Glossary

An SGD object that represents a 3270 protocol application running on a mainframe host. 3270 Application objects have a cn= naming attribute.

An SGD object that represents a 5250 protocol application running on an AS/400 host. 5250 Application objects have a cn= naming attribute.

Microsoft's implementation of LDAP directory services. Used to store information about the resources, services, and users across a Windows domain.

An SGD object used to represent an Active Directory structure within the SGD organizational hierarchy. Active Directory Container objects have a cn= naming attribute.

Load balancing algorithms that measure the true load on application servers, using information provided by the SGD Enhancement Module.

Adaptive Internet Protocol. A proprietary protocol used by SGD software components. AIP optimizes the user experience by choosing the most efficient ways to transfer application display data and user input between client devices and SGD servers.

Advanced Linux Sound Architecture.

The situation where an authentication mechanism has found more than one match for a user and cannot distinguish between them without further information from the user.

An authentication mechanism where users can log in to SGD without supplying a user name or password. Anonymous user authentication is disabled by default.

American National Standards Institute.

Application programming interface.

A software program running in a web browser.

Dialog shown when a user clicks a workspace link to start an application.

The mechanism that determines which application server runs a user's application.

A networked device, such as a Windows server or Linux server, configured to run applications. Application servers are represented in the SGD datastore by an Application Server object.

An SGD object that represents an application server used to run applications through SGD. Application Server objects have a cn= naming attribute.

A secure store of application server user names and passwords associated with user identities. Maintained so that application server authentication can proceed without prompting the user. Also called the password cache.

An application session begins when a user starts an application, and ends when the application exits. Information about an application session is stored in memory by the SGD server. Each application session is associated with a Protocol Engine.

The mechanism that determines which SGD server in the array manages the application session, and runs the Protocol Engine for a user's application.

A collection of SGD servers that share configuration information. The SGD servers in an array act together to enable users to see the same webtop, and resume their applications, whatever SGD server they log in to. Arrays of SGD servers provide scalability and redundancy.

Configures SOCKS proxy server usage, depending on the IP address of the client device.

A field in the Administration Console that indicates the origin of an object link. Assignment Types can be Direct, Indirect, or Multiple. See also direct assignment, indirect assignment, multiple assignment.

Automatic Terminal Recognition string. A sequence of bytes used to identify a smart card.

A named property of an object. Attributes may have zero or more values, as defined by the schema.

A file that defines how character attributes, such as bold and underline, are displayed in an SGD terminal emulator.

The ability to perform more than one SGD related task with a single instance of a tarantella command.

An SGD service that logs user session and application session information for an SGD server or an array of SGD servers.

See Certificate Authority.

See root certificate.

Client Access License. Used by Microsoft Windows Terminal Services.

Common Desktop Environment. A graphical user interface for UNIX desktops.

See client drive mapping.

A trusted issuer of SSL certificates.

Information supplied to a Certificate Authority, that is used to verify identity and generate an SSL certificate.

Common Gateway Interface. A specification for interfacing external applications with a web server.

An SGD object that represents a VT420, Wyse 60, or SCO Console application. Character Application objects have a cn= naming attribute.

In cryptography, an algorithm for performing encryption and decryption.

A networked device, such as a Windows PC or Linux workstation, used to access an SGD server.

Enables users to access some or all of their client's drives, from an application running on an application server.

Settings for the SGD Client, including server URL, proxy settings, and mode of operation. The client profile is downloaded to the client device when a user connects to an SGD server.

See common name.

SGD terminal emulators support a palette of 16 colors. The color map is a file that defines the RGB values of these colors.

A serial port, in a Microsoft Windows environment.

A name used to identify an entry in an LDAP directory. For example, the name of a person.

A tool for SGD Administrators, useful for quickly adding new objects to an existing hierarchy, rather than creating a new hierarchy.

A short packet of data, used as an identification token. Some cookies are encrypted, to prevent forgery.

Central processing unit.

See Certificate Signing Request.

Common UNIX Printing System.

A service process on UNIX platform operating systems that runs in the background, rather than under the direct control of a user.

The process where SGD system data is copied from the primary server in an SGD array to the secondary servers in the SGD array.

The sum of all the information used by the various components of SGD, including information about application servers and users on the network, user session and application session information, and organizational information. Organized into namespaces, such as _ens and _dns.

Definite Encoding Rules. A cryptographic format used for storing SSL certificate keys.

