2.3. SGD Gateway Requirements and Support

This section describes the supported platforms and requirements for the SGD Gateway.

2.3.1. Supported Installation Platforms for the SGD Gateway

The supported installation platforms for the SGD Gateway host are shown in the following table.

Operating System

Supported Versions

Oracle Solaris on SPARC platforms

Solaris 10 8/11 (update 10)

Solaris 11

Oracle Solaris on x86 platforms

Solaris 10 8/11 (update 10)

Solaris 11

Oracle Linux (32-bit and 64-bit)

5.7

5.8

6.2

6.3

Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products.

By default, the SGD Gateway is configured to support a maximum of 100 simultaneous HTTP connections and 512 simultaneous Adaptive Internet Protocol (AIP) connections. The JVM memory size is optimized for this number of connections. Appendix C of the Oracle Secure Global Desktop Gateway Administration Guide for Release 4.7 has details of how to tune the Gateway for the expected number of users.

2.3.1.1. Virtualization Support

The supported installation platforms for the SGD Gateway are supported on a Type 1 (bare metal) hypervisor or a Type 2 (hosted) hypervisor, for example Oracle VM VirtualBox, VMWare, or Oracle VM Server for SPARC (previously called Sun Logical Domains or LDoms).

On Oracle Solaris platforms, installation in zones is supported. The SGD Gateway can be installed either in the global zone, or in one or more non-global zones. Installation in both the global zone and a non-global zone is not supported.

2.3.1.2. Retirements to Supported Gateway Installation Platforms

The following table shows the SGD Gateway installation platforms that have been retired.

SGD Version

Platforms No Longer Supported

4.70

Oracle Solaris 10 up to, and including, 9/10 (update 9)

Red Hat Enterprise Linux 5.5

Oracle Enterprise Linux 5.5

4.60

OpenSolaris (all versions)

Red Hat Enterprise Linux 5.0 to 5.4

Solaris 10 OS up to, and including, 5/09 (update 7)

SUSE Linux Enterprise Server 10

2.3.2. SGD Server Requirements for the SGD Gateway

The following requirements apply for the SGD servers used with the SGD Gateway:

  • Secure mode. By default, the SGD Gateway uses secure connections to SGD servers. You must enable secure connections on your SGD servers. Firewall forwarding must not be enabled.

    In a standard installation, an SGD server is configured automatically to use secure connections.

  • SGD version. The SGD servers must be running at least version 4.5 of SGD. It is best to use version 4.7 of the Gateway.

  • Clock synchronization. It is important that the system clocks on the SGD servers and the SGD Gateway are in synchronization. Use Network Time Protocol (NTP) software, or the rdate command, to ensure that the clocks are synchronized.

2.3.3. Apache Web Server

The Apache web server supplied with the SGD Gateway is Apache version 2.2.22. It includes the standard Apache modules for reverse proxying and load balancing. The modules are installed as Dynamic Shared Object (DSO) modules.

2.3.4. Java Technology Version

The SGD Gateway includes Java Runtime Environment (JRE) version 1.6.0_33.

2.3.5. SSL Support

SSL support for the SGD Gateway is provided by the Java Runtime Environment (JRE) supplied with the Gateway. See the Java Platform documentation for more details.

The SGD Gateway supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates. These certificates have the following structure:

-----BEGIN CERTIFICATE-----

...certificate...

-----END CERTIFICATE-----

The SGD Gateway supports the use of external hardware SSL accelerators, with additional configuration.

By default, the SGD Gateway is configured to support the following high grade cipher suites for SSL connections:

  • SSL_RSA_WITH_RC4_128_MD5

  • SSL_RSA_WITH_RC4_128_SHA

  • TLS_RSA_WITH_AES_128_CBC_SHA

  • TLS_RSA_WITH_AES_256_CBC_SHA

  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA

  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA

  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA

  • SSL_RSA_WITH_3DES_EDE_CBC_SHA

  • SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

  • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

The following cipher suites are also supported, but must be configured by the user as shown in the Oracle Secure Global Desktop Gateway Administration Guide for Release 4.7.

  • SSL_RSA_WITH_DES_CBC_SHA

  • SSL_DHE_RSA_WITH_DES_CBC_SHA

  • SSL_DHE_DSS_WITH_DES_CBC_SHA

  • SSL_RSA_EXPORT_WITH_RC4_40_MD5

  • SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

  • SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

  • SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA