Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

Windows Applications

Configuring Windows Application Objects

Creating Windows Application Objects on the Command Line

Configuring Microsoft Windows Terminal Services for Use With SGD

Authentication Settings

Session Resumability and Session Directory

Windows Printer Mapping

Drive Redirection

Encryption Level

Multiple Terminal Services Sessions

Remote Desktop Users

Time Zone Redirection

Audio Redirection

Smart Card Device Redirection

COM Port Mapping

Color Depth

Transport Layer Security

Terminal Services Group Policies

Keep Alive Configuration for Windows Terminal Servers

Licensing Microsoft Windows Terminal Services

Managing CALs From the Command-Line

Microsoft Windows Remote Desktop

Seamless Windows

Notes and Tips on Using Seamless Windows

Key Handling for Windows Terminal Services

Supported Keyboard Shortcuts for Windows Terminal Services

The Windows Key and Window Management Keys

Configuring Windows Keyboard Maps

Returning Client Device Information for Windows Terminal Services Sessions

The SGD Remote Desktop Client

Using a Configuration File

Running Windows Applications on Client Devices

X Applications

Configuring X Application Objects

Creating X Application Objects on the Command Line

Supported X Extensions

X Authorization

X Fonts

Using Your Own X Fonts

Using a Font Directory

Using a Font Server

How to Configure SGD to Use Your Own X Fonts

Keyboard Maps

Character Applications

Configuring Character Application Objects

Creating Character Application Objects on the Command Line

Terminal Emulator Keyboard Maps

Default Mappings

Creating a Keyboard Map

Key Names

Client Device Keys

Application Server Keystrokes

Terminal Emulator Attribute Maps

How to Create Your Own Attribute Map

Editing Character Attributes

Terminal Emulator Color Maps

Examples of Using Color Maps

Dynamic Launch

Dynamic Application Servers

SGD Broker

User-Defined SGD Broker

VDI Broker

Dynamic Applications

How to Create a Dynamic Application

Client Overrides

Using My Desktop

Integrating SGD With Oracle VDI

How to Create a Dynamic Application Server for the VDI Broker

Using SSH

SSH Support

Configuring the SSH Client

How to Set Global SSH Client Options

How to Set Application SSH Client Options

Enabling X11 Forwarding for X Applications

How to Enable X11 Forwarding

Using SSH and the X Security Extension

How to Enable the X Security Extension

Using SSH and X Authorization

Using Advanced SSH Functions

Known Limitation With Client Keys

Application Authentication

Login Scripts

Configuring Application Authentication

The Application Server Password Cache

Managing the Application Server Password Cache

Security and the Password Cache

Windows Domains and the Password Cache

Input Methods and UNIX Platform Applications

Adding Support for System Prompts in Different Languages

Using RSA SecurID for Application Authentication

Tips on Configuring Applications

Starting an Application or Desktop Session Without Displaying a Webtop

Using SGD Web Services

Using Multihead Or Dual Head Monitors

Disabling Shared Resources

Configuring the Correct Desktop Size

Configuring Desktop Size for Client Window Management Applications

Configuring Desktop Size for Kiosk Mode Applications

Setting Up the Monitors

Improving the Performance of Windows Applications

Improving the Performance of Java Desktop System Desktop Sessions or Applications

Configuring the X Application Object for Java Desktop System

Disabling Default Java Desktop System Settings

Documents and Web Applications

Creating a Virtual Classroom

How to Create the Teacher's Application Object

How to Create the Classroom Application Object

Configuring Common Desktop Environment Applications

Configuring a CDE Desktop Session

Configuring a CDE Application

Using CDE and SSH

Configuring VMS Applications

Configuring the Login Script Used for the Application

Configuring the Transport Variable in the Login Script

Disabling X Security

3270 and 5250 Applications

Troubleshooting Applications

An Application Does Not Start

Checking the Configuration of the Application Object

Checking the Launch Details and Error Logs

Increasing the Log Output

Troubleshooting ErrApplicationServerTimeout Errors

Troubleshooting ErrApplicationServerLoginFailed Errors

An Application Exits Immediately After Starting

Applications Fail To Start When X Authorization Is Enabled

Applications Disappear After About Two Minutes

An Application Session Does Not End When the User Exits an Application

Checking the Session Termination Setting

Windows Applications Do Not Close Down

UNIX Desktop Sessions Do Not Close Down After Logging Out

Users Can Start Applications With Different User Names and Passwords

Using Windows Terminal Services, Users Are Prompted for User Names and Passwords Too Often

