Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

The SGD Client

Overview of the SGD Client

Configuring the SGD Client

The SGD Client Helper

Installing the SGD Client

Automatic Installation of the SGD Client

How to Enable Automatic Installation for Roaming User Profiles

Manual Installation of the SGD Client

Running the SGD Client From the Command Line

Command-Line Examples

Starting the SGD Client Without Any Arguments

Connecting to a Particular SGD Server

Overriding the Login URL

Web Services Developer Options

Using SGD Without Java Technology

How to Use SGD Without Java Technology

Client Profiles

Client Profiles and the SGD Client

Managing Client Profiles

How to Configure Client Profile Editing for Users

Client Profile Settings

About the Profile Cache

Microsoft Windows Users With Roaming User Profiles

Integrated Mode

Working in Integrated Mode

Setting Up the SGD Client for Integrated Mode

Authentication Token Authentication

How Authentication Token Authentication Works

User Identity and User Profile

Authentication Tokens and Security

How to Enable Authentication Token Authentication

Administering Authentication Tokens

Troubleshooting Automatic Logins

Configuring the Client Profile for Integrated Mode

Configuring Applications for Integrated Mode

Webtops

Setting the Language for the Webtop

Overriding the Default Language for the Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

The SGD Client

The SGD Client is the part of SGD that is installed on client devices. The SGD Client is required to run applications.

This section includes details of how you can install and run the SGD Client.

This section includes the following topics:

Overview of the SGD Client

The SGD Client can operate in either of the following ways:

Depending on the client platform, users see an icon in the System tray or Workspace switcher when the SGD Client is running.

The SGD Client performs the following functions:

Configuring the SGD Client

The SGD Client needs to be configured so that it can connect to an SGD server. The connection settings for the SGD Client are defined in a client profile. The client profile is stored on the client device.

The client profile controls things such as the Uniform Resource Locator (URL) that the SGD Client connects to when it starts, and the operating mode of the SGD Client.

See Client Profiles for more information about how SGD uses client profiles and the settings you can configure for a client profile.

The SGD Client Helper

When using a browser with Java technology enabled, the SGD Client is supported by the SGD Client Helper.

The SGD Client Helper is a Java applet that performs the following functions:

Use of the SGD Client Helper is optional. See How to Use SGD Without Java Technology.

Installing the SGD Client

The SGD Client can be installed in the following ways:

Automatic Installation of the SGD Client

If you are using a browser with Java technology enabled, the SGD Client is installed automatically when you visit the http://server.example.com/sgd URL, where server.example.com is the name of an SGD server.


Note - If you use Internet Explorer on Microsoft Windows Vista platforms, you must add the SGD server to the list of Trusted Sites in Internet Explorer’s Security Settings before the SGD Client can be automatically downloaded and installed.


With automatic installation of the SGD Client, different versions of the SGD Client are installed in separate directories. This means the following:

The SGD Client is installed in the following directories:

If you want to use automatic installation and have more control over where the SGD Client is installed, you can develop your own web application for installing the SGD Client and use SGD web services to specify the installation location.

See the Oracle Secure Global Desktop 4.6 Installation Guide for more details about automatic installation of the SGD Client.

How to Enable Automatic Installation for Roaming User Profiles

To enable the SGD Client to be installed automatically in a directory that is roamed, perform the following procedure on each SGD server in the array.

Ensure that no users are logged in to the SGD server, and that there are no application sessions, including suspended application sessions, running on the SGD server.

  1. Log in as superuser (root) on the SGD host.
  2. Change to the jsp directory.
    # cd /opt/tarantella/webserver/tomcat/tomcat-version/webapps/sgd/resources/jsp
  3. Edit the webtopsession.jsp file.

    Change the tccRoaming line in webtopsession.jsp, as follows:

    String tccRoaming = "true";

    Save the change.

  4. Restart the SGD web server.
    # tarantella restart webserver

Manual Installation of the SGD Client

With manual installation, you have full control over where the SGD Client is installed.

On Microsoft Windows platforms, you need administrator privileges to install the SGD Client.

You download and install the SGD Client from the SGD web server Welcome Page. The SGD web server Welcome Page is at http://server.example.com, where server.example.com is the name of an SGD server.

Click the Install the Oracle Secure Global Desktop Client link on the Welcome Page. The Oracle Secure Global Desktop Client download page has instructions for downloading and installing the SGD Client.

On Microsoft Windows client devices, the default installation directory is: C:\Program Files\Sun\Secure Global Desktop Client. A shortcut for the SGD Client is also added to the Windows Start Menu.


Note - Manual installation is not available for Mac OS X client platforms.


See the Oracle Secure Global Desktop 4.6 Installation Guide for more details about manual installation of the SGD Client.

Running the SGD Client From the Command Line

Typically, users log in to SGD by starting a browser and visiting the http://server.example.com/sgd URL, where server.example.com is the name of an SGD server.

Connecting to SGD in this way, automatically downloads and starts the SGD Client. However, you can also start the SGD Client from the command line and connect to an SGD server. From the command line, you can run the SGD Client either using a browser or in Integrated mode.

You start the SGD Client with the tcc command on Microsoft Windows client platforms, or the ttatcc command on UNIX, Linux, or Mac OS X client platforms, as follows:

tcc
  [ -profile name ]
  [ -loginurl url ]
  [ -preferredlanguage lang ]
  [ -logdir file ]
  [ -use-java ]
  [ -version ]

The following table lists the arguments for the tcc and ttatcc commands.

Argument
Description
-profile name
The name of the profile to use when starting the SGD Client.

Currently there is only one profile for each SGD server, called Default.

To specify the profile for a particular server, use -profile server.example.com::Default where server.example.com is the name of an SGD server.


