4.5 Dynamic Launch

Dynamic launch is the term used to describe runtime changes that are applied when users start applications. Typically, the runtime changes enable users to select the application server that runs the application, or to choose the application that is started, or both. Configuring dynamic launch can involve dynamic application servers, dynamic applications, and client overrides.

This section covers the following topics:

4.5.1 Dynamic Application Servers

A dynamic application server is an object that represents a virtual server broker (VSB). SGD uses the VSB to obtain a list of application servers that can run an application. If a user can select an application server, a chooser page is displayed that enables the user to specify the application server.

Dynamic application servers are created on the Application Servers tab of the Administration Console, or by using the tarantella object new_host --dynamic command.

The VSB used for a dynamic application server is specified using the Virtual Server Broker Class (--vsbclass) attribute. Any configurable parameters for the VSB are specified using the Virtual Server Broker Parameters (--vsbparams) attribute.

You only need to create one dynamic application server object for each VSB you are using. In general, you only create multiple dynamic application servers for the same VSB if you want to pass different parameters to the VSB.

The following VSBs are supplied with SGD:

  • SGD. This broker enables users to select an application server from the list of application servers assigned to the application.

    See Section 4.5.2, “SGD Broker” for more details about this VSB.

  • User-defined SGD. This broker enables users to specify an application server, or to select from the list of application servers assigned to the application.

    See Section 4.5.3, “User-Defined SGD Broker” for more details about this VSB.

  • VDI. This broker enables SGD to request a desktop from an Oracle Virtual Desktop Infrastructure (Oracle VDI) installation.

    This broker is for Oracle VDI 3.3 and later installations.

    See Section 4.5.4, “VDI Broker” for more details about this VSB.

You can develop your own VSB for use with SGD. Your broker must implement the IVirtualServerBroker interface that is included in the sgd-webservices.jar in the /opt/tarantella/bin/java/com/sco/tta/soap/services/proxy directory.

Dynamic application servers are assigned to an application in the same way as conventional application servers, as described in Section 3.2.1.1, “How to Assign Application Servers to Applications”.

Caution

Only assign one dynamic application server to an application.

Dynamic application servers can override the normal SGD mechanisms for application load balancing. This is because some VSBs, such as the SGD broker and the User-defined SGD broker, enable users to choose where an application is run. With these VSBs, you can prevent application servers from becoming overloaded by using the attributes on an application server object to filter the application servers shown on the chooser page. See Section 7.2.5.1, “Dynamic Application Servers and Load Balancing” for more details.

When dynamic application servers are used, entries in the SGD password cache are usually stored using the dynamic application server as well as the application server. But this can depend on the VSB and configured client overrides.

Some common problems when using VSBs are described in Section 4.9.23, “Troubleshooting Broker Problems”.

4.5.2 SGD Broker

The SGD broker lists the application servers that are assigned to an application object. The dynamic application server itself is not listed.

The user experience when using the SGD broker is as follows:

  • When the user starts an application, a chooser page is displayed that lists the application servers that can run the application. The user must select an application server, and click the Start button to run the application.

  • If only one application server can run the application, the chooser page is not displayed. The application is automatically run on the application server.

  • If the application is a dynamic application, the user selects both the application and the application server.

On the command line, the fully-qualified class name (--vsbclass) for the SGD broker, is com.tarantella.tta.webservices.vsbim.SGDBroker.

The SGD broker does not have any configurable parameters.

When you install SGD, a default dynamic application server object called o=appservers/cn=SGD Broker is created automatically. This dynamic application server is used with the My Desktop application. See Section 4.5.7, “Using My Desktop” for details.

4.5.3 User-Defined SGD Broker

The User-defined SGD broker lists the application servers that are assigned to an application object, and also enables users to specify the name of any application server. Users can run applications on application servers that do not have a corresponding application server object in the local repository. The dynamic application server itself is not listed.

The user experience when using the User-defined SGD broker is as follows:

  • When the user starts an application, a chooser page is displayed. The user either types the name of an application server in the field provided on the chooser page, or selects an application server from the list, and clicks the Start button to start the application.

  • If no SGD-configured application servers are available to the user, the user must type the name of an application server.

  • If the application is a dynamic application, the user must select both the application and the application server.

On the command line, the fully-qualified class name (--vsbclass) for the User-defined SGD broker is com.tarantella.tta.webservices.vsbim.UserDefinedSGDBroker.