SGD Prompts the User

Terminal Server Prompts the User

Using Shadowing to Troubleshoot a User's Problem

A Kiosk Application Is Not Appearing Full-Screen

An Application's Animation Appears 'Jumpy'

Font Problems with X Applications

Display Problems With High Color X Applications

The X Application Fails With a Color Planes Error

The Colors Appear Strange

The X Application Uses Too Much Bandwidth

8-bit Applications Exit With a PseudoColor Visual Error

Clipped Windows With Client Window Management Applications

Emulating a Sun Keyboard

Display Update Issues When Shadowing Over a Low Bandwidth Connection

Troubleshooting Mouse Drag Delay Issues

Incorrect Time Zone Name Shown in Windows Applications

5.  Client Device Support

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

Dynamic Launch

Dynamic launch is the term used to describe runtime changes that are applied when users start applications. Typically, the runtime changes enable users to select the application server that runs the application, or to choose the application that is started, or both. Configuring dynamic launch can involve dynamic application servers, dynamic applications, and client overrides.

This section covers the following topics:

Dynamic Application Servers

A dynamic application server is an object that represents a virtual server broker (VSB). SGD uses the VSB to obtain a list of application servers that can run an application. If a user can select an application server, a chooser page is displayed that enables the user to specify the application server.

Dynamic application servers are created on the Application Servers tab of the Administration Console, or by using the tarantella object new_host --dynamic command.

The VSB used for a dynamic application server is specified using the Virtual Server Broker Class (--vsbclass) attribute. Any configurable parameters for the VSB are specified using the Virtual Server Broker Parameters (--vsbparams) attribute.

You only need to create one dynamic application server object for each VSB you are using. In general, you only create multiple dynamic application servers for the same VSB if you want to pass different parameters to the VSB.

The following VSBs are supplied with SGD:

You can develop your own VSB for use with SGD. Your broker must implement the IVirtualServerBroker interface that is included in the sgd-webservices.jar in the /opt/tarantella/bin/java/com/sco/tta/services/proxy directory.

Dynamic application servers are assigned to an application in the same way as conventional application servers, as described in How to Assign Application Servers to Applications.


Caution

Caution - Only assign one dynamic application server to an application.


Dynamic application servers override the normal SGD mechanisms for application load balancing because they enable users to choose where an application is run. To prevent application servers from becoming overloaded, you can use the attributes on an application server object to filter the application servers shown on the chooser page. See Dynamic Application Servers and Load Balancing for more details.

When dynamic application servers are used, entries in the SGD password cache are usually stored using the dynamic application server as well as the application server. But this can depend on the VSB and configured client overrides.

SGD Broker

The SGD broker lists the application servers that are assigned to an application object. The dynamic application server itself is not listed.

The user experience when using the SGD broker is as follows:

On the command line, the fully-qualified class name (--vsbclass) for the SGD broker, is com.tarantella.tta.webservices.vsbim.SGDBroker.

The SGD broker does not have any configurable parameters.

When you install SGD, a default dynamic application server object called o=appservers/cn=SGD Broker is created automatically. This dynamic application server is used with the My Desktop application. See Using My Desktop for details.

User-Defined SGD Broker

The User-defined SGD broker lists the application servers that are assigned to an application object, and also enables users to specify the name or IP address of any application server. Users can run applications on application servers that do not have a corresponding application server object in the local repository. The dynamic application server itself is not listed.

The user experience when using the User-defined SGD broker is as follows:

On the command line, the fully-qualified class name (--vsbclass) for the User-defined SGD broker is com.tarantella.tta.webservices.vsbim.UserDefinedSGDBroker.

The User-defined SGD broker has a one optional parameter. If you specify createAppserver for the Virtual Server Broker Parameters (--vsbparams) attribute, SGD automatically creates new application server objects for any user-specified application servers that do not already exist in the local repository.

VDI Broker

The VDI broker enables SGD to request a desktop from a Oracle VDI installation. See Integrating SGD With Oracle VDI for details.

