Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

Arrays

The Structure of an Array

Replicating Data Across the Array

Communication Between Array Members

Secure Intra-Array Communication

Managing Arrays and SGD Servers

Array Resilience

How Array Resilience Works

Failover Stage

Recovery Stage

Examples of How Array Resilience Works

Primary Server Goes Down

Array Splits into Two Arrays

Configuring Arrays

How to Enable Secure Intra-Array Communication

How to Add a Server to an Array (Secure Intra-Array Communication Enabled)

How to Add a Server to an Array (Secure Intra-Array Communication Disabled)

How to Change the Primary Server in an Array

How to Remove a Server From an Array

How to Change the Cipher Suite for Secure Intra-Array Communication

Configuring Array Resilience

How to Enable Array Failover for an Array

How to Configure the Array Failover Grace Period

How to Show the Backup Primaries List for an Array

How to Add an Entry to the Backup Primaries List

How to Change the Position of an Entry in the Backup Primaries List

How to Delete an Entry From the Backup Primaries List

How to Configure the Find New Primary Timeout

How to Configure the Action When Failover Ends

How to Rebuild an Array Manually

Load Balancing

User Session Load Balancing

Using The Load-Balancing JSP Technology Page to Distribute User Sessions

How to Configure the Load-Balancing JSP Technology Page to Distribute User Sessions

Using an External Mechanism to Distribute User Sessions

How to Configure the Load-Balancing JSP Technology Page for an External Load Balancing Mechanism

How to Configure the Load-Balancing JSP Technology Page for Use With My Desktop

Additional Load-Balancing JSP Technology Page Configuration

Using Another Webtop

Localized Splash Screen

Other Variables

Application Session Load Balancing

Application Load Balancing

Defining the Application Servers to Run the Application

Selecting the Load Balancing Method

Load Balancing Groups

How Application Load Balancing Works

Dynamic Application Servers and Load Balancing

Application Server Availability

Application Server Filters

Load Balancing Groups

Server Affinity

The Relative Power of the Application Servers

Example Relative Power Calculation 1

Example Relative Power Calculation 2

The Application Server With the Least Load

Fewest Application Sessions

Example Load Calculation Using Fewest Application Sessions

Least CPU Usage

Example Load Calculation Using Least CPU Usage

Most Free Memory

Example Load Calculation Using Most Free Memory

How Advanced Load Management Works

Tuning Application Load Balancing

Application Server's Relative Power

Load Balancing Listening Ports

SGD Requests Updates From an Application Server

Frequency of the Load Calculation

Frequency of Updates to the Primary SGD Server

Reliability of CPU and Memory Data

Frequency of Updates to Array Members

Editing Application Load Balancing Properties

The Global Load Balancing Properties File

The Application Server Load Balancing Properties File

How to Create an Application Server Load Balancing Properties File

The Load Balancing Service Properties File

SGD Web Server and Administration Console

Introducing the SGD Web Server

Securing the SGD Web Server

The httpd.conf.secure File

Using the Administration Console

Supported Browsers for the Administration Console

Starting the Administration Console

Deploying the Administration Console on Other Web Application Containers

Avoiding SGD Datastore Update Problems

Performing Array Operations Using the Administration Console

Administration Console Configuration Settings

Number of Search Results

Synchronization Wait Period

Searching and Displaying LDAP Data

Session Timeout

Securing Access to the Administration Console

Monitoring and Logging

The SGD Datastore

User Sessions and Application Sessions

User Sessions

Idle User Session Timeout

Application Sessions

Anonymous Users and Shared Users

Using Log Filters to Troubleshoot Problems With an SGD Server

Selecting a Component and Subcomponent

Selecting the Severity

Using Wildcards

Selecting a Destination

Using Log Files

Using Log Handlers

Examples of Using Log Filters

Viewing Log Output

Using Log Filters for Auditing

Viewing Audit Log Information

Examples of Using Log Filters for Auditing

Using Log Filters to Troubleshoot Problems With Protocol Engines

Examples of Using PE Log Filters

PE Log File Destinations

Viewing PE Log Output

Resetting a PE Log Filter

SGD Web Server Logging

Tomcat JSP Technology Container Logs

Apache Web Server Logs

SGD Client Logging

SGD Server Certificate Stores

The CA Certificate Truststore

How to Import CA Certificates or Certificate Chains into the CA Certificate Truststore