Data Encryption Standard. A cryptographic cipher.

Workspace shown when a user logs in to SGD from a desktop computer. This workspace uses an JSP page to display and run applications.

Information encrypted with a user's private key and appended to a message to ensure the authenticity of the message. The digital signature can be verified using the user's public key. See also public key cryptography.

In the Administration Console, a one-to-one object link created using the Editable Assignments table. See also editable assignment.

A container object in SGD, similar to an Organization object, but does not include SGD-specific attributes or allow you to assign applications. Examples include a Domain Component object and an Active Directory Container object.

Services that store and manage the resources and users on a network. SGD uses the principles of directory services for object storage and management.

The ability to define workspaces for users without requiring User Profile objects for those users in the SGD datastore. Instead, user information is kept in an external LDAP directory. Application objects in the SGD datastore define which LDAP users can see them on their workspace.

The process of resolving an ambiguous login.

An SGD software component that runs on a client device. Display Engines display applications to users and accept user input. They use AIP to communicate with Protocol Engines on SGD servers.

The name that uniquely identifies an entry in an LDAP directory.

Where print jobs are distributed across the array, avoiding bottlenecks and single points of failure. A user's print jobs are processed on the SGD server hosting the application session for the application you want to print from.

See distinguished name.

Domain Name System.

A unique name for a computer on a network, for example, server.example.com.

An SGD object that represents a document on the web. Documents can be any URL, including OpenOffice documents, or Adobe Acrobat files. A Document object can also refer to a web application. Document objects have a cn= naming attribute.

An SGD object used to replicate a directory structure, usually a Microsoft Active Directory structure, within the SGD organizational hierarchy. Domain Component objects have a dc= naming attribute.

See Windows domain controller.

See Directory Services Integration.

In the Administration Console, a one-to-one object link that can be edited by an SGD Administrator. See also direct assignment.

In the Administration Console, a summary of the object links for the current object. Effective assignments can include both direct assignments and indirect assignments.

An optional SGD software component installed on an application server to provide additional SGD functionality, such as client drive mapping, audio, and advanced load balancing.

A set of system configuration values that can be accessed by a running program.

Enlightened Sound Daemon. A sound server for UNIX and Linux platforms that enables mixing of several digitized audio streams for playback by a single device.

See ESD.

Execution Protocol Engine.

An extension to the Tcl scripting language, typically used for interactive applications. The SGD login scripts are written in the Expect language.

The name by which an SGD server is known to a client device. An SGD server can have multiple external DNS names.

A short sequence of bytes used to authenticate or look up a public key.

Federal Information Processing Standards. Standards developed by the United States Federal government for use by non-military government agencies and government contractors.

Running SGD through a single open firewall port between client devices and SGD servers. Also known as firewall forwarding.

A program that makes fonts on a host available on a network.

When SGD prompts for a user name or password, by displaying an authentication dialog. For example, if a user holds down the Shift key when they click an application's link on the workspace.

See fully qualified domain name.

The full name of a system, containing its hostname and its domain name. For example, boston.example.com, where boston is the hostname of a server, and example.com is the domain name.

An unambiguous name used to specify an SGD object. For example, .../_ens/o=organization/ou=marketing/cn=Indigo Jones, specifies a User Profile object in SGD.

A role object in the Tarantella System Objects organization, used to assign administrative privileges to users.

A domain controller that contains attributes for every object in the Active Directory.

An SGD object that represents a collection of applications or application servers. Each application or application server in the group is called a member. Group objects have a cn= naming attribute.

Hypertext Markup Language. A document format used for web pages.

Hypertext Transfer Protocol.

Hypertext Transfer Protocol over Secure Sockets Layer.

Input/Output.

Internet Assigned Numbers Authority. Organization that allocates and manages IP addresses, domain names, and port numbers used by the Internet.

Independent Computing Architecture. A protocol used by Citrix Presentation Server to communicate with client devices.

See input method.

Input method editor. See input method.

In the Administration Console, an object link created by an LDAP search or by inheritance from another object.

The ability to define workspace content implicitly. Content is usually inherited from the parent object, but other objects can also be used.

A program that enable users to enter characters or symbols not found on their keyboard. On Microsoft Windows platforms, an IM is called an input method editor (IME).

Internet Protocol address. A unique 32-bit numeric identifier for a computer on a network.

Java Archive.

Java Development Kit.

Java Desktop System.

Java Runtime Environment.

JavaServer Page.

