1.1 Overview of Networks and Security

When using SGD, client devices never connect directly to application servers. Instead they connect to SGD using HTTP or HTTP over Secure Sockets Layer (HTTPS) and the SGD Adaptive Internet Protocol (AIP). SGD then connects to the application servers on the user's behalf.

The following are the main network connections involved when using SGD:

  • Connections between client devices and SGD servers

  • Connections between SGD servers and application servers

  • Connections between SGD servers in an array

In a default SGD installation, most network connections are secure. The following sections describe the network connections used by SGD and how you can secure them.

1.1.1 Connections Between Client Devices and SGD Servers

Client devices make the following connections to SGD servers:

  • HTTP connections. These are the connections to the SGD server, used for SGD web services, authentication to SGD, and to display the workspace. Tablet devices use a special type of HTTP connection, called a websocket connection.

  • AIP connections. These are the connections between the SGD Client and an SGD server, used for displaying applications.

By default SGD is installed in secure mode, which means that these connections are secure. If you do not install in secure mode and need to secure these connections, configure the SGD web server to be a secure (HTTPS) web server, and enable SGD security services. See Section 1.5, “Secure Connections to SGD Servers” for details.

The SGD Secure Gateway can be used to provide an increased level of security between client devices and SGD servers. When you use the Gateway, client devices do not connect directly to SGD. Instructions on how to install, configure, and use the SGD Gateway are included in the Oracle Secure Global Desktop Gateway Administration Guide.

1.1.2 Connections Between SGD Servers and Application Servers

The connections between SGD servers and application servers are used to start applications on the application server, and to send and receive data from the application, such as key presses and display updates.

The level of security between SGD and your application servers depends on the types of application server and the protocols they use. UNIX or Linux System Application Servers

When connecting using the Telnet protocol, all communication and passwords are transmitted unencrypted.

For secure connections to UNIX or Linux system application servers, use Secure Shell (SSH). SSH encrypts all communications between SGD hosts and encrypts passwords before they are transmitted. See Section 4.6, “Using SSH”.

By default, SGD secures X displays using X authorization to prevent users from accessing X displays they are not authorized to access. Microsoft Windows Application Servers

Windows applications use the Microsoft Remote Desktop (RDP) protocol. This means that all communication is encrypted, and connections to Microsoft Windows application servers are secure. Web Application Servers

The level of security depends on the type of web server used to host the web application, as follows:

  • HTTP web server – All communication is unencrypted

  • HTTPS web server – All communication is encrypted

For secure connections to web application servers, use HTTPS web servers.

1.1.3 Connections Between SGD Servers in an Array

Connections between SGD servers are used to share static and dynamic data across the array. See Section 7.1.2, “Replicating Data Across the Array” for details of the information that is communicated on these connections. In a standard installation, the data transmitted between the SGD servers in an array is encrypted. See Section 7.1.4, “Secure Intra-Array Communication”.