Chapter 2 System Requirements and Support

This chapter includes details of the system requirements and supported platforms for Oracle Secure Global Desktop (SGD) Release 5.6.

2.1 SGD Server Requirements and Support

This section describes the supported platforms and requirements for SGD servers.

2.1.1 Supported Installation Platforms for SGD

The supported installation platform for SGD is Oracle Linux 7, 64-bit only.

Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products.

2.1.1.1 Virtualization Support

SGD is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product.

2.1.1.2 Network Requirements

IPv6 network addresses are not supported for the SGD host.

IPv6 network addresses are supported for deployments using the SGD Gateway. See Network Requirements in the Oracle Secure Global Desktop Gateway Administration Guide.

See the Oracle Secure Global Desktop Installation Guide for details of network requirements for SGD.

2.1.2 Supported Upgrade Paths

Upgrades to version 5.6 of SGD are only supported from the following versions:

• Oracle Secure Global Desktop Software version 5.5

Upgrades from SGD Release 5.4 or earlier releases to SGD Release 5.6 are not supported.

Backing Up and Restoring Data From a Legacy SGD Installation in the Oracle Secure Global Desktop Installation Guide describes how you can migrate data from an SGD 5.4 installation to a default SGD 5.6 installation.

2.1.3 Java Requirements

For this release, Java 11 is required on the SGD host.

Server JRE (Java SE Runtime Environment) is not shipped with SGD. You must install this product separately on the SGD host. Both Oracle Java and OpenJDK are supported.

The Java truststore on the SGD host is used to store the CA certificates used by the SGD server.

2.1.4 Third Party Components for SGD

The SGD web server consists of an Apache web server and a Tomcat JavaServer Pages (JSP) technology container preconfigured for use with SGD.

The SGD web server consists of several components. The following table lists the web server component versions for this release of SGD.

Component Name	Version
Apache HTTP Server	2.4.41
Apache Tomcat	9.0.37

The Apache web server includes all the standard Apache modules as shared objects.

The minimum Java Virtual Machine (JVM) software heap size for the Tomcat JSP technology container is 256 megabytes.

2.1.5 Supported Authentication Mechanisms

The following are the supported mechanisms for authenticating users to SGD:

• Lightweight Directory Access Protocol (LDAP) version 3

• Microsoft Active Directory

• Network Information Service (NIS)

• RSA SecurID

• Oracle Access Manager

• Web server authentication (HTTP/HTTPS Basic Authentication), including public key infrastructure (PKI) client certificates

2.1.5.1 Supported Versions of Active Directory

Active Directory authentication and LDAP authentication are supported on the following versions of Active Directory:

• Windows Server 2012

• Windows Server 2012 R2

• Windows Server 2016

• Windows Server 2019

2.1.5.2 Supported LDAP Directories

SGD supports version 3 of the standard LDAP protocol. You can use LDAP authentication with any LDAP version 3-compliant directory server. However, SGD only supports the following directory servers:

• Oracle Unified Directory 11gR1 (11.1.1.x), 11gR2 (11.1.2.x)

• Oracle Internet Directory 11gR1 (11.1.1.x), 11gR2 (11.1.2.x)

• Oracle Directory Server Enterprise Edition 11gR1 (11.1.1.x)

• Microsoft Active Directory, as shown in Section 2.1.5.1, “Supported Versions of Active Directory”

Other directory servers may work, but are not supported.

2.1.5.3 Supported Versions of SecurID

SGD has been tested with version 8.1 of RSA Authentication Manager.

SGD supports system-generated PINs and user-created PINs.

2.1.5.4 Supported Versions of Oracle Identity Management

SGD works with the following versions of Oracle Identity Management:

• Oracle Identity Management 11gR2 (11.1.2.x)

2.1.6 SSL Support

SGD supports TLS version 1.2 and 1.3. Earlier versions of TLS are not supported.

SGD supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates.

SGD supports the Subject Alternative Name (subjectAltName) extension for SSL certificates. SGD also supports the use of the * wildcard for the first part of the domain name, for example *.example.com.