A web server component that handles requests for JSP pages. SGD uses the Tomcat JSP container.

Java Secure Socket Extension. An implementation of SSL using Java technology.

Java Virtual Machine.

Key Distribution Center. Used by Kerberos authentication as part of the Active Directory authentication mechanism.

K Desktop Environment. An open source graphical user interface for UNIX and Linux platforms.

An authentication system used for Active Directory authentication.

A file that contains mapping information between keys on the user's client keyboard and keys on a terminal. Used with SGD terminal emulators.

A database of cryptographic keys. A keystore can contain both public keys and private keys.

SGD display mode where an application is displayed full-screen.

Lightweight Directory Access Protocol.

A set of LDAP objects organized in a logical and hierarchical manner.

An RFC2254-compliant search filter, used to select objects in an LDAP directory.

An RFC1959-compliant URL, used to select objects in an LDAP directory.

Lightweight Directory Access Protocol over SSL. Used for secure connections to an LDAP directory.

The mechanism that delivers the best possible user experience by choosing SGD servers and application servers linked by a fast network where possible.

A store containing information about users, applications, workspaces, and application servers. Stored on the primary SGD server and replicated to other SGD servers in the array. Corresponds to the _ens namespace in the SGD datastore. Can be managed using the Administration Console or the tarantella commands.

A set of parameters that defines the user's language, country, and other location-specific preferences.

A string used to configure error reporting to the SGD log files.

A script that runs on the SGD server when a user starts an application. Connects to the application server, supplies authentication credentials for that server, and starts the application.

Line Printer Daemon. A printing protocol used to provide print server functions to a UNIX or Linux platform system. Also known as LPR.

Line Printer Remote. See also LPD.

A constituent of a group or a role. In SGD, Group objects and Role objects contain one or more member objects. These are usually Application objects, User Profile objects, or Application Server objects.

In the Administration Console, an object link that has both direct assignment and indirect assignment sources. See also Assignment Type.

MultiplePlexing Protocol.

A feature of SGD that enables users to log in and display a full-screen desktop, without displaying an SGD workspace.

An identifier for a computer running Microsoft Windows. The NetBIOS name can be specified when Windows networking is installed or configured on the computer.

Network File System.

Network Interface Card, also called a network adapter card.

Network Level Authentication. A network authentication protocol for authenticating to a Remote Desktop Session Host. NLA provides enhanced security by authenticating the user before establishing the connection to the host.

Network Time Protocol.

A self-contained entity, defined by a number of attributes and values. SGD objects have different types, such as X Application or Character Application. The available attributes for each type are defined by a schema.

An SGD object used to represent the top level of an organizational hierarchy. Organization objects can contain OU or User Profile objects. Organization objects have an o= naming attribute.

The collection of objects in the SGD datastore, descending from one or more Organization or Domain Component objects. Represents the collection of people, application servers, and applications within an organization.

An SGD object used to distinguish different departments, sites, or teams in an organizational hierarchy. Organizational Unit (OU) objects can be contained in an Organization or Domain Component object. Organizational Unit objects have an ou= naming attribute.

Open Sound System. A standard interface for audio recording and reproduction in UNIX platform operating systems

See Organizational Unit object.

Pluggable Authentication Modules.

In SecurID authentication, the combination of the PIN and the tokencode.

Short form of application server password cache.

Personal Computer/Smart Card. A standard for interoperability of PCs, smart card readers, and smart cards.

Printer Command Language.

Pulse Code Modulation.

Portable Document Format.

An SGD feature available for client devices with Adobe Reader software installed. Enables users to print to a PDF printer from their application, which either displays the file or prints using the Adobe Reader program on their client device.

The name by which an SGD server is known to other SGD servers in the same array.

Privacy-Enhanced Mail. Protocol based on public key cryptography.

Code supplied to a SecurID device using a key pad. Combined with a tokencode to form a passcode.

Public Key Cryptography Standards. Specifications produced by RSA Laboratories for public key cryptography.

Public Key Infrastructure. A security infrastructure based on public key cryptography.

The SGD server that acts as the authoritative source for global information, and maintains the definitive copy of the SGD datastore.

A number of print jobs placed in a storage area on disk.

In public key cryptography, a key that is only know by the recipient of a message. The private key can be used to decrypt messages and to create digital signatures.

An SGD software component that runs on an SGD server. Protocol Engines emulate native protocols such as X11 and RDP and communicate with application servers, sending display data using AIP to Display Engines on client devices. See also application session.

