Administration Guide for Release 5.3
January 2017
E65658-02
Table of Contents
- Preface
- 1 Networking and Security
- 2 User Authentication
- 2.1 Secure Global Desktop Authentication
- 2.2 Active Directory Authentication
- 2.3 Anonymous User Authentication
- 2.4 LDAP Authentication
- 2.5 SecurID Authentication
- 2.6 Third-Party Authentication
- 2.6.1 How Third-Party Authentication Works
- 2.6.2 Setting Up Third-Party Authentication
- 2.6.3 How to Enable Third-Party Authentication
- 2.6.4 Web Authentication
- 2.6.5 Enabling Web Authentication
- 2.6.6 Using Authentication Plugins With Web Authentication
- 2.6.7 Using Client Certificates With Web Authentication
- 2.6.8 SGD Administrators and Third-Party Authentication
- 2.6.9 Trusted Users and Third-Party Authentication
- 2.7 Single Sign-On Authentication
- 2.8 UNIX System Authentication
- 2.9 Tuning Directory Services for Authentication
- 2.9.1 Filtering LDAP or Active Directory Logins
- 2.9.2 Using Directory Search Roots
- 2.9.3 LDAP Discovery Timeout
- 2.9.4 Using Service Objects
- 2.9.5 Password Expiry
- 2.9.6 LDAP Password Update Mode
- 2.9.7 Sites
- 2.9.8 Whitelists
- 2.9.9 Blacklists
- 2.9.10 Search Only the Global Catalog
- 2.9.11 Suffix Mappings
- 2.9.12 Domain Lists
- 2.9.13 Lookup Cache Timeout
- 2.9.14 LDAP Operation Timeout
- 2.9.15 Active Directory Authentication and LDAP Discovery
- 2.10 Troubleshooting Secure Global Desktop Authentication
- 2.10.1 Setting Log Filters for Authentication Problems
- 2.10.2 Denying Users Access to SGD After Failed Login Attempts
- 2.10.3 Troubleshooting Web Authentication
- 2.10.4 Users Cannot Log In to Any SGD Server
- 2.10.5 Using Shared Accounts for Guest Users
- 2.10.6 Oracle Solaris Users Cannot Log in When Security is Enabled
- 2.10.7 An Ambiguous User Name Dialog Is Displayed When a User Tries to Log in
- 2.10.8 Troubleshooting SecurID Authentication
- 2.10.9 Troubleshooting Single Sign-On Authentication
- 3 Publishing Applications to Users
- 4 Configuring Applications
- 4.1 Windows Applications
- 4.1.1 Configuring Windows Application Objects
- 4.1.2 Creating Windows Application Objects on the Command Line
- 4.1.3 Configuring Microsoft Windows Remote Desktop Services for Use With SGD
- 4.1.4 Licensing Microsoft Windows Remote Desktop Services
- 4.1.5 Microsoft Windows Remote Desktop Connection
- 4.1.6 Seamless Windows
- 4.1.7 Key Handling for Windows Remote Desktop Services
- 4.1.8 Returning Client Device Information for Windows Remote Desktop Services Sessions
- 4.1.9 The SGD Remote Desktop Client
- 4.2 X Applications
- 4.3 Using the RANDR X Extension
- 4.4 Character Applications
- 4.5 Dynamic Launch
- 4.5.1 Dynamic Application Servers
- 4.5.2 SGD Broker
- 4.5.3 User-Defined SGD Broker
- 4.5.4 VDI Broker
- 4.5.5 Dynamic Applications
- 4.5.6 Client Overrides
- 4.5.7 Using My Desktop
- 4.5.8 Integrating SGD With Oracle VDI
- 4.5.9 Integrating with Oracle VDI Using the VDI Broker
- 4.5.10 Integrating with Oracle VDI Using a Windows Application
- 4.6 Using SSH
- 4.7 Application Authentication
- 4.7.1 Login Scripts
- 4.7.2 Configuring Application Authentication
- 4.7.3 The Application Server Password Cache
- 4.7.4 Input Methods and UNIX Platform Applications
- 4.7.5 Adding Support for System Prompts in Different Languages
- 4.7.6 Using RSA SecurID for Application Authentication