SGD includes support for a number of Certificate Authorities (CAs). The supported CA certificates are determined by the Java Runtime Environment (JRE) used by SGD. To add support for additional CAs, you can import CA certificates to the JRE truststore. Additional configuration is required to support SSL certificates signed by an unsupported CA. Intermediate CAs are supported, but additional configuration may be required if any of the certificates in the chain are signed by an unsupported CA.

SGD supports the use of external hardware SSL accelerators, with additional configuration.

By default, SGD uses Oracle approved cipher suites.

Other cipher suites may be configured, as described in the Oracle Secure Global Desktop Administration Guide. You can use any cipher suite that is supported by the version of OpenSSL installed on the SGD host.

2.1.7 Printing Support

Note

To use the full features of SGD printing, install the oracle-sgd-ext-print-* extension packages on the SGD host as described in Installing the oracle-sgd-ext-* Extension Packages in the Oracle Secure Global Desktop Installation Guide.

SGD supports two types of printing: PDF printing and Printer-Direct printing.

For PDF printing, SGD uses the oracle-sgd-ext-print-converter extension package to convert print jobs into PDF files.

For PDF printing from Windows applications, you can configure SGD to generate the PDF output directly on the application server. This means that the oracle-sgd-ext-print-converter extension package is not required on the SGD host for print job conversion.

SGD supports Printer-Direct printing to PostScript, Printer Command Language (PCL), and text-only printers attached to the user's client device. To support print job conversion from PostScript to PCL, the oracle-sgd-ext-print-converter extension package must be installed on the SGD host.

To print from a UNIX or Linux system application server using CUPS (Common UNIX Printing System), the version of CUPS must be at least 1.4.2. For best results, install the oracle-sgd-ext-print-cups extension package on the SGD host.

2.2 Client Device Requirements and Support

This section describes the supported platforms and requirements for client devices.

2.2.1 Supported Client Platforms

The following sections list the supported client platforms and browsers for the SGD Client.

• Desktop platforms: For supported desktop client platforms, see Section 2.2.1.1, “Desktop Client Platforms”.

• Chrome OS devices: For a list of Chrome OS devices which have been tested with SGD, see Section 2.2.1.2, “Chrome OS Client Platforms”.

Caution

The client platform for SGD must be a full operating system. An individual application, such as a browser, is not a supported client platform.

2.2.1.1 Desktop Client Platforms

Table 2.1, “Supported Desktop Client Platforms for SGD” shows the supported desktop client platforms and browsers for this release.

For more information, see About the Supported Desktop Client Platforms and Browser Versions.

Table 2.1 Supported Desktop Client Platforms for SGD

Supported Client Platform	Supported Browsers
Microsoft Windows 10 (64-bit only)	Microsoft Edge Mozilla Firefox 77 and later, Rapid Release and ESR Chrome
Oracle Linux (64-bit): Oracle Linux 6 (at least version 6.2) Oracle Linux 7 (at least version 7.0)	Mozilla Firefox 68.9 ESR Chrome
Ubuntu Linux 16.04, 18.04, and 20.04 (64-bit)	Mozilla Firefox 52 ESR, 59 Chrome
macOS 10.13 or later	Safari 13 Mozilla Firefox 77 and later, Rapid Release and ESR Chrome

Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products.

About the Supported Desktop Client Platforms and Browser Versions

Table 2.1, “Supported Desktop Client Platforms for SGD” shows the client platforms and browser versions that Oracle has tested with this release of SGD.

The latest versions of the browsers listed in this table are supported. Browsers not shown in this table may be supported at a later stage.

2.2.1.2 Chrome OS Client Platforms

Table 2.2, “Chrome OS Client Devices Tested With SGD” shows the Chrome OS client devices that have been tested with this release.

The latest versions of the browsers listed in this table are supported.

Note

Oracle has tested SGD with the following preferred models of Chrome OS devices. Other devices may work with SGD, but have not been tested.

Table 2.2 Chrome OS Client Devices Tested With SGD

Device Name	Operating System	Supported Browsers
Acer Chromebook HP Chromebook	Chrome OS 64	Chrome

2.2.1.3 Browser Requirements

• The SGD Administration Console is not supported on Safari browsers.

• Beta versions or preview releases of browsers are not supported.

• Browsers must be configured to accept cookies.

• Browsers must have the JavaScript programming language enabled.