The User-defined SGD broker has the following optional parameters for the Virtual Server Broker Parameters (--vsbparams) attribute:

  • createAppserver. SGD automatically creates new application server objects for any user-specified application servers that do not already exist in the local repository. This parameter is disabled by default.

  • hideAppservers. The list of application servers is not displayed in the chooser page. This parameter is disabled by default.

  • checkAppserver. For user-specified application servers, SGD checks that the application server has been assigned to the application object. If the application server is not assigned to the application object, an error message is shown. This parameter is disabled by default.

    This parameter can be used to prevent users from specifying application servers that have not been configured in the local repository. Using this parameter with dynamic applications is not supported.

    Note

    When this parameter is enabled, users must enter the common name of the application server object in the chooser page.

4.5.4 VDI Broker

The VDI broker enables SGD to request a desktop from an Oracle VDI installation. This broker is for Oracle VDI 3.3 and later installations.

HTTPS connections between the VDI host and the VDI broker are secured using an SSL certificate. If the VDI host uses an unsupported or Intermediate CA to sign web services certificates you might need to install the CA or root certificate on the SGD server. See Section 4.5.9, “Integrating with Oracle VDI Using the VDI Broker” for more details.

A typical user experience when using the VDI broker is as follows:

  • When the user starts an application, a login page is displayed. The user must type a VDI user name and password and click the Login button.

    By default the user's SGD credentials are tried, so the login page might not be displayed. SGD can also be configured to cache the VDI credentials, so that the authentication page only displays once for each user. See Section 4.5.6, “Client Overrides”.

  • If the user is assigned multiple VDI desktops, whether a dedicated desktop or desktop pool, a chooser page is displayed that lists the available desktops. The user must select a desktop, and click the Start button to run the application.

  • If the user is assigned a single VDI desktop or desktop pool, the chooser page is not displayed. The VDI desktop is run automatically.

On the command line, the fully-qualified class name (--vsbclass) for the VDI broker is com.oracle.sgd.vsbim.OracleVDIVirtualServerBroker.

You can configure settings for the VDI broker in the following ways:

  • Global settings. These settings apply to all SGD servers in the array.

  • Server-specific settings. These settings apply to a specific SGD server.

Global Settings for the VDI Broker

Global settings are made by configuring the Virtual Server Broker Parameters (--vsbparams) attribute for a dynamic application server object, using the Administration Console or command line.

The following global settings for the VDI broker are available:

  • preferredhosts. This parameter is required.

    Enter a comma-separated list of VDI hosts, enclosed in double-quotes. SGD users are load balanced between the servers in this list.

    Use the web services URL for each VDI host. By default, this is https://vdihost.com:1802/client, where vdihost.com is the name of the VDI host. For example:

      preferredhosts="https://vdihost1.com:1802/client,https://vdihost2.com:1802/client,
      https://vdihost3.com:1802/client"
    
  • failoverhosts

    Enter a comma separated-list of VDI hosts, enclosed in double-quotes. These servers are used if none of the servers specified by preferredhosts are available.

    Use the web services URL for each VDI host. For example:

      failoverhosts="https://vdihost4.com:1802/client,https://vdihost5.com:1802/client,
      https://vdihost6.com:1802/client"
    

You must restart each SGD server in the array for changes to the Virtual Server Broker Parameters attribute to take effect.

Server-Specific Settings for the VDI Broker

Server-specific settings are configured using a broker properties file on the SGD server. Settings made in a broker properties file override global settings made in the Administration Console or on the command line.

Using server-specific settings means that you can configure different preferredhosts and failoverhosts settings for each SGD server, to take advantage of geographical or network proximity.

The broker properties file supports additional broker parameters, such as timeout settings and the location of the certificate truststore. These parameters are not available when using the Administration Console or command line.

The broker properties file is named oracle-vdi-vsb.properties and is located in the following directory on an SGD server:

/opt/tarantella/webserver/tomcat/tomcat-version/webapps/sgd/WEB-INF/classes/com/oracle/sgd/vsbim

A sample broker properties file, oracle-vdi-vsb.properties.sample, is included in this directory. To create a broker properties file, make a copy of this file and rename it to oracle-vdi-vsb.properties. Edit the parameters in the file to suit your requirements.

You must restart the SGD server for changes to the broker properties file to take effect.

Table 4.3, “Properties File Settings for the VDI Broker” lists the available parameters when you use a broker properties file.