- 4.7.7 Using Network Level Authentication for Windows Application Authentication
- 4.7.8 Using Single Sign-On for Remote Application Authentication
- 4.8 Tips on Configuring Applications
- 4.8.1 Starting an Application or Desktop Session Without Displaying a Workspace
- 4.8.2 Using RANDR for Multiple Monitor Displays
- 4.8.3 Configuring Multiple Monitor Displays Without Using RANDR
- 4.8.4 Improving the Performance of Windows Applications
- 4.8.5 Improving the Performance of Java Desktop System Desktop Sessions or Applications
- 4.8.6 Documents and Web Applications
- 4.8.7 Creating a Virtual Classroom
- 4.8.8 Configuring Common Desktop Environment Applications
- 4.8.9 Configuring VMS Applications
- 4.8.10 3270 and 5250 Applications
- 4.8.11 Integrating SGD With Microsoft Hyper-V
- 4.8.12 Integrating SGD With Oracle Hypervisor Hosts
- 4.9 Troubleshooting Applications
- 4.9.1 An Application Does Not Start
- 4.9.2 An Application Exits Immediately After Starting
- 4.9.3 Applications Fail To Start When X Authorization Is Enabled
- 4.9.4 Applications Disappear After About Two Minutes
- 4.9.5 An Application Session Does Not End When the User Exits an Application
- 4.9.6 Users Can Start Applications With Different User Names and Passwords
- 4.9.7 LDAP User Credentials are Not Cached
- 4.9.8 Using Windows Remote Desktop Services, Users Are Prompted for User Names and Passwords Too Often
- 4.9.9 Avoiding Port Conflicts for the X Protocol Engine
- 4.9.10 Using Shadowing to Troubleshoot a User's Problem
- 4.9.11 A Kiosk Application Is Not Appearing Full-Screen
- 4.9.12 An Application's Animation Appears 'Jumpy'
- 4.9.13 Disabling Shared Resources for UNIX Desktop Sessions
- 4.9.14 Apple Keyboard Issues
- 4.9.15 Changing the Default Locale on Mac OS X Client Devices
- 4.9.16 Font Problems with X Applications
- 4.9.17 Display Problems With High Color X Applications
- 4.9.18 Clipped Windows With Client Window Management Applications
- 4.9.19 Input Method Editors and Client Window Management Applications
- 4.9.20 Display Update Issues When Shadowing Over a Low Bandwidth Connection
- 4.9.21 Troubleshooting Mouse Drag Delay Issues
- 4.9.22 Incorrect Time Zone Name Shown in Windows Applications
- 4.9.23 Troubleshooting Problems With CALs
- 4.9.24 Troubleshooting Broker Problems
- 5 Client Device Support
- 5.1 Printing
- 5.1.1 Overview of SGD Printing
- 5.1.2 Setting Up Printing
- 5.1.3 Configuring Microsoft Windows Application Servers for Printing
- 5.1.4 Configuring UNIX and Linux Platform Application Servers for Printing
- 5.1.5 Configuring an SGD Server for Printing
- 5.1.6 Configuring Printing to Microsoft Windows Client Devices
- 5.1.7 Configuring Printing to UNIX, Linux, and Mac OS X Platform Client Devices
- 5.1.8 Configuring Printing to Tablet Devices
- 5.1.9 Managing Printing
- 5.1.10 Users Cannot Print From Applications Displayed Through SGD
- 5.1.11 Troubleshooting Other Printing Problems
- 5.2 Client Drive Mapping
- 5.2.1 Setting Up Client Drive Mapping
- 5.2.2 Configuring UNIX and Linux Platform Application Servers for CDM
- 5.2.3 Configuring an NFS Share for CDM
- 5.2.4 Starting CDM Processes on the Application Server
- 5.2.5 Configuring Microsoft Windows Application Servers for CDM
- 5.2.6 Enabling CDM Services in SGD