For details of workarounds when using untrusted certificates with the HTML5 Client on desktop platforms, see Section 3.1.23, “24311356 – Browser Workarounds for Using Untrusted Certificates with the HTML5 Client on Desktop Platforms”.

2.2.1.4 Other Client Requirements

For best results, client devices must be configured for at least thousands of colors.

The SGD Client and workspace are available in the following supported languages:

• English

• French

• German

• Italian

• Japanese

• Korean

• Portuguese (Brazilian)

• Spanish

• Chinese (Simplified)

• Chinese (Traditional)

2.2.1.5 Virtualization Support

SGD is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product.

2.2.1.6 Network Requirements

IPv6 network addresses are supported for client devices when using an IPv6 Gateway deployment. See Network Requirements in the Oracle Secure Global Desktop Gateway Administration Guide.

See the Oracle Secure Global Desktop Installation Guide for details of network requirements for SGD.

2.2.2 Supported Proxy Servers

You can use HTTP, Secure Sockets Layer (SSL) or SOCKS version 5 proxy servers with SGD. To connect to SGD using an HTTP proxy server, the proxy server must support tunneling.

SOCKS proxy servers: SGD supports the following authentication methods.

• Basic

• Anonymous (no authentication required)

HTTP proxy servers: SGD supports the following authentication methods.

• Negotiate (for NTLM authentication only)

• Digest

• NTLM

• Basic

• Anonymous (no authentication required)

For the Negotiate method you must use a Windows client device and must start the SGD Client manually.

If the HTTP proxy server supports multiple authentication methods, the SGD Client selects a method automatically. The selected method is based on the order of preference shown in the above list. Negotiate has the highest order of preference, Basic has the lowest order of preference.

By default, the SGD Client uses the system proxy settings configured for the client device.

2.2.3 PDF Printing Support

To be able to use PDF printing, a recognized PDF viewer must be installed on the client device. SGD supports the following PDF viewers.

Client Platform	PDF Viewer	Notes
Microsoft Windows	Adobe Reader DC (version 2020 or later) Nitro Pro (version 11 or later) Chrome	The Universal PDF Viewer uses the default PDF viewer for the SGD user on the client device. The Universal PDF Printer is only supported with Adobe Reader and Nitro.
Oracle Linux	GNOME PDF Viewer (gpdf) Evince Document Viewer (evince) X PDF Reader (xpdf)	To be able to use a supported PDF viewer, the application must be on the user's PATH. Support for alternative PDF viewers can be configured in the user's client profile.
macOS	Preview App (/System/Applications/Preview.app)	The Preview App PDF viewer must support the open -a command option. To be able to use a supported PDF viewer, the application must be on the user's PATH. Support for alternative PDF viewers can be configured in the user's client profile.

2.2.4 Supported Smart Cards

SGD works with any Personal Computer/Smart Card (PC/SC)-compliant smart card and reader supported for use with Microsoft Remote Desktop Services.

2.3 SGD Gateway Requirements and Support

This section describes the supported platforms and requirements for the SGD Gateway.

2.3.1 Supported Installation Platforms for the SGD Gateway

The supported installation platform for the SGD Gateway is Oracle Linux 7, 64-bit only.

Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products.

By default, the SGD Gateway is configured to support a maximum of 100 simultaneous HTTP connections, 512 simultaneous Adaptive Internet Protocol (AIP) connections, and 512 simultaneous websocket connections. The JVM memory size is optimized for this number of connections. The Oracle Secure Global Desktop Gateway Administration Guide has details of how to tune the Gateway for the expected number of users.

2.3.1.1 Virtualization Support

The SGD Gateway is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product.

2.3.2 Network Requirements

IPv6 network addresses are supported for the SGD Gateway. See Network Requirements in the Oracle Secure Global Desktop Gateway Administration Guide.

2.3.3 SGD Server Requirements for the SGD Gateway

The following requirements apply for the SGD servers used with the SGD Gateway:

• SGD version. Always use version 5.6 of SGD with version 5.6 of the Gateway.

• Clock synchronization. It is important that the system clocks on the SGD servers and the SGD Gateway are in synchronization. Use Network Time Protocol (NTP) software, or the rdate command, to ensure that the clocks are synchronized.