The Client Certificate Store

How to Create a Client Certificate CSR for an SGD Server

How to Install a Client Certificate for an SGD Server

SGD Installations

About Your SGD Installation

bin Directory

etc Directory

lib Directory

var Directory

webserver Directory

Backing Up and Restoring an SGD Installation

How to Make a Full Backup of an SGD Installation

Restoring a Damaged SGD Component

Binaries, Scripts, and Template Files

Login Scripts

Server Configuration

Global Configuration

The Local Repository

Automatic Log Archives

SGD Printing

SGD Web Server, Web Services, and the Webtop

How to Do a Full Restore of an SGD Installation

Troubleshooting Arrays and Load Balancing

Troubleshooting Array Resilience

Showing Status Information For an SGD Array

Enabling Array Resilience Logging

Troubleshooting Clock Synchronization Issues

Troubleshooting Advanced Load Management

The Load Balancing Service Is Not Working

SGD Ignores an Application Server Load Balancing Properties File

One of the Application Servers Is Never Picked

One of the Application Servers Is Always Picked

Two Identical Application Servers, But One Runs More Applications Than the Other

The SGD Server Log File Shows an Update Received for an Unknown ID

SGD Uses Too Much Network Bandwidth

Users Cannot Connect to an SGD Server When It Is In Firewall Traversal Mode

Users Cannot Relocate Their Sessions

A.  Global Settings and Caches

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

SGD Installations

This section describes the files that are included in an SGD installation. Information on backing up and restoring your SGD installation is also included.

This section includes the following topics:

About Your SGD Installation

The standard installation directory for SGD is /opt/tarantella.

During SGD installation, you have the option of specifying a different installation directory.

You can find out your installation directory from the command line, as follows:

The SGD installation directory contains the following subdirectories:

The following sections describe the contents of each of these subdirectories, and what each subdirectory is used for.

See also Backing Up and Restoring an SGD Installation.

bin Directory

The bin directory contains the scripts, binaries, and server-side Java™ technology needed to run SGD.

etc Directory

The etc directory contains configuration files that control the behavior of SGD and applications displayed through SGD. It contains the subdirectories listed in the following table.

Subdirectory
Contents
etc/data
The following configuration files:
  • Character application object configuration files:

    • Attribute maps (attrmap.txt)

    • Color maps (colormap.txt)

  • Printing configuration files:

    • Host name maps (hostnamemap.txt)

    • Printer driver maps (default.printerinfo.txt)

    • Printer driver to printer type mappings (printertypes.txt)

    • Printer to user-friendly name mappings (printernamemap.txt)

  • RGB color names (rgb.txt)

  • Timezone configuration files

  • Supported CA certificates (cacerts.txt)

etc/data/keymaps
Keyboard map files.
etc/fonts
X Window System fonts and additional fonts installed with SGD.
etc/pkg
Information about installed SGD packages, for example version compatibility and dependencies.
etc/templates
A complete copy of the standard files that are installed in the etc/data directory and the var/serverresources directory.
lib Directory

The lib directory contains shared libraries used by the SGD server and shared libraries that you might need when installing the SGD Client on certain platforms.

var Directory

The var directory contains the files that are used by the web server and the files that the SGD server copies to other members of the array. The var directory contains many subdirectories, and the important ones are listed in the following table.

Subdirectory
Contents
var/docroot
The HTML pages used by the SGD web server.
var/tsp
Server SSL certificates, keys, and CA certificates.
var/ens
The local repository, containing the objects in the organizational hierarchy.
var/log
SGD server log files.
var/print
The print queue and First In First Out (FIFO).
var/serverresources/expect
SGD login scripts.
var/spool
Files on their way to the print queue.
webserver Directory

The webserver directory contains the scripts, binaries, and server-side Java technology needed to run the SGD web server, web services, and the webtop. The important subdirectories are listed in the following table.

Subdirectory
Contents
apache
All the files needed to configure and run the SGD web server.
tomcat
All the files needed to configure and run the Tomcat JSP technology and Java Servlet extension servlet container.
tomcat/tomcat-version/webapps/axis
Files needed to run SGD web services. The webtop uses web services.
tomcat/tomcat-version/webapps/sgd
Files needed to run the webtop, including the SGD Client.
tomcat/tomcat-version/shared/lib
tomcat/tomcat-version/shared/classes

Backing Up and Restoring an SGD Installation

This section describes how to back up an SGD installation, so that you can repair SGD in the event that a component or an entire installation becomes damaged.

Before using the procedures on this page, it is helpful if you are familiar with the layout of the SGD installation. See About Your SGD Installation.

This section includes the following topics:

How to Make a Full Backup of an SGD Installation

Before You Begin

To be able to restore an SGD installation or to be able to repair some individual SGD components, you need a full backup.

While making the backup, do not run any command-line tools or use the Administration Console. It is also best if you shut down the SGD server while making the backup. However, if this is not possible, do it when the server is least loaded.

