Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

Secure Global Desktop Authentication Tab

The Authentication Wizard

Token Generation

Description

Command Line

Password Cache

Description

Command Line

Third-Party Authentication

Description

Command Line

System Authentication

Description

Command Line

Search Local Repository

Description

Command Line

Search LDAP Repository

Description

Command Line

Use Default Third-Party Identity

Description

Command Line

Use Default LDAP Profile

Description

Command Line

Use Closest Matching LDAP Profile

Description

Command Line

LDAP/Active Directory

Description

Command Line

Unix

Description

Command Line

Authentication Token

Description

Command Line

Windows Domain Controller

Description

Command Line

SecurID

Description

Command Line

Anonymous

Description

Command Line

Search Unix User ID in Local Repository

Description

Command Line

Search Unix Group ID in Local Repository

Description

Command Line

Use Default User Profile

Description

Command Line

Windows Domain

Description

Command Line

Active Directory

Description

Command Line

LDAP

Description

Command Line

Service Objects Tab

The Service Objects List Table

Name

Type

Enabled

URLs

User Name and Password

Connection Security

Active Directory Base Domain

Active Directory Default Domain

Application Authentication Tab

Password Cache Usage

Description

Command Line

Action When Password Expired

Description

Command Line

Smart Card Authentication

Description

Command Line

Dialog Display

Description

Command Line

"Save Password" Box

Description

Command Line

"Always Use Smart Card" Box

Description

Command Line

Display Delay

Description

Command Line

"Launch Details" Pane

Description

Command Line

Communication Tab

Unencrypted Connections Port

Description

Command Line

Encrypted Connections Port

Description

Command Line

AIP Keepalive Frequency

Description

Command Line

Timeout for User Session Resumability

Description

Command Line

Timeout for General Resumability

Description

Command Line

Resource Synchronization Service

Description

Command Line

User Session Idle Timeout

Description

Command Line

Performance Tab

Application Session Load Balancing

Description

Command Line

Application Load Balancing

Description

Command Line

Client Device Tab

Windows Client Drive Mapping

Description

Command Line

Unix Client Drive Mapping

Description

Command Line

Dynamic Drive Mapping

Description

Command Line

Windows Audio

Description

Command Line

Windows Audio Sound Quality

Description

Command Line

Unix Audio

Description

Command Line

Unix Audio Sound Quality

Description

Command Line

Smart Card

Description

Command Line

Serial Port Mapping

Description

Command Line

Copy and Paste

Description

Command Line

Client's Clipboard Security Level

Description

Command Line

Time Zone Map File

Description

Command Line

Editing

Description

Command Line

Printing Tab

Client Printing

Description

Command Line

Universal PDF Printer

Description

Command Line

Make Universal PDF Printer the Default

Description

Command Line

Universal PDF Viewer

Description

Command Line

Make Universal PDF Viewer the Default

Description

Command Line

Postscript Printer Driver

Description

Command Line

Security Tab

New Password Encryption Key

Description

Command Line

Timeout for Print Name Mapping

Description

Command Line

Connection Definitions

Description

Command Line

X Authorization for X Display

Description

Command Line

Monitoring Tab

Log Filter

Description

Command Line

Billing Service

Description

Command Line

Resilience Tab

Array Failover

Description

Command Line

Monitor Interval

Description

Command Line

Monitor Attempts

Description

Command Line

Find Primary Interval

Description

Command Line

Find Primary Attempts

Description

Command Line

Action When Failover Ends

Description

Command Line

Backup Primaries

Description

Command Line

Caches Tab

Passwords Tab

Description

Adding Entries to the Password Cache

Command Line

Tokens Tab

Description

Command Line

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

Security Tab

Attributes on the Security tab are global security attributes which apply to all SGD servers in the array.

From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.

New Password Encryption Key

Usage: Select or deselect the check box.

Description

Whether to generate a new encryption key for the password cache when an SGD server is restarted.

If a new encryption key is generated, the existing password cache is preserved and encrypted with the new key.

Command Line

Command option: --security-newkeyonrestart 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, a new encryption key for the password cache is not generated when an SGD server is restarted.

--security-newkeyonrestart 0

Timeout for Print Name Mapping

Usage: Type a timeout value, measured in seconds, in the field.

Description

The period of time an entry in the print name mapping table is retained. This table is used to ensure that users can print from an application and then exit the application, without losing the print job.

The timer starts counting when the user closes the last application on the application server.

Set the timeout value to be greater than the maximum delay between choosing to print from an application and the printer responding.

If you change this value, all existing expiry timeouts are reset. Changes take effect immediately.

To flush the table, type in 0 and click Apply. You can then set the timeout to the required value.

To display the table, use the tarantella print status --namemapping command.

Command Line

Command option: --security-printmappings-timeout seconds

Usage: Replace seconds with the timeout value, measured in seconds.

In the following example, the print name mapping table is retained for 1800 seconds (30 minutes).

--security-printmappings-timeout 1800

Connection Definitions

Usage: Select or deselect the check box.

Description

Whether to take note of the Connections attribute when a user logs in to SGD.

Select the check box, or set the command line option to 1, if you are using the Connections attribute for user profile, organizational unit, or organization objects.

Deselect the check box if SGD security services are not enabled.

If SGD security services are enabled, connections are secure unless the check box is selected and some connections are defined otherwise.

Deselecting the check box enables users to log in more quickly.

Changes to this attribute take effect immediately.

Command Line

Command option: --security-applyconnections 1 | 0

Usage: Specify 1 (true) or 0 (false).

The following example disables checking of connections for SGD log ins.

--security-applyconnections 0

X Authorization for X Display

Usage: Select or deselect the check box.

Description

Whether to secure all SGD X displays using X authorization. This prevents users from accessing X displays they are not authorized to access.

X authorization is enabled by default.

To use X authorization, xauth must be installed on the application server.

If X authorization is enabled, SGD checks the standard locations for the xauth binary. Extra configuration might be needed if the binary is in a nonstandard location.

Changes to this attribute take effect immediately.


Note - This attribute only secures the X display between the SGD server and the application server.


Command Line

Command option:--security-xsecurity 1 | 0

Usage: Specify 1 (true) or 0 (false).

The following example enables X authorization.

--security-xsecurity 1