Table 4.3 Properties File Settings for the VDI Broker

Parameter

Description

truststore

Path to a dedicated certificate truststore on the SGD server. For example:

truststore=/usr/share/certs/vdi

Ensure that the truststore file has global read permissions, such as 644. Parent directories of the truststore must have permissions of 755.

preferredhosts

A comma separated list of VDI hosts. SGD users are load balanced between the servers in this list. For example:

preferredhosts=https://vdihost1.com:1802/client,https://vdihost2.com:1802/client,https://vdihost3.com:1802/client

Note

When using a broker properties file, lists of host names should not be enclosed in double quotes.

This property setting overrides any preferredhosts settings you have configured for the dynamic application server object using the Administration Console or command line.

failoverhosts

A comma separated list of VDI hosts. These servers are used if none of the servers specified by preferredhosts are available. For example:

failoverhosts=https://vdihost4.com:1802/client,https://vdihost5.com:1802/client,https://vdihost6.com:1802/client

Note

When using a broker properties file, lists of host names should not be enclosed in double quotes.

This property setting overrides any failoverhosts settings you have configured for the dynamic application server object using the Administration Console or command line.

timehostunavailable

The time period before a VDI host marked as unavailable is contacted again, in seconds.

A host might be marked as unavailable if the broker could not contact the server, or if an error message was returned when contacting the server.

The default time period is 60 seconds. This is the minimum setting.

connectiontimeout

The time period allowed to connect to a VDI host, in seconds.

The default time period is 30 seconds. This is the minimum setting.

readtimeout

The time period allowed to perform a read operation from a VDI host, in seconds.

The default time period is 90 seconds. The minimum setting is 30 seconds.


4.5.5 Dynamic Applications

A dynamic application represents one or more application objects. When the user starts a dynamic application, a chooser page is displayed that enables the user to select an application to run.

A dynamic application object consists of a set of mappings between type strings and SGD application objects. For example, you could create a dynamic application to enable users to choose between a Windows desktop session or Linux desktop session. Such a dynamic application might use the mappings shown in the following table.

Type

Application

windows

o=applications/cn=Windows Desktop

linux

o=applications/cn=Linux Desktop

Dynamic applications are created on the Applications tab of the Administration Console, or by using the tarantella object new_dynamicapp command. See Section 4.5.5.1, “How to Create a Dynamic Application”.

Type-application mappings for dynamic applications can be configured on the Mappings tab for the dynamic application object, or with the tarantella object add_mapping and tarantella object remove_mapping commands.

The type is a string that is specified when a mapping is added. Because the type is displayed on the chooser page, generally the type identifies the type of application. But it can be any unique string you want.

Dynamic applications are assigned to users in the same way as conventional applications, as described in Section 3.2, “Publishing Applications”. You can assign multiple dynamic applications to a user.

When you install SGD, a default dynamic application object called o=applications/cn=My Desktop is created automatically and is used for the My Desktop application. See Section 4.5.7, “Using My Desktop” for details.

4.5.5.1 How to Create a Dynamic Application

Ensure that the applications that you want to map to the dynamic application already exist.

  1. In the Administration Console, go to the Applications tab.

  2. Create the dynamic application object.

    1. Select an object in the organizational hierarchy.

      Use the navigation tree to select a directory object to contain the dynamic application.

    2. In the content area, click New.

      The Create a New Object window is displayed.

    3. In the Name field, type the name of the dynamic application.

      The name you type is used for the link on the workspace.

    4. Ensure that the Dynamic Application option is selected and click Create.

      The Create a New Object window closes and the content area is updated with the new object.

  3. Configure the dynamic application.

    1. Click the View New Object link.

      The General tab for the dynamic application object is displayed.

    2. (Optional) Change the Icon for the dynamic application.

      The icon is used on the workspace.

    3. Click the Mappings tab.

    4. In the Editable Mappings table, click Add.

      The Add a New Mapping window is displayed.

    5. In the Mapping Type field, type a string to identify the mapping.

      The string can be anything. The string is displayed on the chooser page that is displayed to users. Usually the type identifies the type of application.

    6. Select the check box next to an application object.

      Use the Navigation tree to browse for a directory object that contains the application.

      You can only select application objects.

    7. Click Add.

      The Add a New Mapping window closes and the Mappings tab is updated with the new mapping.

    8. Repeat steps d to g to create further mappings.

  4. Assign the dynamic application to users.

    Dynamic applications are assigned to users in the same way as conventional applications. See Section 3.2, “Publishing Applications”.