A server that acts as an intermediary between a client device and the Internet. The proxy server can provide access control and web request caching services.

In public key cryptography, a key that can be distributed to anyone. The public key can be used to encrypt messages and to verify digital signatures.

A cryptographic system using a pair of keys, a public key and a private key. The public key is used to encrypt messages and the private key is used to decrypt messages.

A network sound server for UNIX and Linux platforms.

Random access memory.

Resize, Rotate, and Reflect Extension. An X extension used by SGD for multi-monitor support and dynamic resizing of application sessions.

See relative distinguished name.

Remote Desktop Protocol. Protocol that allows a user to connect to a computer running Windows Terminal Services.

Another name for SGD printing from application servers using Windows Terminal Services.

Microsoft Windows registry. On Windows client devices, a database of settings for the operating system.

In an LDAP directory, the part of a distinguished name that uniquely identifies a child entry for a common parent entry.

Microsoft Windows software that enables client devices to run applications and access data on a networked Windows server. From Windows Server 2008 R2, Remote Desktop Services is the name for Terminal Services.

A store containing user information.

The attribute of an application session that controls its lifetime. Defined on a per-application basis by an SGD Administrator, as either never resumable, resumable during the user session, or always resumable. See also resume and suspend.

To redisplay an application session that has been suspended. See also suspend.

Defines a color in the RGB color model. The amount of red, green, and blue in the color are indicated by a value from 0 to 255.

A feature of SGD that provides Microsoft Windows users with the same working environment, no matter which Microsoft Windows computer they use.

An object that defines the members and applications associated with a particular role in SGD. Currently, only one role is available, Global Administrators. This role defines the SGD Administrators.

A self-signed certificate issued by a root level Certificate Authority.

Software that enables a UNIX or Linux platform server to act as a file server for Windows client devices. Uses a variant of the SMB file sharing protocol.

Solaris Card Framework.

An SGD window display mode used for Windows applications. Causes an application's windows to behave in the same way as an application running on a Microsoft Windows application server, regardless of the user's desktop environment. Requires the SGD Enhancement Module.

An array member that is not the primary server. The primary server replicates information to secondary servers.

A connection between client device and SGD server that uses SSL to protect AIP traffic from eavesdropping, tampering, and forgery. Not related to HTTPS traffic.

This is the default connection mode when using SGD.

Secure, encrypted, communication between SGD array members. Uses SSL.

An authentication mechanism developed by RSA to authenticate a user to a network resource.

AnSSL certificate signed by the person who created it.

A physical interface on a computer through which information is transferred one bit at a time.

Where possible, SGD runs an application on the same application server as the one used to run the previous application for the user. See also application load balancing.

The situation where a user logs in to an SGD server, but they already have a user session on another SGD server. The user session is transferred to the new SGD server and the old session ends.

Secure Global Desktop software.

An SGD user with permission to configure SGD settings and create and edit SGD objects, either using the Administration Console or the tarantella commands.

An SGD component that can be installed on client devices. The SGD Client maintains communication with the SGD server and is required to run applications.

A Java applet that downloads the SGD Client.

A collection of SGD software components that together provide SGD functionality.

A pre-built web server installed and configured along with the SGD server Contains Apache, mod_ssl for HTTPS support, and Tomcat for Java Servlet and JSP support.

A collection of APIs that allow developers to build their own applications to work with SGD. The APIs can be used to authenticate users, launch applications, and interact with the SGD datastore.

Secure Hash Algorithm. In cryptography, an algorithm that computes a fixed-length representation of a message, called a message digest.

When an SGD Administrator displays and interacts with a user's application at the same time as the user.

Feature which allows access to multiple systems with a single login. After logging in to one system, the user is not prompted for authentication credentials when logging in to subsequent systems.

Secret Key Identification. An authentication protocol where a shared secret is used to authenticate a connection.

A plastic card, about the size of a credit card, with an embedded microchip that can be loaded with data.

Authentication to a Windows application server by means of user data contained on a smart card.

Server Message Block.

Simple Object Access Protocol. A protocol for sending XML messages over computer networks using HTTP.

A protocol used by proxy servers to handle TCP connection requests from client devices inside a firewall.

Secure Shell. A secure network protocol for data exchange between two computers.

Secure Sockets Layer. A cryptographic protocol designed for secure Internet communications.