- 5.2.7 Running UNIX Platform CDM With Another SMB Service
- 5.2.8 Configuring the Client Drives Available to Users
- 5.2.9 Troubleshooting Client Drive Mapping
- 5.2.10 Logging for CDM
- 5.3 Audio
- 5.3.1 Setting Up Audio
- 5.3.2 Configuring Microsoft Windows Application Servers for Audio
- 5.3.3 Configuring UNIX and Linux Platform Application Servers for Audio
- 5.3.4 Configuring X Applications for OSS Audio
- 5.3.5 Enabling SGD Audio Services
- 5.3.6 Configuring Client Devices for Audio
- 5.3.7 Troubleshooting Audio in Applications
- 5.4 Copy and Paste
- 5.5 Smart Cards
- 5.5.1 Using Smart Cards With Windows Applications
- 5.5.2 Setting Up Access to Smart Cards
- 5.5.3 Configuring the Microsoft Windows Application Server for Smart Cards
- 5.5.4 Enabling Smart Cards in SGD
- 5.5.5 Configuring Smart Card Readers on Client Devices
- 5.5.6 How to Log In to a Microsoft Windows Application Server With a Smart Card
- 5.5.7 Troubleshooting Smart Cards
- 5.6 Serial Ports
- 6 SGD Client and Workspace
- 6.1 The SGD Client
- 6.1.1 Overview of the SGD Client
- 6.1.2 Installing the SGD Client
- 6.1.3 Automatic Installation of the SGD Client
- 6.1.4 How to Enable Automatic Installation for Roaming User Profiles
- 6.1.5 Manual Installation of the SGD Client
- 6.1.6 Running the SGD Client From the Command Line
- 6.1.7 Using SGD Without Java Technology
- 6.1.8 Relocating the SGD Client Archives
- 6.2 Client Profiles
- 6.3 Workspaces
- 7 SGD Servers, Arrays, and Load Balancing
- 7.1 Arrays
- 7.2 Load Balancing
- 7.2.1 User Session Load Balancing
- 7.2.2 Application Session Load Balancing
- 7.2.3 Application Load Balancing
- 7.2.4 Load Balancing Groups
- 7.2.5 How Application Load Balancing Works
- 7.2.6 How Advanced Load Management Works
- 7.2.7 Tuning Application Load Balancing
- 7.2.8 Editing Application Load Balancing Properties
- 7.3 SGD Web Server and Administration Console
- 7.4 Monitoring and Logging
- 7.5 SGD Server Certificate Stores
- 7.6 SGD Installations
- 7.7 Troubleshooting Arrays and Load Balancing
- A Global Settings and Caches
- A.1 Secure Global Desktop Authentication Tab
- A.1.1 The Authentication Wizard
- A.1.2 Password Cache
- A.1.3 System Default Password Cache Level
- A.1.4 Audit User Passwords on Disconnect
- A.1.5 Third-Party Authentication
- A.1.6 Single Sign-On
- A.1.7 System Authentication
- A.1.8 Search Local Repository (SecurID Authentication)
- A.1.9 Search Local Repository (Third-Party Authentication)
- A.1.10 Search LDAP Repository (SecurID Authentication)
- A.1.11 Search LDAP Repository (Third-Party Authentication)
- A.1.12 Use Default SecurID Identity
- A.1.13 Use Default Third-Party Identity
- A.1.14 Use Default LDAP Profile
- A.1.15 Use Closest Matching LDAP Profile
- A.1.16 LDAP/Active Directory
- A.1.17 Unix
- A.1.18 SecurID
- A.1.19 Anonymous
- A.1.20 Search Unix User ID in Local Repository
- A.1.21 Search Unix Group ID in Local Repository
- A.1.22 Use Default User Profile
- A.1.23 Active Directory
- A.1.24 LDAP
- A.2 Service Objects Tab
- A.3 Application Authentication Tab
- A.4 Communication Tab
- A.5 Performance Tab
- A.6 Client Device Tab
- A.6.1 Windows Client Drive Mapping
- A.6.2 Unix Client Drive Mapping
- A.6.3 Dynamic Drive Mapping
- A.6.4 Windows Audio
- A.6.5 Unix Audio
- A.6.6 Unix Audio Sound Quality
- A.6.7 Windows Audio Input
- A.6.8 Unix Audio Input