2.3.4 Third Party Components for the SGD Gateway

The Apache web server supplied with the SGD Gateway is Apache version 2.4.41.

The web server includes the standard Apache modules for reverse proxying and load balancing. The modules are installed as Dynamic Shared Object (DSO) modules.

2.3.5 SSL Support

SSL support for the SGD Gateway is provided by the Java Runtime Environment (JRE) used by the Gateway.

The SGD Gateway supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates.

The SGD Gateway supports the use of external hardware SSL accelerators, with additional configuration.

By default, the SGD Gateway is configured to use Oracle approved cipher suites for SSL connections.

Other cipher suites supported by the JRE may also be used with the Gateway. These cipher suites must be configured by the user, as shown in the Oracle Secure Global Desktop Gateway Administration Guide.

2.4 Application Requirements and Support

This section describes the supported platforms and requirements for displaying applications through SGD.

2.4.1 Supported Applications

You can use SGD to access the following types of applications:

• Microsoft Windows

• X applications running on Oracle Solaris, Linux, HP-UX, and AIX application servers

• Character applications running on Oracle Solaris, Linux, HP-UX, and AIX application servers

• Applications running on IBM mainframe and AS/400 systems

• Web applications, using HTML and Java technology

SGD supports the following protocols:

• Microsoft Remote Desktop Protocol (RDP)

• X11

• HTTP

• HTTPS

• SSH at least version 2

• Telnet VT, American National Standards Institute (ANSI)

• TN3270E

• TN5250

2.4.2 Network Requirements

IPv6 network addresses are not supported for application servers used by SGD. See the Oracle Secure Global Desktop Installation Guide for details of network requirements for SGD.

2.4.3 Supported Installation Platforms for the SGD Enhancement Module

The SGD Enhancement Module is a software component that can be installed on an application server to provide the following additional functionality when using applications displayed through SGD:

• Advanced load balancing

• Client drive mapping (UNIX or Linux platforms only)

• Seamless windows (Windows platforms only)

• International keyboard support (Windows platforms only)

• Audio (UNIX or Linux platforms only)

  The PulseAudio audio module is supported on Oracle Linux 6 or later, and Oracle Solaris 11 platforms only.

Table 2.3, “Supported Installation Platforms for the SGD Enhancement Module” lists the supported installation platforms for the SGD Enhancement Module.

Table 2.3 Supported Installation Platforms for the SGD Enhancement Module

Operating System	Supported Versions
Microsoft Windows (64-bit)	Windows Server 2019, Windows Server 2016, 2012 R2
Oracle Solaris on SPARC platforms	Solaris 10 8/11 (update 10) or later Solaris 11 Trusted Extensions versions of the above
Oracle Solaris on x86 platforms	Solaris 10 8/11 (update 10) or later Solaris 11 Trusted Extensions versions of the above
Oracle Linux (32-bit and 64-bit)	5 (at least version 5.5) 6 (at least version 6.2) 7 (at least version 7.0) 8 (at least version 8.0)

Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products.

On Oracle Solaris Trusted Extensions platforms, only advanced load balancing is supported. Audio and CDM are not supported.

For best results, ensure that the version of the Enhancement Module is the same as the SGD server version.

Application servers that are not supported platforms for the SGD Enhancement Module can be used with SGD to access a supported application type using any of the supported protocols.

2.4.3.1 Virtualization Support

The SGD Enhancement Module is supported and can be installed in an Oracle virtualized environment. If you encounter a problem when using an unsupported virtualization environment, you may be asked to demonstrate the issue on a non-virtualized operating system to ensure the problem is not related to the virtualization product.

Installation in zones is supported for Oracle Solaris platforms. The Enhancement Module can be installed in the global zone, or in one or more non-global zones. Installation in both the global zone and a non-global zone is not supported.

On Oracle Solaris Trusted Extensions platforms, you must install the Enhancement Module in a labeled zone. Do not install in the global zone.

2.4.4 Microsoft Windows Remote Desktop Services

SGD does not include licenses for Microsoft Windows Remote Desktop Services. If you access Remote Desktop Services functionality provided by Microsoft operating system products, you need to purchase additional licenses to use such products. Consult the license agreements for the Microsoft operating system products you are using to determine which licenses you must acquire.