A digital passport that establishes credentials on the web. In SGD, allows client devices to trust the identity of an SGD server.

Single sign-on. See single sign-on.

A connection between a client device and an SGD server that is not secured.

Alternative DNS name, other than the hostname, specified for an SGD server on an SSL certificate.

To pause an application session. A suspended application is not closed down, it can be resumed. See also resume.

A component of the SGD server that authenticates users against an external authentication service, such as a Windows domain or an LDAP directory, and determines a user's SGD user identity and user profile.

Workspace shown when a user logs in to SGD from a tablet device. This workspace uses an HTML5 web page to display and run applications.

An SGD administration tool available from the command line. Used to control the SGD server and make configuration changes.

The Organization object in the SGD datastore that contains objects essential for smooth running and maintenance of SGD.

Tool Command Language. A scripting language developed by John Ousterhout. The SGD login scripts include some Tcl functions.

Transmission Control Protocol.

Transmission Control Protocol/Internet Protocol.

A program that runs on a graphical user interface and emulates a “dumb” video terminal. SGD includes terminal emulators for SCO Console, Wyse 60, and VT420 terminals.

Microsoft Windows software that enables client devices to run applications and access data on a networked Windows server. From Windows Server 2008 R2, Terminal Services is renamed Remote Desktop Services.

A component of the SGD server that trusts authentication information supplied by a third party and uses that information to automatically authenticate the user as an SGD user, allocating a user identity and a user profile.

A random number generated by a SecurID device. Combined with a PIN to form a passcode.

Users and a group (ttaserv) that must be set up on a system before SGD can be installed. These users and group own some SGD files and processes after installation.

Ultrix Communications Extensions.

User Datagram Protocol.

Universal Naming Convention.

A standard for universal character encoding. Provides the basis for processing, storage, and interchange of text data in any language.

Uniform Resource Locator.

The SGD concept of who a user is. A user identity can belong to one of a number of different namespaces. User identities are allocated by authentication mechanisms. The user identity can be the same as the user profile in some cases.

In Active Directory, the required format for user names. The user principal name is in email address format, for example, indigojones@example.com.

An SGD object that represents a user in an organization. Can be used to give a user access to applications. User Profile objects can have a cn= (common name), a uid= (user identification), or a mail= (mail address) naming attribute.

Begins when a user logs in to SGD, and ends when the user logs out. Information about a user session is stored in memory by the SGD server.

The mechanism that determines which SGD server in the array a user logs in to to display their webtop.

Coordinated Universal Time.

Hosting of multiple web servers on the same computer. Each web server has a different DNS name.

Virtual Memory System. Operating system originally developed for use on the VAX and Alpha family of computers from DEC.

Virtual server broker. Software used to obtain a list of application servers that can run an application. A VSB can be used to integrate SGD with Oracle Virtual Desktop Infrastructure.

Wide Area Network.

Web Application Archive.

A two-way data connection between an SGD server and a client device. The connection uses the WebSocket protocol, a TCP-based protocol which was developed as part of the HTML5 initiative. For more information, see RFC 6455.

Term used in previous releases for workspace.

An SGD object that represents a Microsoft Windows graphical application. Windows Application objects have a cn= naming attribute.

A logical group of computers running the Windows operating system.

A server in a Windows domain that hosts the Active Directory. The domain controller handles authentication of users and administration tasks.

In SGD, the protocol used to connect to an application server hosting a Microsoft Windows application.

Windows Internet Name Service.

Collective term for a user's applications, documents, and desktops. A web page where users can run applications using SGD, view documents, and manage print jobs. Can be accessed using a web browser or the SGD Client. Previously called a webtop.

The collection of applications and documents that appear on a user's workspace.

The ability to define workspace content implicitly. Content is usually inherited from the parent object, but other objects can also be used.

A hyperlink on an SGD workspace that the user clicks to starts an application.

An SGD object that represents an X11 graphical application. X Application objects have a cn= naming attribute. See also X11 protocol.

Access control mechanisms that control whether a client application can connect to an X server.

A distributed window system for UNIX platform operating systems, based on the X11 protocol. Also called X11, or X Windows.

See SSL certificate.

The process of forwarding, or tunneling, the windows of a remotely started X application to a client desktop.

Display protocol used for the X Window System.

X Keyboard extension. An X extension used by SGD to provide enhanced keyboard support.

A feature of Oracle Solaris that enables multiple virtual operating systems to be deployed on a single Oracle Solaris server.