2.1. Deploying the SGD Gateway

This section describes the following SGD Gateway deployment scenarios:

2.1.1. Basic Deployment

This section describes the configuration tasks for a basic deployment of the SGD Gateway.

A basic deployment uses a single SGD Gateway, as shown in Figure 2.1, “Basic Deployment Using a Single SGD Gateway”.

Figure 2.1. Basic Deployment Using a Single SGD Gateway

Network Diagram Showing a Basic Deployment Using a Single SGD Gateway

Configuring a basic deployment involves configuring the connections shown in Table 2.1, “Connections For a Basic Deployment of the SGD Gateway”.

Table 2.1. Connections For a Basic Deployment of the SGD Gateway

Connection

Configuration Steps

Client device to SGD Gateway

  1. Configure the ports and connections used by the SGD Gateway.

    You configured these settings when you installed the SGD Gateway.

    See Section 2.2.1.1, “How to Configure the Ports and Connections for the SGD Gateway” if you want to change the configuration of the SGD Gateway.

  2. On the SGD Gateway, install a Secure Sockets Layer (SSL) certificate for client connections.

    See Section 2.2.1.2, “How to Install an SSL Certificate for Client Connections Into the Client Keystore”.

SGD Gateway to SGD servers

  1. Enable SGD security services for the array.

    The SGD servers must be running in secure mode. Firewall forwarding must not be enabled.

    In a standard installation, an SGD server is configured automatically to use secure connections. See "Secure Connections to SGD Servers" in Chapter 1 of the Oracle Secure Global Desktop Administration Guide for Release 4.7 if you need information on how to secure an SGD server.

  2. On the SGD Gateway, install security certificates for the SGD servers.

    Use the gateway server command to import CA certificates and SSL certificates for the SGD servers in the array into the SGD Gateway keystore.

    See Section 2.2.2.1, “How to Install SGD Server Certificates”.

  3. Set up the SGD servers in the array to use the SGD Gateway.

    Install the SGD Gateway certificate on the SGD array, and use the tarantella gateway add command to register the SGD Gateway with the SGD array.

    See Section 2.2.2.2, “How to Install SGD Gateway Certificates on the SGD Array”.

  4. Configure which SGD Client connections can use the SGD Gateway.

    See Section 2.2.2.3, “How to Configure SGD Client Connections”.


2.1.2. Load-Balanced Deployment

This section describes the configuration tasks for a load-balanced deployment of the SGD Gateway.

A load-balanced deployment uses multiple SGD Gateways and a load balancer as the network entry point, as shown in Figure 2.2, “Network Deployment Using Multiple SGD Gateways and a Load Balancer”.

Figure 2.2. Network Deployment Using Multiple SGD Gateways and a Load Balancer

Network Diagram Showing a Load-Balanced Deployment Using Multiple SGD Gateways and a Load Balancer

Configuring a load-balanced deployment involves configuring the connections shown in Table 2.2, “Connections For a Load-Balanced Deployment of the SGD Gateway”.

Table 2.2. Connections For a Load-Balanced Deployment of the SGD Gateway

Connection

Configuration tasks

Client device to load balancer

  1. Enable incoming connections from client devices.

    Typically, this uses TCP port 443.

    See your load balancer documentation for details of how to do this.

  2. (Optional) On the load balancer, install the SSL certificate used by the SGD Gateways for client connections.

    See your load balancer documentation for details of how to do this.

Load balancer to SGD Gateway

  1. Configure your load balancer to forward connections to the SGD Gateway.

    See your load balancer documentation for details of how to do this.

  2. Configure the ports and connections used by the SGD Gateway.

    Set the network entry point to the address of the load balancer.

    You configured these settings when you installed the SGD Gateway.

    See Section 2.2.1.1, “How to Configure the Ports and Connections for the SGD Gateway” if you want to change the configuration of the SGD Gateway.

  3. On each SGD Gateway, install an SSL certificate for client connections.

    See Section 2.2.1.2, “How to Install an SSL Certificate for Client Connections Into the Client Keystore”.

SGD Gateway to SGD servers

  1. Enable SGD security services for the SGD array.

    The SGD servers must be running in secure mode. Firewall forwarding must not be enabled.

    In a standard installation, an SGD server is configured automatically to use secure connections. See "Secure Connections to SGD Servers" in Chapter 1 of the Oracle Secure Global Desktop Administration Guide for Release 4.7 if you need information on how to secure an SGD server.

  2. On the SGD Gateway, install security certificates for the SGD servers.

    Use the gateway server command to import CA certificates and SSL certificates for the SGD servers in the array into the SGD Gateway keystore.

    See Section 2.2.2.1, “How to Install SGD Server Certificates”.

  3. Set up the SGD servers in the array to use the SGD Gateways.

    Install SGD Gateway certificates on the SGD array, and use the tarantella gateway add command to register the SGD Gateways with the SGD array.

    See Section 2.2.2.2, “How to Install SGD Gateway Certificates on the SGD Array”.

  4. Configure which SGD Client connections can use the SGD Gateways.

    See Section 2.2.2.3, “How to Configure SGD Client Connections”.