Note - Profile names are case sensitive.


-loginurl URL
The login URL. This overrides the URL defined in the profile.

Use a fully qualified domain name.

-preferredlanguage lang
The language to use in any dialogs and messages displayed by the SGD Client. This overrides the language defined in the profile. The following are the supported languages:
  • en for English

  • de for German

  • fr for French

  • ja for Japanese

  • ko for Korean

  • zh_CN for Simplified Chinese

  • zh_TW for Traditional Chinese

-logdir file
The directory where the SGD Client log file is created.
-use-java
Enable the detection of Java technology in the SGD Client.
-version
Displays the version number of the SGD Client.
-help
Displays help information. This option is only available on UNIX, Linux, or Mac OS X client platforms.

Note - The arguments are case-sensitive.


The command line does not allow you to supply a user name and password. However, the SGD Client can be configured to log a user in automatically. This is called Integrated mode. See Setting Up the SGD Client for Integrated Mode for more details.

Command-Line Examples

The command line for the SGD Client can be used to create your own shortcuts and shell scripts.

If either the Connect on System Login or the Add Applications to Start Menu options are enabled in a user’s profile, the SGD Client automatically adds shortcuts for itself in the user’s desktop Start menu. The desktop systems that support these features are listed in the Oracle Secure Global Desktop 4.6 Platform Support and Release Notes available at http://docs.sun.com/app/docs/doc/821-1928.

The following are some examples of running the SGD Client from the command line.

Starting the SGD Client Without Any Arguments

The following example starts the SGD Client and uses the settings defined in the Default profile, available from the user’s profile cache.

$ ttatcc

If there is no profile, or the profile does not contain a login URL, the SGD Client starts but it cannot connect to an SGD server.

If the user has previously connected to more than one SGD server, the SGD Client connects to the last SGD server the user connected to, using the profile for that server.

Use this command to start the SGD Client if the user always connects to the same SGD server.

Connecting to a Particular SGD Server

The following example starts the SGD Client and uses the settings defined in the profile for server.example.com, available from the user’s profile cache.

$ ttatcc -profile server.example.com::Default

If there is no profile available in the cache for server.example.com, the SGD Client prompts for connection settings.

Use this command to start the SGD Client if the user might connect to different SGD servers.

Overriding the Login URL

The following example starts the SGD Client and uses the settings defined in the Default profile, available from the user’s profile cache, but connects to the specified URL.

$ tcc -loginurl url

where url is the URL of a login page on an SGD server, for example http://server.example.com/sgd.

Depending on the URL, this can be used to start an application.

Use this command to start the SGD Client and connect to a single SGD server, but connect to different web applications on that server.

Web Services Developer Options

The SGD Client also supports the following command-line arguments. These arguments are useful only when developing applications with SGD web services.

Argument
Description
-port tcp
The port on which the SGD Client connects to the SGD server. Usually, this is Transmission Control Protocol (TCP) port 5307 when the user has a secure connection to SGD.
-baseroute
The base network route the SGD Client uses to traverse a SOCKS proxy server.
-firewalltraversal
Indicates that the SGD server is using firewall traversal. Connections to the SGD server and the webtop both use the same port, usually TCP port 443.
-connectioncookie cookie
Supplies the cookie used by the SGD server to identify the user session which the SGD Client is being used for.
-portfile file
The name of a file where the SGD Client writes its listening port number.
-psn
For use with Mac OS X client devices only. Ensures an X server is running.
-server server
The fully-qualified Domain Name System (DNS) name of the SGD server.
-no-browser
Do not start a browser when starting the SGD Client.

Note - The arguments are case-sensitive.


Using SGD Without Java Technology

If your organization prefers not to use Java technology, you can still use SGD, but with the following limitations:

The following procedure describes the steps needed to use SGD without Java.

How to Use SGD Without Java Technology

  1. Download and install the SGD Client.

    You download the SGD Client from the SGD web server Welcome Page, for example at http://server.example.com, where server.example.com is the name of an SGD server.

    Click the link to Install the Oracle Secure Global Desktop Client.

    The download page and the Oracle Secure Global Desktop 4.6 Installation Guide have details of how to install the SGD Client.

  2. Start the SGD Client and connect to SGD.

    Use either of the following methods:

    • Start the SGD Client from the shortcut in the desktop Start menu.

      The first time you start the SGD Client, it prompts you for the URL to connect to. This is normally http://server.example.com/sgd, where server.example.com is the name of an SGD server. The SGD Client also prompts you for the proxy server settings to use.

      When the SGD Client connects, it starts your default browser and displays the SGD login page.

    • Start the SGD Client from the command line.

      See Running the SGD Client From the Command Line for more details.

  3. Log in to SGD.

    The SGD webtop is displayed.

  4. Edit the profile for your client device.

    On the webtop, click the Edit button in the Applications area of the webtop. Go to the Client Settings tab and edit the client profile.

    See also Client Profile Settings.

    1. Configure the operating mode of the SGD Client.

      You can access SGD either by using a browser or by using Integrated mode.

      Integrated mode gives users the best user experience when Java technology is unavailable. Select the Add Applications to Start Menu check box. See also Integrated Mode.

      To use automatic logins to minimize the use of a browser, select the Automatic Client Login check box. See Authentication Token Authentication.

      Whenever the SGD Client needs to display a page in a browser, for example to display a webtop or a login page, it always starts the default browser.

      To update the webtop display, users might have to manually reload the page.

    2. Configure the proxy server settings.

      You must specify the proxy server settings in the profile, because these settings cannot be obtained from the browser. See Configuring Client Proxy Settings.

    3. Click Save.

    Note - SGD Administrators can preconfigure many of these settings for users, by editing the profile for an organization or organizational unit.


  5. Log out of SGD.