The user experience when using the VDI broker is as follows:

On the command line, the fully-qualified class name (--vsbclass) for the VDI broker is com.sun.sgd.vsbim.SunVDIVirtualServerBroker.

The VDI broker has a one mandatory parameter, the host name of a VDI server. When you create an dynamic application server for the VDI broker, specify localhost for the Virtual Server Broker Parameters (--vsbparams) attribute.

Dynamic Applications

A dynamic application represents one or more application objects. When the user starts a dynamic application, a chooser page is displayed that enables the user to select an application to run.

A dynamic application object consists of a set of mappings between type strings and SGD application objects. For example, you could create a dynamic application to enable users to choose between a Windows desktop session or Linux desktop session. Such a dynamic application might use the mappings shown in the following table.

Type
Application
windows
o=applications/cn=Windows Desktop
linux
o=applications/cn=Linux Desktop

Dynamic applications are created on the Applications tab of the Administration Console, or by using the tarantella object new_dynamicapp command. See How to Create a Dynamic Application.

Type-application mappings for dynamic applications can be configured on the Mappings tab for the dynamic application object, or with the tarantella object add_mapping and tarantella object remove_mapping commands.

The type is a string that is specified when a mapping is added. Because the type is displayed on the chooser page, generally the type identifies the type of application. But it can be any unique string you want.

Dynamic applications are assigned to users in the same way as conventional applications, as described in Publishing Applications. You can assign multiple dynamic applications to a user.

When you install SGD, a default dynamic application object called o=applications/cn=My Desktop is created automatically and is used for the My Desktop application. See Using My Desktop for details.

How to Create a Dynamic Application

Before You Begin

Ensure that the applications that you want to map to the dynamic application already exist.

  1. In the Administration Console, go to the Applications tab.
  2. Create the dynamic application object.
    1. Select an object in the organizational hierarchy.

      Use the navigation tree to select a directory object to contain the dynamic application.

    2. In the content area, click New.

      The Create a New Object window is displayed.

    3. In the Name field, type the name of the dynamic application.

      The name you type is used for the link on the webtop.

    4. Ensure that the Dynamic Application option is selected and click Create.

      The Create a New Object window closes and the content area is updated with the new object.

  3. Configure the dynamic application.
    1. Click the View New Object link.

      The General tab for the dynamic application object is displayed.

    2. (Optional) Change the Icon for the dynamic application.

      The icon is used on the webtop.

    3. Click the Mappings tab.
    4. In the Editable Mappings table, click Add.

      The Add a New Mapping window is displayed.

    5. In the Mapping Type field, type a string to identify the mapping.

      The string can be anything. The string is displayed on the chooser page that is displayed to users. Usually the type identifies the type of application.

    6. Select the check box next to an application object.

      Use the Navigation tree to browse for a directory object that contains the application.

      You can only select application objects.

    7. Click Add.

      The Add a New Mapping window closes and the Mappings tab is updated with the new mapping.

    8. Repeat steps d to g to create further mappings.
  4. Assign the dynamic application to users.

    Dynamic applications are assigned to users in the same way as conventional applications. See Publishing Applications.

Client Overrides

Client overrides are a comma-separated list of options used to configure dynamic launch. By default, the client override to configure support for dynamic applications and dynamic application servers is enabled.

You use the following command to configure client overrides:

$ tarantella config edit \
--tarantella-config-applaunch-allowclientoverrides opt ... 

where opt is a comma-separated list. The following table lists the available options.

Option
Description
appserver_pw
Read password cache entries for application servers.
array_pw
Read the password cache for users’ SGD passwords.
dynamic
Enable support for dynamic applications and dynamic application servers.
dynamicappserver_pw
Read password cache entries for dynamic application servers.
false
Disable all client overrides.
true
Enable all client overrides.

For example, to disable all client overrides, use the following command:

$ tarantella config edit \
--tarantella-config-applaunch-allowclientoverrides false 

For example, if you are integrating with Oracle VDI and you want SGD to read the password cache for the users’ VDI credentials, use the following command:

$ tarantella config edit \
--tarantella-config-applaunch-allowclientoverrides dynamic,dynamicappserver_pw 

Using My Desktop

My Desktop enables users to log in and display a full-screen desktop without displaying a webtop.

