2.1 SGD Server Requirements and Support

This section describes the supported platforms and requirements for SGD servers.

2.1.1 Supported Installation Platforms for SGD

The supported installation platform for SGD is Oracle Linux 7, 64-bit only.

Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products.

2.1.1.1 Virtualization Support

SGD is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product.

2.1.1.2 Network Requirements

IPv6 network addresses are not supported for the SGD host.

IPv6 network addresses are supported for deployments using the SGD Gateway. See Network Requirements in the Oracle Secure Global Desktop Gateway Administration Guide.

See the Oracle Secure Global Desktop Installation Guide for details of network requirements for SGD.

2.1.2 Supported Upgrade Paths

Upgrades to version 5.5 of SGD from earlier versions are not supported.

2.1.3 Third Party Components for SGD

The SGD web server consists of an Apache web server and a Tomcat JavaServer Pages (JSP) technology container preconfigured for use with SGD.

The SGD web server consists of several components. The following table lists the web server component versions for this release of SGD.

Component Name

Version

Apache HTTP Server

2.4.35

Apache Tomcat

7.0.91

The Apache web server includes all the standard Apache modules as shared objects.

The minimum Java Virtual Machine (JVM) software heap size for the Tomcat JSP technology container is 256 megabytes.

2.1.4 Supported Authentication Mechanisms

The following are the supported mechanisms for authenticating users to SGD:

  • Lightweight Directory Access Protocol (LDAP) version 3

  • Microsoft Active Directory

  • Network Information Service (NIS)

  • RSA SecurID

  • Oracle Access Manager

  • Web server authentication (HTTP/HTTPS Basic Authentication), including public key infrastructure (PKI) client certificates

2.1.4.1 Supported Versions of Active Directory

Active Directory authentication and LDAP authentication are supported on the following versions of Active Directory:

  • Windows Server 2008

  • Windows Server 2008 R2

  • Windows Server 2012

  • Windows Server 2012 R2

  • Windows Server 2016

  • Windows Server 2019

2.1.4.2 Supported LDAP Directories

SGD supports version 3 of the standard LDAP protocol. You can use LDAP authentication with any LDAP version 3-compliant directory server. However, SGD only supports the following directory servers:

Other directory servers may work, but are not supported.

2.1.4.3 Supported Versions of SecurID

SGD has been tested with version 8.1 of RSA Authentication Manager.

SGD supports system-generated PINs and user-created PINs.

2.1.4.4 Supported Versions of Oracle Identity Management

SGD works with the following versions of Oracle Identity Management:

  • Oracle Identity Management 11gR2 (11.1.2.x)

2.1.5 SSL Support

SGD supports TLS version 1.2. Earlier versions of TLS are not supported.

SGD supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates.

SGD supports the Subject Alternative Name (subjectAltName) extension for SSL certificates. SGD also supports the use of the * wildcard for the first part of the domain name, for example *.example.com.

SGD includes support for a number of Certificate Authorities (CAs). The supported CA certificates are determined by the Java Runtime Environment (JRE) used by SGD. To add support for additional CAs, you can import CA certificates to the JRE truststore. Additional configuration is required to support SSL certificates signed by an unsupported CA. Intermediate CAs are supported, but additional configuration may be required if any of the certificates in the chain are signed by an unsupported CA.

SGD supports the use of external hardware SSL accelerators, with additional configuration.

By default, SGD uses Oracle approved cipher suites.

Other cipher suites may be configured, as described in the Oracle Secure Global Desktop Administration Guide. You can use any cipher suite that is supported by the version of OpenSSL installed on the SGD host.

2.1.6 Printing Support

SGD supports two types of printing: PDF printing and Printer-Direct printing.

For PDF printing, SGD uses Ghostscript to convert print jobs into PDF files. Your Ghostscript distribution must include the ps2pdf program. For best results, install the latest version of Ghostscript on the SGD host.

SGD supports Printer-Direct printing to PostScript, Printer Command Language (PCL), and text-only printers attached to the user's client device. The SGD tta_print_converter script performs any conversion needed to format print jobs correctly for the client printer. The tta_print_converter script uses Ghostscript to convert from Postscript to PCL. To support this conversion, Ghostscript must be installed on the SGD server. For best results, download and install the additional fonts.

Ghostscript is not included with the SGD software.

To print from a UNIX or Linux system application server using CUPS (Common UNIX Printing System), the version of CUPS must be at least 1.4.2.