is the IP address of the SGD Client. An asterisk, *, represents all IP addresses. For connections through the SGD Gateway, this is the address that the SGD servers in the array use to connect to the SGD Gateway.


Note - If you are using an external load balancer with the SGD Gateway, type the address of the load balancer for the client-ip-address.


The gateway protocol is sgdg for connections through the SGD Gateway, or direct for SGD Clients that connect directly to an SGD array, without going through the SGD Gateway.

The gateway-address is the external address of the SGD Gateway, or an external load balancer, if used. This is the address that client devices use to contact the SGD Gateway.

The gateway-port is the port that client devices use to connect to the SGD Gateway, or an external load balancer, if used.

Separate multiple filter-spec entries with a “;” character.

The following example enables all SGD Clients to connect using TCP port 443 of the SGD Gateway gateway1.example.com.

$ tarantella config edit --security-gateway "*:sgdg:gateway1.example.com:443"

The following example enables all SGD Clients to connect using an external load balancer, lb.example.com.

$ tarantella config edit --security-gateway \
"*:sgdg:lb.example.com:443"

You can use multiple filter specifications, as shown in the following example.

Consider a basic deployment, as shown in Using Multiple Filter Specifications. The deployment uses a single SGD Gateway, gateway1.example.com, with an SGD array that contains two SGD servers, sgd1.example.com and sgd2.example.com. The address of the SGD Gateway on the internal network is 192.168.0.250.

Figure B-1 Using Multiple Filter Specifications
Network Diagram Showing a Deployment Scenario That Uses Multiple Filters

The following filter specification might be used for this example:

"192.168.0.250:sgdg:gateway1.example.com:443; \
*:direct:sgd1.example.com:80"

With this configuration, the following applies: