2.3. SGD Gateway Requirements and Support

This section describes the supported platforms and requirements for the SGD Gateway.

Supported Installation Platforms for the SGD Gateway

The supported installation platforms for the SGD Gateway host are shown in Table 2.4, “Supported Installation Platforms for the SGD Gateway.”.

Table 2.4. Supported Installation Platforms for the SGD Gateway.

Operating System

Supported Versions

Oracle Solaris on SPARC platforms

Solaris 10 8/11 (update 10)

Solaris 10 1/13 (update 11)

Solaris 11, 11.1

Oracle Solaris on x86 platforms

Solaris 10 8/11 (update 10)

Solaris 10 1/13 (update 11)

Solaris 11, 11.1

Oracle Linux (32-bit and 64-bit)

5.8

5.9

6.2

6.3

6.4


Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products.

Note

If your users connect to the SGD from a tablet computer, using the SGD Gateway is the only supported method of firewall traversal.

By default, the SGD Gateway is configured to support a maximum of 100 simultaneous HTTP connections, 512 simultaneous Adaptive Internet Protocol (AIP) connections, and 512 simultaneous websocket connections. Websocket connections are AIP connections to tablet computers. The JVM memory size is optimized for this number of connections. Appendix C of the Oracle Secure Global Desktop Gateway Administration Guide has details of how to tune the Gateway for the expected number of users.

Virtualization Support

SGD is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product.

On Oracle Solaris platforms, installation in zones is supported. The SGD Gateway can be installed either in the global zone, or in one or more non-global zones. Installation in both the global zone and a non-global zone is not supported.

Retirements to Supported Gateway Installation Platforms

The following table shows the SGD Gateway installation platforms that have been retired for this release.

SGD Version

Platforms No Longer Supported

5.0

Oracle Linux 5.7

SGD Server Requirements for the SGD Gateway

The following requirements apply for the SGD servers used with the SGD Gateway:

  • Secure mode. By default, the SGD Gateway uses secure connections to SGD servers. You must enable secure connections on your SGD servers. Firewall forwarding must not be enabled.

    In a standard installation, an SGD server is configured automatically to use secure connections.

  • SGD version. It is best to use version 5.0 of SGD with version 5.0 of the Gateway. Use the latest version of the Gateway, where possible.

  • Clock synchronization. It is important that the system clocks on the SGD servers and the SGD Gateway are in synchronization. Use Network Time Protocol (NTP) software, or the rdate command, to ensure that the clocks are synchronized.

Apache Web Server

The Apache web server supplied with the SGD Gateway is Apache version 2.2.24. The web server includes the standard Apache modules for reverse proxying and load balancing. The modules are installed as Dynamic Shared Object (DSO) modules.

Java Technology Version

The SGD Gateway includes Java Runtime Environment (JRE) version 1.6.0_43.

SSL Support

SSL support for the SGD Gateway is provided by the Java Runtime Environment (JRE) supplied with the Gateway. See the Java Platform documentation for more details.

The SGD Gateway supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates. These certificates have the following structure:

-----BEGIN CERTIFICATE-----

...certificate...

-----END CERTIFICATE-----

The SGD Gateway supports the use of external hardware SSL accelerators, with additional configuration.

By default, the SGD Gateway is configured to support the following high grade cipher suites for SSL connections:

  • SSL_RSA_WITH_RC4_128_MD5

  • SSL_RSA_WITH_RC4_128_SHA

  • TLS_RSA_WITH_AES_128_CBC_SHA

  • TLS_RSA_WITH_AES_256_CBC_SHA

  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA

  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA

  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA

  • SSL_RSA_WITH_3DES_EDE_CBC_SHA

  • SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

  • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

The following cipher suites are also supported, but must be configured by the user, as shown in the Oracle Secure Global Desktop Gateway Administration Guide.

  • SSL_RSA_WITH_DES_CBC_SHA

  • SSL_DHE_RSA_WITH_DES_CBC_SHA

  • SSL_DHE_DSS_WITH_DES_CBC_SHA

  • SSL_RSA_EXPORT_WITH_RC4_40_MD5

  • SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

  • SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

  • SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA