2.1 SGD Server Requirements and Support

This section describes the supported platforms and requirements for SGD servers.

2.1.1 Supported Installation Platforms for SGD

Table 2.1, “Supported Installation Platforms for SGD” lists the supported installation platforms for SGD.

Table 2.1 Supported Installation Platforms for SGD

Operating System

Supported Versions

Oracle Solaris on SPARC platforms

Solaris 10 8/11 (update 10)

Solaris 10 1/13 (update 11)

Solaris 11, 11.1

Trusted Extensions versions of the above

Oracle Solaris on x86 platforms

Solaris 10 8/11 (update 10)

Solaris 10 1/13 (update 11)

Solaris 11, 11.1

Trusted Extensions versions of the above

Oracle Linux (32-bit and 64-bit)

5.8

5.9

5.10

6.2

6.3

6.4


Note

For up to date information on supported platforms, see knowledge document ID 1416796.1 on My Oracle Support (MOS).

Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products.

2.1.1.1 Virtualization Support

SGD is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product.

Installation in zones is supported for Oracle Solaris platforms. SGD can be installed either in the global zone, or in one or more non-global zones. Installation in both the global zone and a non-global zone is not supported.

On Oracle Solaris Trusted Extensions platforms, you must install SGD in a labeled zone. Do not install SGD in the global zone.

2.1.2 Supported Upgrade Paths

Upgrades to version 5.1 of SGD are only supported from the following versions:

  • Oracle Secure Global Desktop Software version 5.00.907

  • Oracle Secure Global Desktop Software version 4.71.913

  • Oracle Secure Global Desktop Software version 4.70.909

  • Oracle Secure Global Desktop Software version 4.63.907

  • Oracle Secure Global Desktop Software version 4.62.913

If you want to upgrade from any other version of SGD, contact Oracle Support.

2.1.3 Third Party Components for SGD

SGD includes the following third party components:

  • Java technology. This release of SGD includes Java 6 update 65.

  • SGD web server components. The SGD web server consists of an Apache web server and a Tomcat JavaServer Pages (JSP) technology container preconfigured for use with SGD.

    The SGD web server consists of several components. The following table lists the web server component versions for this release of SGD.

    Component Name

    Version

    Apache HTTP Server

    2.2.25

    OpenSSL

    1.0.0k

    mod_jk

    1.2.37

    Apache Tomcat

    7.0.42

    Apache Axis

    1.4

    The Apache web server includes all the standard Apache modules as shared objects.

    The minimum Java Virtual Machine (JVM) software heap size for the Tomcat JSP technology container is 256 megabytes.

2.1.4 Supported Authentication Mechanisms

The following are the supported mechanisms for authenticating users to SGD:

  • Lightweight Directory Access Protocol (LDAP) version 3

  • Microsoft Active Directory

  • Network Information Service (NIS)

  • RSA SecurID

  • Web server authentication (HTTP/HTTPS Basic Authentication), including public key infrastructure (PKI) client certificates

2.1.4.1 Supported Versions of Active Directory

Active Directory authentication and LDAP authentication are supported on the following versions of Active Directory:

  • Windows Server 2003

  • Windows Server 2003 R2

  • Windows Server 2008

  • Windows Server 2008 R2

2.1.4.2 Supported LDAP Directories

SGD supports version 3 of the standard LDAP protocol. You can use LDAP authentication with any LDAP version 3-compliant directory server. However, SGD only supports the following directory servers:

Other directory servers might work, but are not supported.

2.1.4.3 Supported Versions of SecurID

SGD works with versions 4, 5, 6, and 7 of RSA Authentication Manager (formerly known as ACE/Server).

SGD supports system-generated PINs and user-created PINs.

2.1.5 SSL Support

SGD supports TLS version 1.0 and SSL version 3.0.

SGD supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates. These certificates have the following structure:

-----BEGIN CERTIFICATE-----

...certificate...

-----END CERTIFICATE-----

SGD supports the Subject Alternative Name (subjectAltName) extension for SSL certificates. SGD also supports the use of the * wildcard for the first part of the domain name, for example *.example.com.

SGD includes support for a number of Certificate Authorities (CAs). The /opt/tarantella/etc/data/cacerts.txt file contains the X.500 Distinguished Names (DNs) and MD5 signatures of all the CA certificates that SGD supports. Additional configuration is required to support SSL certificates signed by an unsupported CA. Intermediate CAs are supported, but additional configuration might be required if any of the certificates in the chain are signed by an unsupported CA.

SGD supports the use of external hardware SSL accelerators, with additional configuration.

SGD supports the following cipher suites:

  • RSA_WITH_AES_256_CBC_SHA

  • RSA_WITH_AES_128_CBC_SHA

  • RSA_WITH_3DES_EDE_CBC_SHA

  • RSA_WITH_RC4_128_SHA

  • RSA_WITH_RC4_128_MD5

  • RSA_WITH_DES_CBC_SHA

2.1.6 Printing Support

SGD supports two types of printing: PDF printing and Printer-Direct printing.

For PDF printing, SGD uses Ghostscript to convert print jobs into PDF files. Your Ghostscript distribution must include the ps2pdf program. For best results, install the latest version of Ghostscript on the SGD host.

SGD supports Printer-Direct printing to PostScript, Printer Command Language (PCL), and text-only printers attached to the user's client device. The SGD tta_print_converter script performs any conversion needed to format print jobs correctly for the client printer. The tta_print_converter script uses Ghostscript to convert from Postscript to PCL. To support this conversion, Ghostscript must be installed on the SGD server. For best results, download and install the additional fonts.

Ghostscript is not included with the SGD software.