SGD supports RDP connections to the following versions of Microsoft Windows:

• Windows Server 2019

• Windows Server 2016

• Windows Server 2012, 2012 R2

• Windows 8, 8.1

• Windows 10

On Windows 8 and Windows 10 platforms only full Windows desktop sessions are supported. Running individual applications is not supported. Seamless windows are also not supported.

SGD supports RDP connections to virtual machines (VMs) running on a hypervisor. The following features are supported when you connect using RDP:

• Audio recording (input audio)

• Audio redirection

• Clipboard redirection

• COM port mapping

• Drive redirection (client drive mapping)

• Multi-monitor

• Session directory

• Smart card device redirection

• Windows printer mapping (client printing)

2.4.4.1 Audio Recording Redirection

To record audio in a Windows Remote Desktop Services session, audio recording redirection must be enabled on the application server. By default, audio recording redirection is disabled.

2.4.4.2 Encryption Level

You can only use the Low, Client-compatible, or High encryption levels with SGD. SGD does not support the Federal Information Processing Standards (FIPS) encryption level.

2.4.4.3 Transport Layer Security

With Microsoft Windows Server, you can use Transport Layer Security (TLS) for server authentication, and to encrypt Remote Desktop Session Host communications.

2.4.4.4 Network Level Authentication

If the Remote Desktop Session Host supports Network Level Authentication (NLA) using CredSSP, you can use NLA for server authentication.

2.4.5 X and Character Applications

To run X and character applications, SGD must be able to connect to the application server that hosts the application. SGD supports SSH and Telnet as connection methods. SSH is the most secure connection method.

SGD works with SSH version 2 or later. Because of SSH version compatibility problems, use the same major version of SSH, either version 2 or version 3, on all SGD hosts and application servers.

SGD supports the X Security extension. The X Security extension only works with versions of SSH that support the -Y option. For OpenSSH, this is version 3.8 or later.

To print from a UNIX or Linux system application server using CUPS, the version of CUPS must be at least 1.4.2.

2.4.5.1 X11 Software

SGD includes an X protocol engine (XPE) implementation based on X.Org Server 1.20.

2.4.5.2 Supported X Extensions

SGD supports the following X extensions for X applications:

• BIG-REQUESTS

• Composite

• DAMAGE

• DOUBLE-BUFFER

• GLX

• Generic Event Extension

• MIT-SCREEN-SAVER

• MIT-SHM

• RANDR

• RECORD

• RENDER

• SGI-GLX

• SHAPE

• SYNC

• X-Resource

• XC-MISC

• XFIXES

• XINERAMA

• XInputExtension

• XKEYBOARD

• XTEST

2.4.5.3 Character Applications

SGD supports VT420, Wyse 60, or SCO Console character applications.

2.4.6 Oracle Hypervisor Hosts

SGD includes the following application server objects, which can be used to represent an Oracle hypervisor host.

• Oracle VM hypervisor: Used to integrate with an Oracle VM hypervisor host.

  This release of SGD has been tested with version 3.3 and 3.4 of Oracle VM.

• VirtualBox hypervisor: Used to integrate with an Oracle VM VirtualBox hypervisor host.

  This release of SGD has been tested with version 5.0 of Oracle VM VirtualBox.

Integration with Oracle VM and Oracle VM VirtualBox is described in the Oracle Secure Global Desktop Administration Guide.

2.4.7 Microsoft Hyper-V

This release of SGD supports connections to a Microsoft Hyper-V guest running on a supported Windows Server platform.

Integration with Microsoft Hyper-V is supported by configuring a Windows application object, as described in the Oracle Secure Global Desktop Administration Guide.

The enhanced session mode feature of Hyper-V can be used with supported virtual machines.

2.5 Removed Features

The following features are not available in this release:

• Using tablet devices with the HTML5 Client.

• The oracle-sgd-clients-legacy package for 32-bit SGD Clients.

• SGD Client packages for Solaris client platforms.

• Internet Explorer is no longer supported as a browser on Windows client platforms.

• RANDR attributes for global settings and for applications, users, and organizations.

• The Graphics Acceleration (--accel) attribute for application objects.

Copyright © 2020, Oracle and/or its affiliates. Legal Notices