- A.6.9 Smart Card
- A.6.10 Serial Port Mapping
- A.6.11 Copy and Paste
- A.6.12 Client's Clipboard Security Level
- A.6.13 Time Zone Map File
- A.6.14 RandR Extension
- A.6.15 Editing
- A.7 Printing Tab
- A.8 Security Tab
- A.9 Monitoring Tab
- A.10 Resilience Tab
- A.11 Caches Tab
- A.12 Passwords Tab
- B Secure Global Desktop Server Settings
- B.1 Secure Global Desktop Servers Tab
- B.2 General Tab
- B.3 Security Tab
- B.4 Performance Tab
- B.5 Protocol Engines Tab
- B.6 Character Protocol Engine Tab
- B.7 X Protocol Engine Tab
- B.8 Execution Protocol Engine Tab
- B.9 Channel Protocol Engine Tab
- B.10 Print Protocol Engine Tab
- B.11 Audio Protocol Engine Tab
- B.12 IO Protocol Engine Tab
- B.13 User Sessions Tab
- B.14 Application Sessions Tab
- C User Profiles, Applications, and Application Servers
- C.1 SGD Objects
- C.1.1 3270 Application Object
- C.1.2 5250 Application Object
- C.1.3 Application Server Object
- C.1.4 Character Application Object
- C.1.5 Directory: Organization Object
- C.1.6 Directory: Organizational Unit Object
- C.1.7 Directory (Light): Active Directory Container Object
- C.1.8 Directory (Light): Domain Component Object
- C.1.9 Document Object
- C.1.10 Dynamic Application Object
- C.1.11 Dynamic Application Server Object
- C.1.12 Group Object
- C.1.13 Oracle VM Hypervisor Object
- C.1.14 User Profile Object
- C.1.15 VirtualBox Hypervisor Object
- C.1.16 Windows Application Object
- C.1.17 X Application Object
- C.2 Attributes Reference
- C.2.1 Address
- C.2.2 Allow Unsecure X Connection
- C.2.3 Answerback Message
- C.2.4 Application Command
- C.2.5 Application Load Balancing
- C.2.6 Application Resumability
- C.2.7 Application Resumability: Timeout
- C.2.8 Application Sessions Tab
- C.2.9 Application Start
- C.2.10 Arguments
- C.2.11 Arguments for Command
- C.2.12 Assigned Applications Tab
- C.2.13 Assigned User Profiles Tab
- C.2.14 Attribute Map
- C.2.15 Audio Redirection Library
- C.2.16 Background Color
- C.2.17 Bandwidth Limit
- C.2.18 Border Style
- C.2.19 Client Drive Mapping
- C.2.20 Client Printing
- C.2.21 Client Printing: Override
- C.2.22 Client Profile Editing
- C.2.23 Code Page
- C.2.24 Color Depth
- C.2.25 Color Map
- C.2.26 Color Quality
- C.2.27 Command Compression
- C.2.28 Command Execution
- C.2.29 Comment
- C.2.30 Connection Closed Action
- C.2.31 Connection Address
- C.2.32 Connection Method
- C.2.33 Connections
- C.2.34 Connection Method: SSH Arguments
- C.2.35 Console Mode
- C.2.36 Copy and Paste
- C.2.37 Copy and Paste: Application's Clipboard Security Level
- C.2.38 Cursor
- C.2.39 Cursor Key Codes Modification
- C.2.40 Cursor Settings
- C.2.41 Cursor Shadow
- C.2.42 Delayed Updates
- C.2.43 Desktop Wallpaper
- C.2.44 Displayed Soft Buttons
- C.2.45 Domain Name
- C.2.46 Email Address
- C.2.47 Emulation Type
- C.2.48 Enhanced Network Security
- C.2.49 Environment Variables
- C.2.50 Escape Sequences
- C.2.51 'File' and 'Settings' Menus
- C.2.52 Font Family
- C.2.53 Font Size
- C.2.54 Font Size: Fixed Font Size
- C.2.55 Font Smoothing
- C.2.56 Foreground Color
- C.2.57 Full Window Drag
- C.2.58 Graphics Acceleration
- C.2.59 Hints
- C.2.60 Hosted Applications Tab
- C.2.61 Hosting Application Servers Tab
- C.2.62 Hostname
- C.2.63 Hypervisor Credentials
- C.2.64 Icon
- C.2.65 Inherit Assigned Applications from Parent
