1.2. New Features in Version 4.50

This section describes the features that are new in the SGD version 4.50 release.

1.2.1. Introducing the SGD Gateway

This release introduces the Oracle Secure Global Desktop Gateway (SGD Gateway).

The SGD Gateway is a proxy server designed to be deployed in front of an SGD array in a demilitarized zone (DMZ). This enables the SGD array to be located on the internal network of an organization. Additionally, all connections can be authenticated in the DMZ before any connections are made to the SGD servers in the array.

Using the SGD Gateway is an alternative to running your SGD servers with firewall traversal, also called firewall forwarding.

The SGD Gateway manages load balancing of Hypertext Transfer Protocol (HTTP) connections, so you do not need to use the JavaServer Pages™ ( JSP™ ) technology load balancing page included with SGD.

The SGD Gateway software is included with the SGD distribution.

Instructions on how to install, configure, and use the SGD Gateway are included in the Oracle Secure Global Desktop 4.6 Gateway Administration Guide. This document also includes details of supported platforms. Installing the SGD Gateway

To install the SGD Gateway, click the Install the Oracle Secure Global Desktop Gateway link on the SGD web server Welcome Page and follow the instructions on the screen.

By default, the SGD Gateway is installed in the /opt/SUNWsgdg directory on the SGD Gateway host. Architecture of the SGD Gateway

The SGD Gateway consists of the following components:

  • Routing proxy. A Java™ technology-based application that routes Adaptive Internet Protocol (AIP) data connections to an SGD server.

    Keystores in the routing proxy contain the certificates and private keys used to secure connections for the SGD Gateway.

    The routing proxy uses routing tokens to manage AIP connections. A routing token is a signed, encrypted message that identifies the origin and destination SGD server for a route.

  • Reverse proxy. An Apache web server, configured to operate in reverse proxy mode.

    The reverse proxy also performs load balancing of HTTP connections.

See the Appendix A of the Oracle Secure Global Desktop 4.6 Gateway Administration Guide for more details about the architecture and features of the SGD Gateway. Commands for the SGD Gateway

New commands have been introduced for the SGD Gateway, as follows:

  • gateway – The gateway command is used to control and configure the SGD Gateway.

    You run this command on the SGD Gateway host.

  • tarantella gateway – The tarantella gateway command is used to register gateways for use by an SGD array.

    You run this command on the SGD array.

A new attribute, --security-gateway, configures which client connections to an SGD array use the SGD Gateway.

See Appendix B of the Oracle Secure Global Desktop 4.6 Gateway Administration Guide for more details about these command-line changes.

1.2.2. Application-Level Device Configuration

This release enables application-level device configuration. For Windows applications, SGD Administrators can configure CDM and printing settings.

CDM and printing configuration for Windows application objects overrides settings configured for user profile, organizational unit, and organization objects. The order of precedence is: Windows application, user profile, organizational unit, organization.

For CDM on all platforms, the access rights for a mapped client drive are shown in brackets after the drive name: (rw) means read-write access, (ro) means read only access. For example, in Windows desktop sessions access rights are displayed in file save dialogs and in the My Computer window.

1.2.3. Array Failover

This release includes a new feature called array failover. When array failover is enabled for an SGD array, the array repairs itself automatically following the loss of the primary server.

In array failover, a secondary server in the array is upgraded automatically to become the primary server.

Array failover is disabled by default for an SGD array. To enable array failover for an SGD array, run the following command on any SGD server in the array:

$ tarantella config edit --array-failoverenabled 1

See the Oracle Secure Global Desktop 4.6 Administration Guide for more details about configuring array failover for an SGD array.

1.2.4. Seamless Windows Local Window Hierarchy

A new attribute SWM Local Window Hierarchy (--swmopts) for Windows applications has been introduced for compatibility with some Borland applications. The attribute is only effective for applications having a Window Type setting of Seamless Window. Use this attribute if you are having problems with minimizing and maximizing the application window from the task bar.

A corresponding command option -swmopts has been added for the SGD Terminal Services Client program, ttatsc.

1.2.5. German Language Support

This release includes support for the German language.

The webtop, the Administration Console, and the SGD Client are available in German. The documentation is not translated into German.

1.2.6. Support for Novell eDirectory

Novell eDirectory version 8.8 or later is now supported as an LDAP directory server.

By default, Novell eDirectory requires that all simple LDAP binds that contain a password must be encrypted. To use simple binds with a password for SGD, you must do either of the following:

  • Configure SGD to use secure connections to eDirectory by using ldaps:// Uniform Resource Locators (URLs)

  • Configure the LDAP group object in eDirectory and disable Transport Layer Security (TLS) for simple binds