Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Document Information

Preface

1.  Networking and Security

Overview of Networks and Security

Connections Between Client Devices and SGD Servers

Connections Between SGD Servers and Application Servers

UNIX or Linux System Application Servers

Microsoft Windows Application Servers

Web Application Servers

Connections Between SGD Servers in an Array

DNS Names

Configuring External DNS Names

How to Configure the External DNS Names of an SGD Server

Changing the Peer DNS Name of an SGD Server

How to Change the Peer DNS Name of an SGD Server

Proxy Servers

Supported Proxy Servers

Configuring Client Proxy Settings

HTTP Connections

AIP Connections

Determining Proxy Settings From a Browser

Specifying Proxy Settings in the Client Profile

Using Proxy Server Automatic Configuration Scripts

Proxy Server Exception Lists

Proxy Server Timeouts

Configuring Server-Side Proxy Servers

How to Configure Array Routes

Firewalls

Firewalls Between Client Devices and SGD Servers

Firewalls Between SGD Servers

Firewalls Between SGD Servers and Application Servers

Other Firewalls

Secure Connections to SGD Servers

SSL Certificates

Supported Certificate Authorities

Self-Signed SSL Certificates

Using an SSL Certificate Obtained for Another Product

How to Generate a Certificate Signing Request

How to Replace a Server SSL Certificate

Firewall Traversal

The SGD Gateway

Using Firewall Forwarding

Enabling Secure Connections (Automatic Configuration)

How to Enable Secure Connections (Automatic Configuration)

Enabling Secure Connections (Manual Configuration)

How to Install a Server SSL Certificate

How to Install the CA Certificate for an Unsupported CA

How to Install a CA Certificate Chain

How to Configure Firewall Forwarding

How to Enable SGD Security Services for an SGD Server

Secure Connections and Security Warnings

Browser and Java Plugin Tool Security Warnings

SGD Server SSL Certificate Security Warnings

Untrusted Initial Connection Warnings

Using a Preconfigured hostsvisited File

Avoiding Issuer Unknown Security Warnings

Tuning Secure Connections to SGD Servers

Tuning the SSL Daemon

How to Tune SSL Daemon Processes

How to Change SSL Daemon Log Filters

How to Change SSL Daemon Maximum Restart Attempts

Using External SSL Accelerators

How to Enable External SSL Accelerator Support

Selecting a Cipher Suite for Secure Connections

How to Change the Cipher Suite for Secure Client Connections

Using Connection Definitions

How to Enable Connection Definition Processing

How to Configure Connection Definitions

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

Overview of Networks and Security

When using SGD, client devices never connect directly to application servers. Instead they connect to SGD using Hypertext Transfer Protocol (HTTP) or HTTP over Secure Sockets Layer (HTTPS) and the SGD Adaptive Internet Protocol (AIP). SGD then connects to the application servers on the user’s behalf.

The following are the main network connections involved when using SGD:

In a default SGD installation, most network connections are not secure. The following sections describe how you can secure these network connections.

Connections Between Client Devices and SGD Servers

Client devices makes the following connections to SGD servers:

To secure these connections, configure the SGD web server to be a secure (HTTPS) web server, and enable SGD security services. See Secure Connections to SGD Servers for details.

The SGD Secure Gateway can be used to provide an increased level of security between client devices and SGD servers. When you use the Gateway, client devices do connect directly to SGD. Instructions on how to install, configure, and use the SGD Gateway are included in the Oracle Secure Global Desktop 4.6 Gateway Administration Guide.

Connections Between SGD Servers and Application Servers

The connections between SGD servers and application servers are used to start applications on the application server, and to send and receive data from the application, such as key presses and display updates.

The level of security between SGD and your application servers depends on the types of application server and the protocols they use.

UNIX or Linux System Application Servers

When connecting using the Telnet protocol or the rexec command, all communication and passwords are transmitted unencrypted.

For secure connections to UNIX or Linux system application servers, use Secure Shell (SSH). SSH encrypts all communications between SGD hosts and encrypts passwords before they are transmitted. See Using SSH.

By default, SGD secures X displays using X authorization to prevent users from accessing X displays they are not authorized to access.

Microsoft Windows Application Servers

Windows applications use the Microsoft Remote Desktop (RDP) protocol. This means that all communication is encrypted, and connections to Microsoft Windows application servers are secure.

Web Application Servers

The level of security depends on the type of web server used to host the web application, as follows:

For secure connections to web application servers, use HTTPS web servers.

Connections Between SGD Servers in an Array

Connections between SGD servers are used to share static and dynamic data across the array. See Replicating Data Across the Array for details of the information that is communicated on these connections. In a standard installation, the data transmitted between the SGD servers in an array is not encrypted. See Secure Intra-Array Communication for details on how to secure these connections.