- C.2.66 Interlaced Images
- C.2.67 Keyboard Codes Modification
- C.2.68 Keyboard Type
- C.2.69 Kiosk Mode Escape
- C.2.70 Line Wrapping
- C.2.71 Load Balancing Groups
- C.2.72 Login
- C.2.73 Login: Multiple
- C.2.74 Login Name
- C.2.75 Login Script
- C.2.76 Maintain Connection
- C.2.77 Make Universal PDF Printer the Default
- C.2.78 Make Universal PDF Viewer the Default
- C.2.79 Mappings Tab
- C.2.80 Maximum Count
- C.2.81 Members Tab
- C.2.82 Menu Animations
- C.2.83 Menu Bar
- C.2.84 Middle Mouse Timeout
- C.2.85 Monitor Resolution
- C.2.86 Mouse
- C.2.87 Name
- C.2.88 Number of Sessions
- C.2.89 Numpad Codes Modification
- C.2.90 Passwords Tab
- C.2.91 Password Cache Usage
- C.2.92 Path
- C.2.93 Port
- C.2.94 Postscript Printer Driver
- C.2.95 Printer Preference Caching
- C.2.96 Protocol
- C.2.97 Prompt Locale
- C.2.98 RandR Extension
- C.2.99 Remote Audio
- C.2.100 Scroll Style
- C.2.101 Serial Port Mapping
- C.2.102 Server Address
- C.2.103 Server Port
- C.2.104 Session Termination
- C.2.105 SGD Remote Desktop Client
- C.2.106 Share Resources Between Similar Sessions
- C.2.107 Single Sign-On
- C.2.108 Status Line
- C.2.109 Surname
- C.2.110 SWM Local Window Hierarchy
- C.2.111 Terminal Type
- C.2.112 Theming
- C.2.113 Universal PDF Printer
- C.2.114 Universal PDF Viewer
- C.2.115 URL
- C.2.116 User Assignment
- C.2.117 User Sessions Tab
- C.2.118 Virtual Machine Selection Criteria
- C.2.119 Virtual Server Broker Class
- C.2.120 Virtual Server Broker Parameters
- C.2.121 Window Close Action
- C.2.122 Window Color
- C.2.123 Window Color: Custom Color
- C.2.124 Window Management Keys
- C.2.125 Window Manager
- C.2.126 Window Size: Client's Maximum Size
- C.2.127 Window Size: Columns
- C.2.128 Window Size: Height
- C.2.129 Window Size: Lines
- C.2.130 Window Size: Maximized
- C.2.131 Window Size: Variable Root Window Size
- C.2.132 Window Size: RandR Extension
- C.2.133 Window Size: Scale to Fit Window
- C.2.134 Window Size: Width
- C.2.135 Window Type
- C.2.136 Window Type: New Browser Window
- C.2.137 Working Directory
- C.2.138 X Security Extension
- D Commands
- D.1 The tarantella Command
- D.2 tarantella archive
- D.3 tarantella array
- D.4 tarantella array add_backup_primary
- D.5 tarantella array clean
- D.6 tarantella array detach
- D.7 tarantella array edit_backup_primary
- D.8 tarantella array join
- D.9 tarantella array list
- D.10 tarantella array list_backup_primaries
- D.11 tarantella array make_primary
- D.12 tarantella array remove_backup_primary
- D.13 tarantella array synchronize
- D.14 tarantella cache
- D.15 tarantella config
- D.16 tarantella config edit
- D.17 tarantella config list
- D.18 tarantella config reload
- D.19 tarantella discover
- D.20 tarantella discover gateway
- D.21 tarantella emulatorsession
- D.22 tarantella emulatorsession list
- D.23 tarantella emulatorsession info
- D.24 tarantella emulatorsession shadow
- D.25 tarantella emulatorsession suspend
- D.26 tarantella emulatorsession end
- D.27 tarantella help
- D.28 tarantella object
- D.29 tarantella object add_host
- D.30 tarantella object add_link
- D.31 tarantella object add_mapping
- D.32 tarantella object add_member
- D.33 tarantella object delete
- D.34 tarantella object edit
- D.35 tarantella object list_attributes
- D.36 tarantella object list_contents
