1.2. Changes in Release 5.0

This section describes the changes since the SGD 4.70 release.

Changes to the tarantella security enable Command

The default setting for the --firewalltraversal option of the tarantella security enable command is now off. In previous releases, this setting was on by default.

This means that when you run the tarantella security enable command without specifying a --firewalltraversal option, firewall traversal is disabled automatically.

The change has been made to make it easier to configure SGD servers to work with the SGD Gateway and with tablet computers.

Using Untrusted Certificates With Tablet Computers

As part of the introduction of support for tablet computers, changes have been made to the required security configuration when untrusted certificates are used on an SGD server or SGD Gateway.

When a tablet computer connects to a secure SGD array, the user is prompted to download and install one of the following configuration profiles:

  • sgd.mobileconfig. Configuration profile used for the SGD array.

  • sgdg.mobileconfig. Configuration profile used for the SGD Gateway.

A configuration profile is present on each SGD server in the array and contains details of the security certificates used by the array members. A separate configuration profile is used when connecting through the Gateway. See About Configuration Profiles in the Oracle Secure Global Desktop Administration Guide for more details about configuration profiles.

If tablet computers are used to access an array that is secured using untrusted certificates, some manual security configuration steps are required. See How to Configure an SGD Array for Secure Connections to Tablet Computers Using Untrusted Certificates in the Oracle Secure Global Desktop Administration Guide.

The required security configuration when connecting from a tablet computer to a SGD Gateway that uses untrusted certificates is described in How to Configure the SGD Gateway for Connections From Tablet Computers Using Untrusted Certificates in the Oracle Secure Global Desktop Gateway Administration Guide.

Support for Java 7

This release of SGD supports Java 7. Browsers can use Java Plug-in software version 1.7 as a plug-in for Java technology.

Note

For details of known issues when using Java Plug-in software version 1.7, see knowledge document ID 1487307.1 on My Oracle Support (MOS).

Changes to Browser Requirements

For this release, browsers must support cookies and must be configured to allow cookies. If you try to access SGD using a browser where cookies are disabled, you are prompted to enable cookies.

In previous releases, it was not necessary to enable cookies for your browser.

Legacy VDI Broker Not Available

The Legacy VDI broker for integrating with Oracle Virtual Desktop Infrastructure (Oracle VDI) is no longer available.

The Legacy VDI Broker is a virtual server broker that enables SGD to request a desktop from a local Oracle VDI 3.2 installation.

Users of the Legacy VDI broker should upgrade to a supported version of Oracle VDI and use the VDI broker supplied with SGD version 5.0.

Security Improvements for SGD Web Page Cookies

Session cookies used by SGD are now marked as HttpOnly. This change enhances security, as it prevents the cookies from being accessed by client-side scripts written in software such as JavaScript.

Changes for the SGD Remote Desktop Client

New command line options have been added for the SGD Remote Desktop Client, also known as the ttatsc command.

  • The -resize option enables automatic session resizing for Windows applications. For example, if a user rotates a tablet display when viewing the application.

  • The -multimon option is used to select the preferred X extension used by SGD.

Changes for Installing the SGD Client on Mac OS X Platforms

To support the Gatekeeper feature of Mac OS X, the following changes have been made when installing the SGD Client on Mac OS X platforms.

  • The install package file is now signed using a package signing certificate. Additionally, the package file extension has changed from mpkg to pkg.

  • For manual installation of the SGD Client, installing to a user-specific location is no longer available.

Gatekeeper must be configured to allow applications downloaded from Mac App Store and identified developers.