This section describes the changes since the SGD version 4.50 release.
This section includes the following topics:
Array join operations are now only permitted if the clock on the server joining the array is in synchronization with the other servers in the array. If the time difference is more than one minute, the array join operation fails.
The tarantella status command now reports any clock synchronization issues for an array. The --byserver option of this command displays the clock setting on each server in the array.
If the clocks in the array are out of synchronization, a warning message is displayed on the Secure Global Desktop Servers tab of the Administration Console.
Use Network Time Protocol (NTP) software or the rdate command to ensure the clocks on all SGD hosts are synchronized.
In this release, Citrix ICA is not supported as a connection protocol for Windows applications. Windows applications are now configured to use the Microsoft RDP protocol by default.
As an alternative, you can configure the Citrix ICA Client as an X application object.
The webtop link for a running application now shows the time and date when the application was started.
The User Session Idle Timeout (--webtop-session-idle-timeout) attribute can now be configured using the Global Settings -> Communication tab of the Administration Console. Previously, this attribute was only configurable from the command line.
The command line name for this attribute has changed, from --tarantella-config-array-webtopsessionidletimeout.
In this release, the following security improvements have been made for SGD web pages.
Autocompletion of user input can be disabled for the SGD login page and the Administration Console login page. Disabling autocomplete prevents browser caching of sensitive data, such as user names and password.
To disable autocomplete, edit the /opt/tarantella/webserver/tomcat/tomcat-version/conf/web.xml file and change the value of the disableloginautocomplete parameter to true. This parameter is false by default. Restart the SGD web server after making changes.
Cross-frame scripting (XFS) vulnerabilities have been fixed. XFS is sometimes used to attempt to steal user credentials.
If secure connections are being used, user session cookies are now marked as secure. This prevents transmission of the cookie over a non-secure connection.
Directory indexes are disabled by default for the SGD web server. This change enhances security, as users cannot browse the directories on the SGD web server.
This release adds support for Arabic and Hebrew keyboards.
Keymap files for Arabic (xarabic.txt) and Hebrew (xhebrew.txt) are included in the /opt/tarantella/etc/data/keymaps directory on the SGD server.
By default, SGD now runs an Input Method (IM) for UNIX platform applications for all locales except C and POSIX.
In previous releases, SGD ran an IM only for Japanese, Korean, and Chinese locales.
To use audio for X applications, Linux and UNIX application servers must be running version 4.6 of the SGD Enhancement Module. UNIX audio services might not work correctly if the versions of SGD and SGD Enhancement Module are different.
Instructions for upgrading the SGD Enhancement Module are included in the Oracle Secure Global Desktop 4.6 Installation Guide.
For commands where the Domain Name System (DNS) name of an SGD server must be specified, such as tarantella array join, a warning message is shown if the fully-qualified DNS name is not used.
For best results, always use fully-qualified DNS names.
The SyslogSink log handler now includes the “SSGD” identifier string in messages that are recorded using syslog. Previously, the string “Secure Global Desktop” was used.
The default printer driver used for Portable Document Format (PDF) printing from Windows application servers is now HP Color LaserJet 2800 Series PS. This change was made to provide support for Windows 7 and Windows Server 2008 application servers.
In previous releases, the default PDF printer driver was HP Color LaserJet 8500 PS. If you are upgrading from an installation that uses this printer driver, SGD is reconfigured automatically to use the new default printer driver. If you are upgrading from an installation where you have configured SGD to use a different printer driver, your existing configuration is preserved on upgrade. If you are using using Windows Server 2003, Windows Vista, or Windows XP application servers, the new default printer driver results in the PDF printer not being mapped.
The --force option has been deprecated for the tarantella start and tarantella stop commands.
The SGD Terminal Services Client, also known as the ttatsc command, has been renamed. The new name is SGD Remote Desktop Client.
The new name is used in the Administration Console.
In this release, there is no longer a requirement to secure SOAP connections from the webtop when you enable secure connections for an SGD server. The tarantella security enable command does not secure the SOAP connections automatically, as in previous releases.
This is due to a change in how listener events are handled by the SGD server.