Exit Print View

Oracle Secure Global Desktop Platform Support and Release Notes for Version 4.61

Document Information

Preface

1.  New Features and Changes

2.  System Requirements and Support

SGD Server Requirements and Support

Hardware Requirements for SGD

Supported Installation Platforms for SGD

Operating System Modifications

5250 and 3270 Applications

Solaris 10 OS

Red Hat Enterprise Linux and Oracle Enterprise Linux

Virtualization Support

Retirements to Supported SGD Installation Platforms

Supported Upgrade Paths

Java Technology Version

Required Users and Privileges

Network Requirements

Clock Synchronization

SGD Web Server

Supported Authentication Mechanisms

Supported Versions of Active Directory

Supported LDAP Directories

Supported Versions of SecurID

SSL Support

Printing Support

Client Device Requirements and Support

Supported Client Platforms

Virtualization Support

Retirements to Supported Client Platforms

Supported Proxy Servers

PDF Printing Support

Supported Smart Cards

SGD Gateway Requirements and Support

Supported Installation Platforms for the SGD Gateway

Virtualization Support

Retirements to Supported Gateway Installation Platforms

SGD Server Requirements for the SGD Gateway

Apache Web Server

Supported Cipher Suites for SSL Connections

Application Requirements and Support

Supported Applications

Supported Installation Platforms for the SGD Enhancement Module

Virtualization Support

Retirements to Supported Installation Platforms for the SGD Enhancement Module

Microsoft Windows Terminal Services

Audio Quality

Color Depth

Encryption Level

Transport Layer Security

X and Character Applications

Supported X Extensions

Character Applications

Virtual Desktop Infrastructure

Deprecated Features

3.  Known Issues, Bug Fixes, and Documentation Issues

SGD Server Requirements and Support

This section contains the following topics:

Hardware Requirements for SGD

Use the following hardware requirements as a guide and not as an exact sizing tool. For detailed help with hardware requirements, contact an Oracle sales office.

The requirements for a server hosting SGD can be calculated based on the total of the following:

The following are the requirements for installing and running SGD:

This is in addition to what is required for the operating system itself and assumes the server is used only for SGD.

The following are the requirements to support users who log in to SGD and run applications:


Caution

Caution - The actual central processing unit (CPU) and memory requirements can vary significantly, depending on the applications used.


Supported Installation Platforms for SGD

The following table lists the supported installation platforms for SGD.

Operating System
Supported Versions
Solaris Operating System (Solaris OS)

on SPARC platforms

At least Solaris 10 10/09

Trusted Extensions at least Solaris 10 10/09

Solaris OS on x86 platforms
At least Solaris 10 10/09

Trusted Extensions at least Solaris 10 10/09

Red Hat Enterprise Linux (32-bit and 64-bit)
5.5
Oracle Enterprise Linux (32-bit and 64-bit)
5.5
Operating System Modifications

You might have to make some operating system modifications. Without these modifications, SGD might not install properly or operate correctly.

5250 and 3270 Applications

The libXm.so.3 library is required to support 5250 and 3270 applications. This library is available in the OpenMotif 2.2 package.

Solaris 10 OS

You must install at least the End User Solaris OS distribution to get the libraries required by SGD. If you do not, SGD does not install.

The TCP Fusion feature of Solaris 10 OS can cause problems with some local socket connections used by SGD. Disable the TCP Fusion feature before you install SGD, as follows:

  1. Add the following line at the bottom of the /etc/system file.

    set ip:do_tcp_fusion = 0x0
  2. Reboot the server.

Red Hat Enterprise Linux and Oracle Enterprise Linux

The default /etc/hosts file for Red Hat Enterprise Linux and Oracle Enterprise Linux contains a single entry, which incorrectly maps the host name of the SGD host to the local loopback address, 127.0.0.1.

Edit the /etc/hosts file to remove this mapping, and add a new entry that maps the name of the SGD host to the network Internet Protocol (IP) address of the SGD host. The SGD host name must not be mapped to the local loopback IP address.

Virtualization Support

The supported installation platforms for SGD are supported on a Type 1 (bare metal) hypervisor or a Type 2 (hosted) hypervisor, for example Oracle VM VirtualBox, VMWare, or Oracle VM Server for SPARC (previously called Sun Logical Domains or LDoms).

Installation in zones is supported for Solaris 10 OS. SGD can be installed either in the global zone, or in one or more non-global zones. Installation in both the global zone and a non-global zone is not supported.

On Solaris 10 OS Trusted Extensions platforms, you must install SGD in a labeled zone. Do not install SGD in the global zone.

Retirements to Supported SGD Installation Platforms

The following table shows the SGD installation platforms that have been retired.

SGD Version
Platforms No Longer Supported
4.60
OpenSolaris (all versions)

Red Hat Enterprise Linux 5.0 to 5.4

Solaris 10 OS up to, and including, Solaris 10 5/09

SUSE Linux Enterprise Server 10

4.50
Solaris 8 OS

Solaris 9 OS

Red Hat Enterprise Linux 4

Fedora Linux 8

SUSE Linux Enterprise Server 9

Supported Upgrade Paths

Upgrades to version 4.61 of SGD are only supported from the following versions:

If you want to upgrade from any other version of SGD, contact Oracle Support.

Java Technology Version

The following table shows the JDK versions included with SGD.

SGD Version
JDK Version
4.61
1.6.0_24
4.60
1.6.0_21
4.50
1.6.0_13
4.41
1.6.0_05

Required Users and Privileges

To install SGD, you must have superuser (root) privileges.