- D.37 tarantella object new_3270app
- D.38 tarantella object new_5250app
- D.39 tarantella object new_charapp
- D.40 tarantella object new_container
- D.41 tarantella object new_dc
- D.42 tarantella object new_doc
- D.43 tarantella object new_dynamicapp
- D.44 tarantella object new_group
- D.45 tarantella object new_host
- D.46 tarantella object new_org
- D.47 tarantella object new_orgunit
- D.48 tarantella object new_person
- D.49 tarantella object new_windowsapp
- D.50 tarantella object new_xapp
- D.51 tarantella object remove_host
- D.52 tarantella object remove_link
- D.53 tarantella object remove_mapping
- D.54 tarantella object remove_member
- D.55 tarantella object rename
- D.56 tarantella object script
- D.57 tarantella passcache
- D.58 tarantella passcache delete
- D.59 tarantella passcache edit
- D.60 tarantella passcache list
- D.61 tarantella passcache new
- D.62 tarantella patch
- D.63 tarantella patch add
- D.64 tarantella patch list
- D.65 tarantella patch remove
- D.66 tarantella prepare
- D.67 tarantella prepare image
- D.68 tarantella prepare instance
- D.69 tarantella print
- D.70 tarantella print cancel
- D.71 tarantella print list
- D.72 tarantella print move
- D.73 tarantella print pause
- D.74 tarantella print resume
- D.75 tarantella print start
- D.76 tarantella print status
- D.77 tarantella print stop
- D.78 tarantella query
- D.79 tarantella query audit
- D.80 tarantella query billing
- D.81 tarantella query errlog
- D.82 tarantella query uptime
- D.83 tarantella restart
- D.84 tarantella restart sgd
- D.85 tarantella restart webserver
- D.86 tarantella role
- D.87 tarantella role add_link
- D.88 tarantella role add_member
- D.89 tarantella role list
- D.90 tarantella role list_links
- D.91 tarantella role list_members
- D.92 tarantella role remove_link
- D.93 tarantella role remove_member
- D.94 tarantella security
- D.95 tarantella security certinfo
- D.96 tarantella security certrequest
- D.97 tarantella security certuse
- D.98 tarantella security customca
- D.99 tarantella security decryptkey
- D.100 tarantella security disable
- D.101 tarantella security enable
- D.102 tarantella security fingerprint
- D.103 tarantella security peerca
- D.104 tarantella security selfsign
- D.105 tarantella security start
- D.106 tarantella security stop
- D.107 tarantella serverrename
- D.108 tarantella service
- D.109 tarantella service delete
- D.110 tarantella service edit
- D.111 tarantella service list
- D.112 tarantella service new
- D.113 tarantella setup
- D.114 tarantella sso
- D.115 tarantella sso disable
- D.116 tarantella sso enable
- D.117 tarantella sso restart
- D.118 tarantella sso status
- D.119 tarantella start
- D.120 tarantella start cdm
- D.121 tarantella start sgd
- D.122 tarantella start webserver
- D.123 tarantella status
- D.124 tarantella stop
- D.125 tarantella stop cdm
- D.126 tarantella stop sgd
- D.127 tarantella stop webserver
- D.128 tarantella uninstall
- D.129 tarantella version
- D.130 tarantella webserver
- D.131 tarantella webserver add_trusted_user
- D.132 tarantella webserver delete_trusted_user
- D.133 tarantella webserver list_trusted_users
- D.134 tarantella webtopsession
- D.135 tarantella webtopsession list
- D.136 tarantella webtopsession logout
- E Login Scripts
- Glossary
- Index