4.5.6 Client Overrides

Client overrides are a comma-separated list of options used to configure dynamic launch. By default, the client override to configure support for dynamic applications and dynamic application servers is enabled.

You use the following command to configure client overrides:

$ tarantella config edit \
--tarantella-config-applaunch-allowclientoverrides opt ... 

where opt is a comma-separated list. The following table lists the available options.

Option

Description

appserver_pw

Enables reading of password cache entries for application servers.

array_pw

Enables reading of the password cache for users' SGD passwords.

dynamic

Enable support for dynamic applications and dynamic application servers.

dynamicappserver_pw

Enables reading of password cache entries for dynamic application servers.

false

Disable all client overrides.

true

Enable all client overrides.

For example, to disable all client overrides, use the following command:

$ tarantella config edit \
--tarantella-config-applaunch-allowclientoverrides false 

For example, if you are integrating with Oracle VDI and you want SGD to read the password cache for the users' VDI credentials, use the following command:

$ tarantella config edit \
--tarantella-config-applaunch-allowclientoverrides dynamic,dynamicappserver_pw 

4.5.7 Using My Desktop

My Desktop enables users to log in and display a full-screen desktop without displaying a workspace.

To be able to use My Desktop, a user must be assigned an application object called My Desktop (cn=My Desktop).

A default My Desktop object (o=applications/cn=My Desktop) is created automatically when SGD is installed. This object is a dynamic application object that has the type-application mappings shown in the following table.

Type

Application

windows

o=applications/cn=Windows Desktop

unix

o=applications/cn=Unix Desktop

By default, this object runs the default desktop application available on the SGD server, as configured for the o=applications/cn=Unix Desktop application object. The windows type-application mapping for My Desktop is configured to run a Windows desktop application. However to be able to use Windows Desktop, you must first assign at least one application server object to the o=applications/cn=Windows Desktop application object. If you do this, users are prompted to choose which desktop application to run. See Section 4.5.5, “Dynamic Applications” for more details.

You can reconfigure the default My Desktop object to run any application you want, but it works best with full-screen desktop applications. If users require different desktop applications, you can create additional My Desktop objects as required.

Users access My Desktop from their workspace or by using the My Desktop URL, at https://server.example.com/sgd/mydesktop, where server.example.com is the name of an SGD server. This URL displays the SGD Login page. Once the user has logged in, selected an application and application server (if configured), the desktop session is displayed. After the user has logged in, the browser window can be closed.

Alternatively, users can click the My Desktop link on the SGD web server Welcome page, at https://server.example.com.

Users can be assigned any number of applications, but the My Desktop URL only gives users access to the My Desktop application. To use the My Desktop URL, a user must be assigned only one application called My Desktop.

If the user has paused print jobs, they see a message in the browser window when they log in which enables them to resume printing. You can disable this feature by setting the following value in the mydesktop/index.jsp file, which is located in the /opt/tarantella/webserver/tomcat/tomcat-version/webapps/sgd/ directory.

boolean promptForPrintResume=false

4.5.8 Integrating SGD With Oracle VDI

SGD provides the following methods of integrating with Oracle VDI.

The supported versions of Oracle VDI are listed in the Oracle Secure Global Desktop Platform Support and Release Notes.

4.5.9 Integrating with Oracle VDI Using the VDI Broker

Integrating SGD with Oracle VDI using the VDI broker involves the following configuration steps:

  1. (Optional) Import certificates from each VDI server, as shown in Section 4.5.9.1, “How to Install VDI Certificates on an SGD Server”.

    This step is only required if you are using the VDI broker with a VDI server that uses an unsupported or Intermediate CA to sign web services certificates. In this case, the SGD server must be configured to trust the web services certificates. This is done by importing the following certificates:

    • Unsupported CA. Import the CA or root certificate

    • Intermediate CA. Import the CA certificate chain

  2. Create a Windows application object for use with VDI.

    SGD connects to VDI using RDP and so you must use a Windows application object.

    You could create an application object specifically for VDI integration, or you could adapt the My Desktop application. See Section 4.5.7, “Using My Desktop”.

  3. Create a dynamic application server for the VDI broker.

    See Section 4.5.9.2, “How to Create a Dynamic Application Server for the VDI Broker”.

    For information about dynamic application servers and the VDI broker, see Section 4.5.1, “Dynamic Application Servers”.

  4. Assign the VDI dynamic application server to the VDI Windows application.

    Dynamic application servers are assigned to applications in the same way as conventional application servers, as described in Section 3.2.1.1, “How to Assign Application Servers to Applications”.