The system must have ttaserv and ttasys users and a ttaserv group before you can install SGD.

The ttasys user owns all the files and processes used by the SGD server. The ttaserv user owns all the files and processes used by the SGD web server.

The SGD server does not require superuser (root) privileges to run. The SGD server starts as the root user and then downgrades to the ttasys user.

If you try to install the software without these users and group in place, the installation program stops without making any changes to the system and displays a message telling you what you need to do. The message includes details of an install script that you can run to create the required users and group.

If you need to create the required users and group manually, the following are the requirements:

One way to create these users is with the useradd and groupadd commands, for example:

# groupadd ttaserv
# useradd -g ttaserv -s /bin/sh -d /home/ttasys -m ttasys
# useradd -g ttaserv -s /bin/sh -d /home/ttaserv -m ttaserv
# passwd -l ttasys
# passwd -l ttaserv

To check whether the ttasys and ttaserv user accounts are correctly set up on your system, use the following commands.

# su ttasys -c "/usr/bin/id -a"
# su ttaserv -c "/usr/bin/id -a"

If your system is set up correctly, the command output should be similar to the following examples.

uid=1002(ttaserv) gid=1000(ttaserv) groups=1000(ttaserv)
uid=1003(ttasys) gid=1000(ttaserv) groups=1000(ttaserv)

Network Requirements

You must configure your network for use with SGD. The following are the main requirements:

The Oracle Secure Global Desktop 4.6 Administration Guide has detailed information about all the ports used by SGD and how to use SGD with firewalls. The following information lists the common ports used.

Client devices must be able to make Transmission Control Protocol/Internet Protocol (TCP/IP) connections to SGD on the following TCP ports:


Note - The initial connection between an SGD Client and an SGD server is always secure. After the user logs in to SGD, the connection is downgraded to a standard connection. When you first install SGD, TCP ports 3144 and 5307 must be open to connect to SGD. You can configure SGD to always use secure connections.


To run applications, SGD must be able to make TCP/IP connections to application servers. The types of applications determine the TCP ports that must be open, for example:

Clock Synchronization

In SGD, an array is a collection of SGD servers that share configuration information. As the SGD servers in an array share information about user sessions and application sessions, it is important to synchronize the clocks on the SGD hosts. Use Network Time Protocol (NTP) software or the rdate command to ensure the clocks on all SGD hosts are synchronized.

SGD Web Server

The SGD web server consists of an Apache web server and a Tomcat JavaServer Pages (JSP) technology container preconfigured for use with SGD.

The SGD web server consists of the following components.

Component Name
SGD Version 4.61 Component Version
SGD Version 4.60 Component Version
SGD Version 4.50 Component Version
Apache HTTP Server
2.2.17
2.2.16
2.2.10
OpenSSL
1.0.0.d
1.0.0a
0.9.8k
mod_jk
1.2.31
1.2.27
1.2.27
Apache Jakarta Tomcat
6.0.32
6.0.29
6.0.18
Apache Axis
1.4
1.4
1.4

The Apache web server includes all the standard Apache modules as shared objects.

The minimum Java Virtual Machine (JVM) software heap size for the Tomcat JSP technology container is 256 megabytes.

Supported Authentication Mechanisms

The following are the supported mechanisms for authenticating users to SGD:

Supported Versions of Active Directory

Active Directory authentication and LDAP authentication are supported on the following versions of Active Directory:

Supported LDAP Directories

SGD supports version 3 of the standard LDAP protocol. You can use LDAP authentication with any LDAP version 3-compliant directory server. However, SGD only supports the following directory servers:

Other directory servers might work, but are not supported.

Supported Versions of SecurID

SGD works with versions 4, 5, 6, and 7 of RSA Authentication Manager (formerly known as ACE/Server).

SGD supports system-generated PINs and user-created PINs.

SSL Support

SGD supports TLS version 1.0 and SSL version 3.0.

SGD supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates. These certificates have the following structure:

-----BEGIN CERTIFICATE-----...certificate...-----END CERTIFICATE-----

SGD supports the Subject Alternative Name (subjectAltName) extension for SSL certificates. SGD also supports the use of the * wildcard for the first part of the domain name, for example *.example.com.

SGD includes support for a number of Certificate Authorities (CAs). The /opt/tarantella/etc/data/cacerts.txt file contains the X.500 Distinguished Names (DNs) and MD5 signatures of all the CA certificates that SGD supports. Additional configuration is required to support SSL certificates signed by an unsupported CA. Intermediate CAs are supported, but additional configuration might be required if any of the certificates in the chain are signed by an unsupported CA.

SGD supports the use of external hardware SSL accelerators, with additional configuration.

SGD supports the following cipher suites:

Printing Support

SGD supports two types of printing: PDF printing and Printer-Direct printing.

For PDF printing, SGD uses Ghostscript to convert print jobs into Portable Document Format (PDF) files. At least version 6.52 of Ghostscript must be installed on the SGD host. Your Ghostscript distribution must include the ps2pdf program. For best results, install the latest version of Ghostscript.

SGD supports Printer-Direct printing to PostScript, Printer Command Language (PCL), and text-only printers attached to the user’s client device. The SGD tta_print_converter script performs any conversion needed to format print jobs correctly for the client printer. The tta_print_converter script uses Ghostscript to convert from Postscript to PCL. To support this conversion, Ghostscript must be installed on the SGD server. For best results, download and install the additional fonts.

Ghostscript is not included with the SGD software.