3.3. SGD Administration Tools

SGD has the following administration tools:

The Administration Console and the Profile Editor are available on the webtop of SGD Administrators.

3.3.1. The Administration Console

To display the Administration Console, you can use any browser that is supported by SGD, apart from Safari. See the Oracle Secure Global Desktop Administration Guide for Release 4.7 for details of the supported browsers for SGD. The browser must have the JavaScript programming language enabled.

The Administration Console works best when you run it on the primary SGD server in the array. Starting the Administration Console

To start the Administration Console, you click the link on the webtop.

If you want to run the Administration Console without displaying the webtop, you can run it from the following locations:

  • https://server.example.com and click the Launch the Secure Global Desktop Administration Console link

  • https://server.example.com/sgdadmin

where server.example.com is the name of an SGD server.

If you run the Administration Console without displaying a webtop, you are prompted to log in as an SGD Administrator. Using the Administration Console

When you log in to the Administration Console, the Administration Console opens in Navigation View, as shown in Figure 3.9, “The Administration Console in Navigation View”.

Figure 3.9. The Administration Console in Navigation View

Screen capture of the Administration Console in Navigation View

Navigation View is the top-level view that enables you to access the tabs for managing the different areas of SGD. The following table summarizes the tabs available in Navigation View and what they are used for.



Secure Global Desktop Servers

Managing and configuring SGD servers.

This tab is described in more detail in Section 3.6, “Managing SGD”.


Managing users' SGD sessions and application sessions.

This tab is described in more detail in Section 3.6.2, “Monitoring Users”.

User Profiles

Managing and configuring users' SGD settings.

This tab is described in more detail in Section 3.4, “Creating Users”.


Managing and configuring the applications that users can run through SGD.

This tab is described in more detail in Section 3.5, “Adding Applications to Webtops”.

Application Servers

Managing and configuring the application servers that run the applications displayed through SGD.

This tab is described in more detail in Section 3.5, “Adding Applications to Webtops”.

Global Settings

Configuring settings that apply to SGD as a whole.

This tab is described in more detail in Section 3.6, “Managing SGD”.


Managing the application server passwords that SGD has stored.

SGD is built on the following principles of directory services:

  • Users, applications, and application servers are represented by objects in a directory. The objects are organized into an organizational hierarchy representing your organization.

  • Different types of object have different configuration settings, known as attributes.

  • The relationships between objects are important and have meanings.

  • Each object is identified using a unique name.

SGD includes a number of different object types. When you select an object to work with, the Administration Console changes to Object View. The Administration Console provides links to enable you to switch between Object View and Navigation View, and also an Object History that enables you to switch between the objects you have recently worked with, as shown in Figure 3.10, “The Administration Console Navigation Links”.

Figure 3.10. The Administration Console Navigation Links

Screen capture showing the Administration Console navigation links


When using the Administration Console, do not use the browser's Back button. Instead, use the navigation links to move between pages in the Administration Console.

The User Profiles, Applications, and Application Servers tabs are divided into two sections. On the left is the navigation tree and on the right is the content area, as shown in Figure 3.11, “The Navigation Tree and Content Area”. The navigation tree only shows the container objects that are used to structure your organizational hierarchy. As you browse and select objects in the navigation tree, the content area displays a list of objects contained in the selected object.

Figure 3.11. The Navigation Tree and Content Area

Screen capture showing the navigation tree and content area

Several of the tabs and screens in the Administration Console have a search field. The search is case insensitive and accepts only the * wildcard character. The search results are displayed in a table and are limited to a maximum of 150 hits.

Most tabs in the Administration Console present information in tables. Often the information in a table cell is a link that can be clicked to display further information.

3.3.2. The tarantella Command

The tarantella command is a script installed in the install-dir/bin directory. By default, install-dir is /opt/tarantella. As this script is not on the standard PATH, you must use the full path each time you run the command, or change to /opt/tarantella/bin before running the command. Alternatively, do the following:

  • Add /opt/tarantella/bin to the PATH, for example:

    PATH=$PATH:/opt/tarantella/bin; export PATH

  • Create an alias, for example:

    alias t=/opt/tarantella/bin/tarantella

The tarantella command is actually a family of commands, each of which can have its own set of subcommands. You always run the subcommands through the tarantella command, for example:

# tarantella config list

Help is available for every command by using the --help command-line argument.

Many commands are designed so that you can build scripts around them.

The following restrictions apply as to which users can use particular tarantella commands:

  • Commands that control the SGD server and SGD web server can be run only by superuser (root)

  • Commands for creating and managing arrays of SGD servers can be run only by SGD Administrators

  • All other commands can be run by any user in the ttaserv group

Use the usermod -G command to make a user a member of the ttaserv group. The ttaserv group does not have to be the user's primary or effective group.