    Caution

    Ensure that only the VDI dynamic application server is assigned to the application. Remove any conventional application server assignments.

  5. Assign the VDI Windows application object to users.

    See Section 3.2, “Publishing Applications”.

  6. (Optional) Configure the client override to enable the caching of passwords.

    By default, SGD prompts users for credentials every time they connect to a VDI desktop using the VDI broker. See Section 4.5.6, “Client Overrides”.

4.5.9.1 How to Install VDI Certificates on an SGD Server

Ensure that no users are logged in to the SGD server and that there are no running application sessions, including suspended application sessions.

Repeat the following procedure on each SGD server in the array.

  1. Log in as superuser (root) on the SGD server.

  2. Import the web services CA certificates from each VDI server into a dedicated truststore on the SGD server.

    The truststore for web services certificates on an VDI server is the /etc/opt/SUNWvda/webserver/keystore file. The web services CA certificate is stored in the truststore using an alias of tomcat.

    Configure the path to the truststore on the SGD server for VDI web services certificates. Use the truststore property of the oracle-vdi-vsb.properties broker properties file. For example:

    truststore=/usr/share/certs/vdi

    The truststore must have global read permissions, such as 644. Parent directories of the truststore must have permissions of 755.

    Use the keytool application to import certificates into the truststore on the SGD server, as shown in the following example:

    # /opt/tarantella/bin/jre/bin/keytool -importcert \
    -file certificate-path \
    -keystore truststore-path \
    -storepass passwd \
    -alias alias

    The alias uniquely identifies the certificate and passwd is the truststore password. The location of the truststore is given by truststore-path.

  3. Restart the SGD server.

    # tarantella restart

    You must restart the SGD server for the CA certificate to become effective.

4.5.9.2 How to Create a Dynamic Application Server for the VDI Broker

  1. In the Administration Console, go to the Application Servers tab.

  2. Create a dynamic application server object for the VDI broker.

    1. Select an object in the organizational hierarchy.

      Use the navigation tree to select a directory object to contain the dynamic application server.

    2. In the content area, click New.

      The Create a New Object window displays.

    3. In the Name field, type the name of the dynamic application server.

      For example, VDI Broker.

    4. Ensure the Dynamic Application Server option is selected and click Create.

      The Create a New Object window closes and the content area is updated with the new object.

  3. Configure the dynamic application server object.

    1. Click the View New Object link.

      The General tab for the dynamic application server object is displayed.

    2. In the Virtual Server Broker Class list, select VDI broker.

    3. In the Virtual Server Broker Parameters field, enter broker parameters. For example:

      preferredhosts="https://vdihost1.com:1802/client,https://vdihost2.com:1802/client,
      https://vdihost3.com:1802/client"
      failoverhosts="https://vdihost4.com:1802/client,https://vdihost5.com:1802/client"

      You can also use a properties file to configure broker parameters. See Section 4.5.4, “ Server-Specific Settings for the VDI Broker ”.

      See Section 4.5.4, “VDI Broker” for details of the supported parameters for the VDI broker.

    4. Click Save.

    5. Restart the SGD server.

      # tarantella restart

4.5.10 Integrating with Oracle VDI Using a Windows Application

Use this method if it is not possible to use either of the VDI brokers supplied with SGD.

  1. Create a Windows application object for use with VDI.

    SGD connects to VDI using RDP and so you must use a Windows application object.

    You could create an application object specifically for VDI integration, or you could adapt the Windows Desktop application.

  2. (Optional) Configure an application server object for the Oracle VDI host.

    If the SGD server and Oracle VDI are on the same host, this step is not required.

    For the Address field for the application server object, enter the address of the Oracle VDI host.

  3. Assign the application server to the VDI Windows application object.

    This is described in Section 3.2.1.1, “How to Assign Application Servers to Applications”.

  4. Assign the VDI Windows application object to users.

    See Section 3.2, “Publishing Applications”.

  5. (Optional) When you connect to Oracle VDI using this method, a chooser page is not shown. The default desktop for the user is displayed.

    To access a specific desktop or pool, add the pool name and the optional desktop ID to your user name when you log in to Oracle VDI.

    Use Shift-Click to display the authentication dialog, and enter your user name in the following format:

    username::pool=poolname[,desktop=desktopId]

    For example, to connect to your default desktop in a pool called win-xp:

    username::pool=win-xp

    For example, to connect to a specific desktop in a pool called win-xp:

    username::pool=win-xp,desktop=33