2.1. SGD Server Requirements and Support

This section describes the supported platforms and requirements for SGD servers.

Supported Installation Platforms for SGD

Table 2.1, “Supported Installation Platforms for SGD” lists the supported installation platforms for SGD.

Table 2.1. Supported Installation Platforms for SGD

Operating System

Supported Versions

Oracle Solaris on SPARC platforms

Solaris 10 8/11 (update 10)

Solaris 10 1/13 (update 11)

Solaris 11, 11.1

Trusted Extensions versions of the above

Oracle Solaris on x86 platforms

Solaris 10 8/11 (update 10)

Solaris 10 1/13 (update 11)

Solaris 11, 11.1

Trusted Extensions versions of the above

Oracle Linux (32-bit and 64-bit)

5.8

5.9

6.2

6.3

6.4


Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products.

Virtualization Support

SGD is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product.

Installation in zones is supported for Oracle Solaris platforms. SGD can be installed either in the global zone, or in one or more non-global zones. Installation in both the global zone and a non-global zone is not supported.

On Oracle Solaris Trusted Extensions platforms, you must install SGD in a labeled zone. Do not install SGD in the global zone.

Retirements to Supported SGD Installation Platforms

The following table shows the SGD installation platforms that have been retired for this release.

SGD Version

Platforms No Longer Supported

5.0

Oracle Linux 5.7

Supported Upgrade Paths

Upgrades to version 5.0 of SGD are only supported from the following versions:

  • Oracle Secure Global Desktop Software version 4.70.909

  • Oracle Secure Global Desktop Software version 4.63.905

  • Oracle Secure Global Desktop Software version 4.62.913

If you want to upgrade from any other version of SGD, contact Oracle Support.

Java Technology Version

This release of SGD includes JDK version 1.6.0_43.

SGD Web Server

The SGD web server consists of an Apache web server and a Tomcat JavaServer Pages (JSP) technology container preconfigured for use with SGD.

The SGD web server consists of several components. The following table lists the web server component versions for this release of SGD.

Component Name

Version

Apache HTTP Server

2.2.24

OpenSSL

1.0.0k

mod_jk

1.2.37

Apache Tomcat

7.0.37

Apache Axis

1.4

The Apache web server includes all the standard Apache modules as shared objects.

The minimum Java Virtual Machine (JVM) software heap size for the Tomcat JSP technology container is 256 megabytes.

Supported Authentication Mechanisms

The following are the supported mechanisms for authenticating users to SGD:

  • Lightweight Directory Access Protocol (LDAP) version 3

  • Microsoft Active Directory

  • Network Information Service (NIS)

  • RSA SecurID

  • Web server authentication (HTTP/HTTPS Basic Authentication), including public key infrastructure (PKI) client certificates

Supported Versions of Active Directory

Active Directory authentication and LDAP authentication are supported on the following versions of Active Directory:

  • Windows Server 2003

  • Windows Server 2003 R2

  • Windows Server 2008

  • Windows Server 2008 R2

Supported LDAP Directories

SGD supports version 3 of the standard LDAP protocol. You can use LDAP authentication with any LDAP version 3-compliant directory server. However, SGD only supports the following directory servers:

  • Oracle Internet Directory 11gR1 (all 11.1.1.x.0 releases)

  • Oracle Directory Server Enterprise Edition version 11gR1

  • Microsoft Active Directory, as shown in Supported Versions of Active Directory

Other directory servers might work, but are not supported.

Sun Directory Server is no longer supported as an LDAP directory server.

Supported Versions of SecurID

SGD works with versions 4, 5, 6, and 7 of RSA Authentication Manager (formerly known as ACE/Server).

SGD supports system-generated PINs and user-created PINs.

SSL Support

SGD supports TLS version 1.0 and SSL version 3.0.

SGD supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates. These certificates have the following structure:

-----BEGIN CERTIFICATE-----

...certificate...

-----END CERTIFICATE-----

SGD supports the Subject Alternative Name (subjectAltName) extension for SSL certificates. SGD also supports the use of the * wildcard for the first part of the domain name, for example *.example.com.

SGD includes support for a number of Certificate Authorities (CAs). The /opt/tarantella/etc/data/cacerts.txt file contains the X.500 Distinguished Names (DNs) and MD5 signatures of all the CA certificates that SGD supports. Additional configuration is required to support SSL certificates signed by an unsupported CA. Intermediate CAs are supported, but additional configuration might be required if any of the certificates in the chain are signed by an unsupported CA.

SGD supports the use of external hardware SSL accelerators, with additional configuration.

SGD supports the following cipher suites:

  • RSA_WITH_AES_256_CBC_SHA

  • RSA_WITH_AES_128_CBC_SHA

  • RSA_WITH_3DES_EDE_CBC_SHA

  • RSA_WITH_RC4_128_SHA

  • RSA_WITH_RC4_128_MD5

  • RSA_WITH_DES_CBC_SHA

Printing Support

SGD supports two types of printing: PDF printing and Printer-Direct printing.

For PDF printing, SGD uses Ghostscript to convert print jobs into PDF files. Your Ghostscript distribution must include the ps2pdf program. For best results, install the latest version of Ghostscript on the SGD host.

SGD supports Printer-Direct printing to PostScript, Printer Command Language (PCL), and text-only printers attached to the user's client device. The SGD tta_print_converter script performs any conversion needed to format print jobs correctly for the client printer. The tta_print_converter script uses Ghostscript to convert from Postscript to PCL. To support this conversion, Ghostscript must be installed on the SGD server. For best results, download and install the additional fonts.

Ghostscript is not included with the SGD software.