1.1 Preparing to Install

This section describes the things you must know and do before you install Oracle Secure Global Desktop (SGD).

The following topics are covered:

  • Hardware requirements

  • Operating system modifications required before installing SGD

  • System requirements, such as the required users and network ports

Note

Before installing SGD, read the Oracle Secure Global Desktop Platform Support and Release Notes. The release notes contain the latest information on supported platforms and known issues.

1.1.1 Hardware Requirements for SGD

Use the following hardware requirements as a guide and not as an exact sizing tool. For detailed help with hardware requirements, contact an Oracle sales office.

The requirements for a server hosting SGD can be calculated based on the total of the following:

  • What is needed to install and run SGD

  • What is needed for each user that logs in to SGD on the host and runs applications

The following are the requirements for installing and running SGD:

  • 2 GB of free disk space

  • 2 GB of RAM

  • 1 GHz processor

  • Network adapter card

This is in addition to what is required for the operating system itself and assumes the server is used only for SGD.

The following are the requirements to support users who log in to SGD and run applications:

  • Minimum 50 MB for each user

  • 50 MHz for each user

Caution

The actual CPU and memory requirements can vary significantly, depending on the applications used.

1.1.2 Operating System Modifications

You may have to make some operating system modifications. Without these modifications, SGD may not install properly or operate correctly.

1.1.2.1 Oracle Linux

The following operating system modifications may be required for Oracle Linux platforms:

  • Ensure that the /etc/hosts file has an entry that maps the name of the SGD host to the network IP address of the SGD host. The SGD hostname must not be mapped to the local loopback IP address.

  • To avoid problems with locating shared libraries, ensure that the LD_LIBRARY_PATH environment variable is not set.

  • On Oracle Linux 7 platforms, choose the Server with GUI package group.

1.1.2.2 SecurID Authentication

To use SecurID authentication, ensure that the SecurID Authentication Agent software is installed on each SGD host.

1.1.2.3 Locale Requirements

Ensure that the locale is set on the SGD host. For best results, use an UTF-8 locale.

1.1.3 Required Users and Privileges

To install SGD, you must have superuser (root) privileges.

The host must have ttaserv and ttasys users and a ttaserv group.

  • The ttasys user owns all the files and processes used by the SGD server.

  • The ttaserv user owns all the files and processes used by the SGD web server.

The SGD server does not require superuser (root) privileges to run. The SGD server starts as the root user and then downgrades to the ttasys user.

If the required users and group are not present on the host, they are created automatically during installation.

If you need to create the required users and group manually, the following are the requirements:

  • The user names must be ttaserv and ttasys.

  • The group name must be ttaserv.

  • You can use any user identification number (UID) or group ID (GID) you want. The UID and GID can be different.

  • Both users must have ttaserv as their primary group.

  • Both users must have a valid shell, for example /bin/sh.

  • Both users must have a writable home directory.

  • For security, lock these accounts, for example with the passwd -l command.

Create these users with the useradd and groupadd commands. For example: 

# groupadd ttaserv
# useradd -g ttaserv -s /bin/sh -d /home/ttasys -m ttasys
# useradd -g ttaserv -s /bin/sh -d /home/ttaserv -m ttaserv
# passwd -l ttasys
# passwd -l ttaserv

To check whether the ttasys and ttaserv user accounts are correctly set up on your system, use the following commands. 

# su ttasys -c "/usr/bin/id -a"
# su ttaserv -c "/usr/bin/id -a"

If your system is set up correctly, the command output should be similar to the following examples. 

uid=1002(ttaserv) gid=1000(ttaserv) groups=1000(ttaserv)
uid=1003(ttasys) gid=1000(ttaserv) groups=1000(ttaserv)

1.1.4 Network Requirements

You must configure your network for use with SGD. The following are the main requirements:

  • When configuring SGD arrays or using SGD Gateways and Enhancement Modules, hosts must have Domain Name System (DNS) entries that can be resolved by all clients and other SGD peers.

  • A resolvable hostname is not required for a standalone SGD server. As long as clients can access the server by IP address or by virtual networking, SGD will function.

    Note

    This setup is recommended only for simple deployments or for development and test purposes.

  • IPv6 network addresses are not supported for the SGD host.

    IPv6 network addresses are supported for client connections to the SGD Gateway. See Network Requirements in the Oracle Secure Global Desktop Gateway Administration Guide.

The Oracle Secure Global Desktop Administration Guide has detailed information about all the ports used by SGD and how to use SGD with firewalls. The following information lists the common ports used.

Client devices must be able to make TCP/IP connections to SGD on the following TCP ports:

  • 80 - For HTTP connections between client devices and the SGD web server. The port number can vary depending on the port selected on installation.

  • 443 - For HTTP over Secure Sockets Layer (HTTPS) connections between client devices and the SGD web server.

  • 3144 - For standard (unencrypted) connections between the SGD Client and the SGD server.

  • 5307 - For secure connections between the SGD Client and the SGD server. Secure connections use Transport Layer Security (TLS).

Note

For a default installation of SGD, only ports 443 and 5307 must be open in the firewall.

For a single host Gateway deployment, where a single SGD server and an SGD Gateway are installed on the same host, only port 443 needs to be open.

To run applications, SGD must be able to make TCP/IP connections to application servers. The types of applications determine the TCP ports that must be open, for example:

  • 22 – For X and character applications using Secure Shell (SSH)

  • 23 – For Windows, X, and character applications using Telnet

  • 3389 – For Windows applications using Windows Remote Desktop Services

  • 6010 and above – For X applications

1.1.5 Clock Synchronization

In SGD, an array is a collection of SGD servers that share configuration information. As the SGD servers in an array share information about user sessions and application sessions, it is important to synchronize the clocks on the SGD hosts. Use Network Time Protocol (NTP) software or the rdate command to ensure the clocks on all SGD hosts are synchronized.

1.1.6 Creating a Linux Package Repository From an ISO Image

When installing on Linux platforms, you use the yum command to ensure that any package dependencies are resolved automatically. This means that yum must be configured to use a suitable Linux package repository.

The Oracle Linux Yum Server at http://yum.oracle.com contains instructions on how to set up an online repository.

If an online package repository is not available, you can use the installation ISO image for your operating system as a local package repository.

The following steps describe how to create a local package repository from an Oracle Linux ISO image stored on the SGD host.

  1. Log in as superuser (root) on the SGD host.

  2. Create a directory for your repository and mount the ISO image. For example: 

    # mkdir /iso
# mount -o loop OracleLinux-R7-version-Server-x86_64-dvd.iso /iso

  3. Configure yum to use the new repository.

    Create the following yum configuration file called iso.repo in the /etc/yum.repos.d/ directory. 

    [iso]
  name=iso
  baseurl=file:///iso/
  gpgkey=file:///iso/RPM-GPG-KEY
  enabled=1

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. Legal Notices