2.3 SGD Gateway Requirements and Support

This section describes the supported platforms and requirements for the SGD Gateway.

2.3.1 Supported Installation Platforms for the SGD Gateway

The supported installation platforms for the SGD Gateway host are shown in Table 2.6, “Supported Installation Platforms for the SGD Gateway”.

Table 2.6 Supported Installation Platforms for the SGD Gateway

Operating System

Supported Versions

Oracle Solaris on SPARC platforms

Solaris 10 [at least version 8/11 (update 10)]

Solaris 11

Oracle Solaris on x86 platforms

Solaris 10 [at least version 8/11 (update 10)]

Solaris 11

Oracle Linux (64-bit only)

5 (at least version 5.8)

6 (at least version 6.2)

7 (at least version 7.0)


Note

This table shows the installation platforms that Oracle has tested with this release of SGD. For up to date information on supported platforms, see knowledge document ID 1416796.1 on My Oracle Support (MOS).

Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products.

Note

If your users connect to SGD from a tablet device, using the SGD Gateway is the only supported method of firewall traversal.

By default, the SGD Gateway is configured to support a maximum of 100 simultaneous HTTP connections, 512 simultaneous Adaptive Internet Protocol (AIP) connections, and 512 simultaneous websocket connections. The JVM memory size is optimized for this number of connections. The Oracle Secure Global Desktop Gateway Administration Guide has details of how to tune the Gateway for the expected number of users.

2.3.1.1 Virtualization Support

The SGD Gateway is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product.

Installation in zones is supported for Oracle Solaris platforms. The SGD Gateway can be installed either in the global zone, or in one or more non-global zones. Installation in both the global zone and a non-global zone is not supported.

2.3.2 Network Requirements

IPv6 network addresses are supported for the SGD Gateway. See Network Requirements in the Oracle Secure Global Desktop Gateway Administration Guide.

2.3.3 SGD Server Requirements for the SGD Gateway

The following requirements apply for the SGD servers used with the SGD Gateway:

  • Firewall forwarding. Firewall forwarding must not be enabled for SGD servers used with the Gateway.

  • SGD version. Always use version 5.3 of SGD with version 5.3 of the Gateway.

  • Clock synchronization. It is important that the system clocks on the SGD servers and the SGD Gateway are in synchronization. Use Network Time Protocol (NTP) software, or the rdate command, to ensure that the clocks are synchronized.

2.3.4 Third Party Components for the SGD Gateway

The SGD Gateway includes the following third party components:

  • Apache web server. The Apache web server supplied with the SGD Gateway is Apache version 2.2.31.

    Note

    The Apache Software Foundation has announced that support for version 2.2 of the Apache HTTP Server will end in late 2017. Oracle is looking into replacing the web servers used in Oracle Secure Global Desktop with other supported technologies.

    For more information, see knowledge document ID 1597467.1 on My Oracle Support.

    The web server includes the standard Apache modules for reverse proxying and load balancing. The modules are installed as Dynamic Shared Object (DSO) modules.

  • Java technology. The SGD Gateway includes Java 8 update 101.

2.3.5 SSL Support

SSL support for the SGD Gateway is provided by the Java Runtime Environment (JRE) supplied with the Gateway. See the Java Platform documentation for more details.

The SGD Gateway supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates. These certificates have the following structure:

-----BEGIN CERTIFICATE-----

...certificate...

-----END CERTIFICATE-----

The SGD Gateway supports the use of external hardware SSL accelerators, with additional configuration.

By default, the SGD Gateway is configured to use the following high grade cipher suites for SSL connections:

  • TLS_RSA_WITH_AES_128_CBC_SHA

  • TLS_RSA_WITH_AES_256_CBC_SHA

  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA

  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA

  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Other cipher suites supported by the JRE may also be used with the Gateway. These cipher suites must be configured by the user, as shown in the Oracle Secure Global Desktop Gateway Administration Guide.