To be able to use My Desktop, a user must be assigned an application object called My Desktop (cn=My Desktop).

A default My Desktop object (o=applications/cn=My Desktop) is created automatically when SGD is installed. This object is a dynamic application object that has the type-application mappings shown in the following table.

Type
Application
windows
o=applications/cn=Windows Desktop
unix
o=applications/cn=Unix Desktop

By default, this object runs the default desktop application available on the SGD server, as configured for the o=applications/cn=Unix Desktop application object. The windows type-application mapping for My Desktop is configured to run a Windows desktop application. However to be able to use Windows Desktop, you must first assign at least one application server object to the o=applications/cn=Windows Desktop application object. If you do this, users are prompted to choose which desktop application to run. See Dynamic Applications for more details.

You can reconfigure the default My Desktop object to run any application you want, but it works best with full-screen desktop applications. If users require different desktop applications, you can create additional My Desktop objects as required.

Users access My Desktop from their webtop or by using the My Desktop URL, at http://server.example.com/sgd/mydesktop, where server.example.com is the name of an SGD server. This Uniform Resource Locator (URL) displays the SGD Login page. Once the user has logged in, selected an application and application server (if configured), the desktop session is displayed. After the user has logged in, the browser window can be closed.

Alternatively, users can click the My Desktop link on the SGD web server Welcome Page, at http://server.example.com.

Users can be assigned any number of applications, but the My Desktop URL only gives users access to the My Desktop application. To use the My Desktop URL, a user must be assigned only one application called My Desktop.

If the user has paused print jobs, they see a message in the browser window when they log in which enables them to resume printing. You can disable this feature by setting the following value in the mydesktop/index.jsp file, which is located in the /opt/tarantella/webserver/tomcat/tomcat-version/webapps/sgd/ directory.

boolean promptForPrintResume=false

Integrating SGD With Oracle VDI

SGD includes a VDI broker that enables you to give users access to desktops provided by an Oracle VDI server.

The supported versions of Oracle VDI are listed in the Oracle Secure Global Desktop 4.6 Platform Support and Release Notes available at http://docs.sun.com/app/docs/doc/821-1928.

To integrate SGD with VDI, SGD and VDI must be installed on the same host.

Integrating SGD with Oracle VDI involves the following configuration steps:

  1. Create a Windows application object for use with VDI.

    SGD connects to VDI using RDP and so you must use a Windows application object.

    You could create an application object specifically for VDI integration, or you could adapt the My Desktop application. See Using My Desktop.

  2. Create a dynamic application server for the VDI broker.

    See How to Create a Dynamic Application Server for the VDI Broker.

    For information about dynamic application servers and the VDI broker, see Dynamic Application Servers.

  3. Assign the VDI dynamic application server to the VDI Windows application

    Dynamic application servers are assigned to applications in the same way as conventional application servers, as described in How to Assign Application Servers to Applications.


    Caution

    Caution - Ensure that only the VDI dynamic application server is assigned to the application. Remove any conventional application server assignments.


  4. Assign the VDI Windows application object to users.

    See Publishing Applications.

  5. (Optional) Configure the client override to enable the caching of passwords.

    By default, SGD prompts users for credentials every time they connect to a VDI desktop using the VDI broker. See Client Overrides.

How to Create a Dynamic Application Server for the VDI Broker

  1. In the Administration Console, go to the Application Servers tab.
  2. Create a dynamic application server object for the VDI broker.
    1. Select an object in the organizational hierarchy.

      Use the navigation tree to select a directory object to contain the dynamic application server.

    2. In the content area, click New.

      The Create a New Object window displays.

    3. In the Name field, type the name of the dynamic application server.

      For example, VDI Broker.

    4. Ensure the Dynamic Application Server option is selected and click Create.

      The Create a New Object window closes and the content area is updated with the new object.

  3. Configure the dynamic application server object.
    1. Click the View New Object link.

      The General tab for the dynamic application server object is displayed.

    2. In the Virtual Server Broker Class list, select VDI.
    3. In the Virtual Server Broker Parameters field, type localhost.

      The VDI broker can only be used if SGD and Oracle VDI are installed on the same host.

    4. Click Save.