4.2. Objects and Applications

SGD uses organizational hierarchies to manage users and give them access to applications.

4.2.1. Organizations and Objects

SGD is built on the principles of directory services. Users, applications, and application servers are represented by objects in a directory. The objects are arranged into an organizational hierarchy representing your organization.

See Designing the Organizational Hierarchy for details of how the authentication mechanisms you use can affect your organizational hierarchy.

4.2.2. SGD Administrators

An SGD Administrator is a user who has special privileges to create users and manage an SGD array.

In SGD, administration privileges are managed using the Global Administrators role object in the System Objects organization.

See SGD Administrators for details of how to add and remove SGD Administrators.

4.2.3. Windows Applications

Windows applications in SGD can use the following security features of Microsoft Windows Remote Desktop Services.

  • Authentication settings

  • Encryption level

  • Transport Layer Security (TLS)

  • Network Level Authentication (NLA)

See Configuring Microsoft Windows Remote Desktop Services for Use With SGD for more details of Remote Desktop Services security features supported by SGD.

4.2.4. X Applications

By default, SGD secures X displays using X authorization. This prevents users from accessing X displays that they are not authorized to access.

4.2.5. Integrating With Oracle VDI

SGD provides the following methods of integrating with Oracle Virtual Desktop Infrastructure (Oracle VDI).

  • Using a broker. SGD includes virtual server brokers (VSBs) that enable users to access desktops provided by an Oracle VDI server.

    Connections to Oracle VDI desktops are secured using Remote Desktop Protocol (RDP).

    The VDI broker for Oracle VDI 3.3 and later uses the VDI web services API to authenticate users, obtain a list of desktops, and start and stop a desktop. Web services connections are secured using HTTPS.

  • Using a Windows application object. This method can be used if you are unable to use either of the brokers supplied with SGD.

    Connections to Oracle VDI desktops are secured using RDP.

See Integrating SGD With Oracle VDI for details of integrating SGD with Oracle VDI.

See the Oracle VDI Documentation for more information about securing Oracle VDI.

4.2.6. Application Authentication

When a user clicks a link to start an application, SGD connects to the application server, handles the authentication process, and starts the application.

By default, SGD stores the user names and passwords used to run applications in its application server password cache. SGD also stores the user names and passwords used to log in to SGD.

Entries in the application server password cache are encrypted with an encryption key. When starting applications, the passwords are decrypted as they are needed. See The Application Server Password Cache for more details.

For Windows applications, the Remote Desktop Session Host handles the authentication process.

See Application Authentication for more details about how application authentication works in SGD.