Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

The SGD Client

Overview of the SGD Client

Configuring the SGD Client

The SGD Client Helper

Installing the SGD Client

Automatic Installation of the SGD Client

How to Enable Automatic Installation for Roaming User Profiles

Manual Installation of the SGD Client

Running the SGD Client From the Command Line

Command-Line Examples

Starting the SGD Client Without Any Arguments

Connecting to a Particular SGD Server

Overriding the Login URL

Web Services Developer Options

Using SGD Without Java Technology

How to Use SGD Without Java Technology

Client Profiles

Client Profiles and the SGD Client

Managing Client Profiles

How to Configure Client Profile Editing for Users

Client Profile Settings

About the Profile Cache

Microsoft Windows Users With Roaming User Profiles

Integrated Mode

Working in Integrated Mode

Setting Up the SGD Client for Integrated Mode

Authentication Token Authentication

How Authentication Token Authentication Works

User Identity and User Profile

Authentication Tokens and Security

How to Enable Authentication Token Authentication

Administering Authentication Tokens

Troubleshooting Automatic Logins

Configuring the Client Profile for Integrated Mode

Configuring Applications for Integrated Mode

Webtops

Setting the Language for the Webtop

Overriding the Default Language for the Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

Client Profiles

This section includes details on how to manage and configure client profiles for the SGD Client.

This section includes the following topics:

Client Profiles and the SGD Client

A client profile is a group of configuration settings that control the SGD Client. The settings in a client profile include the following:


Note - The SGD Client can only connect to an SGD server if they both have the same major and patch version number. For example, version 4.40.917.


There is one client profile, a single group of settings, for each SGD server that the user connects to. The profile is downloaded when the user connects to an SGD server. If the SGD Client has been installed manually, the user is prompted for initial connection information the first time the SGD Client is started.


Note - Client profiles are not the same as user profiles. User profiles control webtop content and other SGD-specific settings, such as printing.


This section includes the following topics:

Managing Client Profiles

SGD Administrators manage client profiles with the SGD administration tool, Profile Editor. The Profile Editor tool is only available to SGD Administrators.

SGD Administrators can create, edit, and delete client profiles for the following objects:

Each of these objects can only have one client profile. The client profile is stored on the SGD server.

The default system client profile is the profile for the System Objects organization. This client profile can be edited, but it cannot be deleted.

Users can edit their own client profiles from the webtop. Click the Edit button in the Applications area of the webtop and then go to the Client Settings tab.

Users can only edit the client profile for the SGD server they are currently connected to. The client profile for a user is stored on the client device, not the SGD server.


Note - Anonymous users cannot edit client profiles. This is because these users are temporary. See Anonymous User Authentication for more details.


How to Configure Client Profile Editing for Users

  1. Enable profile editing for SGD.

    Profile editing for SGD is enabled by default.

    1. In the Administration Console, go to the Global Settings -> Client Device tab.
    2. In the Profile Editing section, ensure the Editing check box is selected.

      The check box is selected by default.


    Note - If profile editing is disabled, it is disabled for all users, including SGD Administrators. However, SGD Administrators can still create and edit client profiles using the Profile Editor application.


  2. Configure profile editing in the organizational hierarchy.

    Profile editing can be configured for organizations, organizational units, or user profiles.

    Profile editing can be inherited from a parent object in the organizational hierarchy, so that SGD Administrators can enable or disable profile editing for many users without having to edit each user profile. By default, profile editing is enabled for all users.

    1. In the Administration Console, go to the User Profiles tab and select an object in the organizational hierarchy.
    2. Go to the Client Device tab.
    3. Enable Client Profile Editing as follows:
      • Select the Override Parent’s Setting, or the Override Global Setting check box.

        Selecting this check box enables you to override the profile editing setting from any parent object. For example, profile editing can be disabled for an OU, but enabled for a user profile in that OU.

      • Select the Enabled check box.

        Selecting the check box enables profile editing for the user profile, or for all users in the organization unit or organization.

        The initial state of this check box is the setting of the parent object.

    4. Click Save.

Client Profile Settings

The following table lists the settings available in a client profile, with a description of what the setting does.

Setting
Description
Login URL
The SGD URL to use for the profile. This is usually http://server.example.com/sgd, where server.example.com is the name of an SGD server.

If the user runs SGD by displaying the webtop in a browser, the URL is loaded automatically in the user’s default browser, so that they can log in and access their webtop.

In Integrated mode, the URL is only loaded in the user’s default browser if the user needs to log in to SGD.

Always use a fully qualified domain name.

The URL in a client profile can be overridden by a command-line argument. See Running the SGD Client From the Command Line.

The default Login URL is http://server.example.com:80/sgd/index.jsp.

Connect on System Login
If enabled, the SGD Client is started automatically with this client profile whenever the user logs in to their client device.

If enabled, the SGD Client creates an application shortcut or symbolic link for itself in the startup folder of the desktop system. The links are created in the following locations:

  • Microsoft Windows. The Windows startup folder for the current user. This is usually C:\Documents and Settings\username\Start Menu\Programs\Startup

  • KDE. $HOME/.kde/autostart

  • Gnome. $HOME/.config/autostart

  • Java Desktop System. $HOME/.config/autostart

This setting is disabled by default.

Add Applications to Start Menu
Controls how users interact with SGD.

If enabled, the applications a user can run are displayed in the desktop Start or Launch Menu on the client device. This is called Integrated mode. Users do not have any of the controls that are available on a webtop, for example controls for suspending and resuming applications.

If disabled, the applications a user can run are displayed on a webtop in a browser.

This setting is disabled by default.

Automatic Client Login
If enabled, the SGD Client tries to log the user in using an authentication token as soon as it starts.

You can only enable this option if the Add Applications to Start Menu setting is enabled.

This setting is disabled by default.

See Integrated Mode for more details.

Alternative PDF Viewer
The application command for an alternative Portable Document Format (PDF) viewer to use with PDF printing.

If the application is not on the user’s PATH, type the full path to the application.

This setting only applies to UNIX, Linux, and Mac OS X platform client devices.

Logging
Controls the amount of information that is output to the SGD Client log file.

The output is logged to a text file in the same directory as the SGD Client.

The default is Errors only.

Preferred Language
The default language to use when the SGD Client is started from the command line. For example, when the SGD Client is in Integrated mode.

The language selected is used for messages displayed by the SGD Client, the login dialog, and the webtop.

See Setting the Language for the Webtop for details.

The default is en.

Check for Local X Server
If enabled, the SGD Client checks whether there is an X server running on the client device.

Enabling this option can improve performance when starting X applications that are configured to display using an X server on the client device. If a local X server is not available, an independent window is used instead.

This setting only applies to Windows client devices.

This setting is disabled by default.

Proxy Settings
Settings that control how the SGD Client determines what proxy servers to use.

Use Default Web Browser Settings means use the proxy server settings configured in the user’s default browser.

Manual Proxy Settings enable you to define the proxy server settings in the profile. You can specify an Hypertext Transfer Protocol (HTTP) proxy server.

If the proxy settings are determined from a browser, the settings are stored and used the next time the SGD Client starts.

If Establish Proxy Settings on Session Start is enabled, the SGD Client obtains the proxy settings from the browser every time it starts. The stored proxy settings are not used. If Automatic Client Login is selected, the Establish Proxy Settings on Session Start setting is disabled.

By default, the Use Default Web Browser Settings check box is selected and the Establish Proxy Settings on Session Start check box is not selected.

Connection Failure
Settings that control what the SGD Client does if the connection to an SGD server is lost, whether to always reconnect, to never reconnect, or to ask the user.

If the SGD Client reconnects, these settings control how many attempts are made to reconnect and the time in seconds between each attempt.

If the SGD Client is unable to reconnect, the user session ends and any running applications are ended or suspended, depending on the resumability setting of the application.

The default settings are to Always Attempt to Reconnect, and make 6 attempts at 10 second intervals.

About the Profile Cache

Client profiles created by SGD Administrators are stored on the SGD server where they are created. The profiles are then copied to all the SGD servers in the array, so that they are available for editing on any SGD server.

When a user first logs in to SGD, the SGD Client downloads the client profile to a profile cache on the client device. The client profile that is downloaded is the first match of the following:

When a user edits and saves a client profile, they override the client profile defined by an SGD Administrator, or the system default client profile, and create a user-specific client profile that is only saved in the profile cache on the client device.


Note - Users must log out of SGD and log in again for changes to their client profile to take effect.


The profile cache is specific to each user who logs in to SGD from the client device and is stored in the following locations:


Note - If a Windows user has a roaming user profile, see How to Enable Automatic Installation for Roaming User Profiles .


The same profile cache is used by the SGD Client, whether it has been installed manually or automatically.

The profile cache is updated each time the user edits a client profile, or each time the user logs in, if they are using the client profile defined by an Administrator.


Caution

Caution - If a user has not edited their client profile, any manual changes made to the profile.xml file are lost when the user next logs in.


The profile cache contains one client profile for each SGD server the user connects to.

Users can restore a client profile to the default settings by editing the client profile and clicking the Reset button. This resets the client profile to the settings defined for the system default client profile on the System Objects object.

Microsoft Windows Users With Roaming User Profiles

Users with Microsoft Windows client devices can have roaming user profiles. Roaming user profiles provide the user with the same working environment, no matter which Microsoft Windows computer they use. If Microsoft Windows users have roaming user profiles, the SGD client profile is automatically adjusted to allow for this, as follows:

The following settings from the SGD client profile are stored in the location of the user’s roaming profile:

Setting
Profile Entry
Login URL
<url>
Add Applications to Start Menu
<mode>
Automatic Client Login
<autologin><AT>
Connect on System Login
<autostart>
Connection Failure
<reconnect_mode>

<reconnect_attempts>

<reconnect_interval>

The settings that are stored with the user’s roaming profile are controlled by the properties file /opt/tarantella/var/serverconfig/local/roamingattributes.properties.

Roaming user profiles are not enabled by default. See How to Enable Automatic Installation for Roaming User Profiles for details of how to configure SGD to use roaming profiles.