  1. Log on as superuser (root) on the SGD host.
  2. Back up the SGD log files.
    # tarantella archive
  3. Back up the entire SGD installation directory on each SGD server in the array.

    See About Your SGD Installation for details of the SGD installation directory.

    SGD also uses the following configuration files, which only need to be backed up if you are using them and you have modified them:

    • The /etc/ttaprinter.conf file – This file contains the lpr defaults

    • The /etc/sdace.txt and /var/ace/data files – These files contain RSA SecurID settings

    • Web server password files – If you have created these files for use with the SGD web server, and they are stored outside the SGD installation directory

Restoring a Damaged SGD Component

For the purposes of restoring a damaged installation, SGD can be divided up into the following components:

The following sections describe how to back up each of these components.

Binaries, Scripts, and Template Files

The binaries, scripts, and template files are only modified as part of an installation, patch, or custom engineering work. These files do not change very often.

You can restore these files from a backup or another installation, as follows:

Login Scripts

The Login Scripts control the interaction between SGD and the application servers, for example, by logging a user in.

How you recover login scripts depends on whether or not you are using customized login scripts.

If you are not using customized login scripts, you can restore these files from another installation, a backup, or from the /opt/tarantella/etc/templates directory.

If you are using customized login scripts, you must only restore these files from a backup.

The login scripts are in the /opt/tarantella/var/serverresources/expect directory.

Server Configuration

Server configuration covers all the properties for an SGD server that are not shared with the other SGD servers in the array, such as the server DNS name and server tuning.

As this configuration is unique to a particular SGD host, it must only be restored from a backup taken from that host.

The server-specific configuration is in the /opt/tarantella/var/serverconfig/local directory.

If you are using SGD security services, you must also restore the following:

Global Configuration

Global configuration covers all the properties that are the same for all the SGD servers in the array, for example the names of the other array members.

To restore the global configuration for an SGD server, you must only restore from a backup of the primary SGD server.

The global configuration is in the /opt/tarantella/var/serverconfig/global directory.

The Local Repository

The local repository, formerly called the Enterprise Naming Scheme (ENS) datastore, is shared across all SGD servers in the array. This is the organizational hierarchy that contains all the information about users, applications, and application servers. This information changes very often.

Restore the local repository from the backup of the primary SGD server.

The local repository is in the /opt/tarantella/var/ens directory.

Automatic Log Archives

By default, SGD archives its log files each week at 4 a.m. on Sunday, using a cron job.

If the root user’s crontab becomes corrupt, or the archiving does not take place, use the tarantella setup command to restore the default setting, or to change the time and day that the archiving takes place.

The log files are archived under the /opt/tarantella/var/log directory.

SGD Printing

When you install SGD, it configures an SGD printer queue.

If the printer queue is not present, you can restore it using either of the following methods:

The printer queue is in the /opt/tarantella/var/print directory.

SGD Web Server, Web Services, and the Webtop

The configuration of the SGD web server, SGD web services, and the webtop is unique to a particular SGD host and must only be restored from a backup taken from that host.

The configuration for the SGD web server is in the /opt/tarantella/webserver/apache/apache-version directory. You might also have web server password files, which can be stored in other locations.

The configuration for SGD web services is in the /opt/tarantella/webserver/tomcat/tomcat-version directory.

The files used for the webtop are in the /opt/tarantella/webserver/tomcat/tomcat-version/webapps/sgd directory.

How to Do a Full Restore of an SGD Installation

Before You Begin

If you are unable to restore a damaged SGD component or you are unsure about the extent of the damage to your system, you must do a full restore of your SGD installation.

To do a full restore, you must have a full backup. See How to Make a Full Backup of an SGD Installation for details of how to back up an SGD installation.

Ensure that no users are logged in to the SGD server, and that there are no application sessions, including suspended application sessions, running on the SGD server.

  1. Log on as superuser (root) on the SGD host.
  2. Stop the SGD server.
  3. Uninstall SGD.
    # tarantella uninstall --purge

    Note - If this fails, you might have to manually remove the SGD package. Use the rpm -e tta command on Linux platforms, and the pkgrm tta command on Solaris OS platforms.


  4. Delete the SGD installation directory.
    # rm -rf /opt/tarantella
  5. Reinstall SGD and any patches, if applicable.

    This installs the printer queue, rc scripts and package database.

  6. Stop the SGD server.
  7. Delete the SGD installation directory.
    # rm -rf /opt/tarantella
  8. Reinstate the SGD installation from the backup.

    Note - Make sure you restore from the server’s backup. Also, check that the DNS name of the host has not changed.


  9. Restart the SGD server.