This chapter includes a glossary of terms that are used in Sun Secure Global Desktop (SGD).
An SGD object that represents a 3270 protocol application running on a mainframe host. 3270 Application objects have a cn= naming attribute.
An SGD object that represents a 5250 protocol application running on an AS/400 host. 5250 Application objects have a cn= naming attribute.
Microsoft’s implementation of LDAP directory services. Used to store information about the resources, services, and users across a Windows domain.
An SGD object used to represent an Active Directory structure within the SGD organizational hierarchy. Active Directory Container objects have a cn= naming attribute.
Load balancing algorithms that measure the true load on application servers, using information provided by the SGD Enhancement Module.
Adaptive Internet Protocol. A proprietary protocol used by SGD software components. AIP optimizes the user experience by choosing the most efficient ways to transfer application display data and user input between client devices and SGD servers.
The situation where an authentication mechanism has found more than one match for a user and cannot distinguish between them without further information from the user.
An authentication mechanism where users can log in to SGD without supplying a user name or password. Anoymous user authentication is disabled by default.
The mechanism that determines which application server runs a user’s application.
A networked device, such as a Windows 2000 server or Linux server, configured to run applications. Application servers are represented in the SGD datastore by an Application Server object.
An SGD object that represents an application server used to run applications through SGD. Application Server objects have a cn= naming attribute.
A secure store of application server user names and passwords associated with user identities. Maintained so that application server authentication can proceed without prompting the user. Also called the password cache.
An application session begins when a user starts an application, and ends when the application exits. Information about an application session is stored in memory by the SGD server. Each application session is associated with a Protocol Engine.
The mechanism that determines which SGD server in the array manages the application session, and runs the Protocol Engine for a user’s application.
A collection of SGD servers that share configuration information. The SGD servers in an array act together to enable users to see the same webtop, and resume their applications, whatever SGD server they log in to. Arrays of SGD servers provide scalability and redundancy.
A field in the Administration Console that indicates the origin of an object link. Assignment Types can be Direct, Indirect, or Multiple. See also direct assignment, indirect assignment, multiple assignment.
Automatic Terminal Recognition string. A sequence of bytes used to identify a smart card.
A named property of an object. Attributes may have zero or more values, as defined by the schema.
A file that defines how character attributes, such as bold and underline, are displayed in the SGD terminal emulators.
In Integrated mode operation, identification data submitted from the SGD Client to the SGD server. Used by the authentication token authentication mechanism.
The ability to perform more than one SGD related task with a single instance of a tarantella command.
An SGD service that logs user session and application session information for an SGD server or an array of SGD servers.
Information supplied to a Certificate Authority, that is used to verify identity and generate an X.509 certificate.
Common Gateway Interface. A specification for interfacing external applications with a web server.
An SGD object that represents a VT420, Wyse 60, or SCO Console application. Character Application objects have a cn= naming attribute.
A networked device, such as a Windows PC or Linux workstation, used to access an SGD server.
Enables users to access some or all of their client’s drives, from an application running on an application server.
Settings for the SGD Client, including server URL, proxy settings, and mode of operation. The client profile is downloaded to the client device when a user connects to an SGD server.
SGD terminal emulators support a palette of 16 colors. The color map is a file that defines the RGB values of these colors.
A name used to identify an entry in an LDAP directory. For example, the name of a person.
A tool for SGD Administrators, useful for quickly adding new objects to an existing hierarchy, rather than creating a new hierarchy.
The SGD licensing model where a license is allocated when a user starts to use the licensed functionality, and is released as soon as a user stops using the licensed functionality.
A short packet of data, used as an identification token. Some cookies are encrypted, to prevent forgery.
A service process on UNIX platform operating systems that runs in the background, rather than under the direct control of a user.
The process where SGD system data is copied from the primary server in an SGD array to the secondary servers in the SGD array.
The sum of all the information used by the various components of SGD, including information about application servers and users on the network, user session and application session information, and organizational information. Organized into namespaces, such as _ens, _dns etc.
Information encrypted with a user’s private key and appended to a message to ensure the authenticity of the message. The digital signature can be verified using the user’s public key. See also public key cryptography.
In the Administration Console, a one-to-one object link created using the Editable Assignments table. See also editable assignment.
A container object in SGD, similar to an Organization object, but does not include SGD-specific attributes or allow you to assign applications. Examples include a Domain Component object and an Active Directory Container object.
Services that store and manage the resources and users on a network. SGD uses the principles of directory services for object storage and management.
The ability to define webtops for users without requiring User Profile objects for those users in the SGD datastore. Instead, user information is kept in an external LDAP directory. Application objects in the SGD datastore define which LDAP users can see them on their webtop.
An SGD software component that runs on a client device. Display Engines display applications to users and accept user input. They use AIP to communicate with Protocol Engines on SGD servers.
Where print jobs are distributed across the array, avoiding bottlenecks and single points of failure. A user’s print jobs are processed on the SGD server hosting the application session for the application you want to print from.
An SGD object that represents a document on the web. Documents can be any URL, including Sun StarOffice documents, or Adobe Acrobat files. A Document object can also refer to a web application. Document objects have a cn= naming attribute.
An SGD object used to replicate a directory structure, usually a Microsoft Active Directory structure, within the SGD organizational hierarchy. Domain Component objects have a dc= naming attribute.
In the Administration Console, a one-to-one object link that can be edited by an SGD Administrator. See also direct assignment.
In the Administration Console, a summary of the object links for the current object. Effective assignments can include both direct assignments and indirect assignments.
An optional SGD software component installed on an application server to provide additional SGD functionality, such as client drive mapping, audio, and advanced load balancing.
A set of system configuration values that can be accessed by a running program.
Enlightened Sound Daemon. A sound server for UNIX and Linux platforms that enables mixing of several digitized audio streams for playback by a single device.
Using SGD when no license keys have been installed. In Evaluation mode, a limited-functionality version of SGD may be used for a 30-day period. See also Fully Licensed mode.
An extension to the Tcl scripting language, typically used for interactive applications. The SGD login scripts are written in the Expect language.
The name by which an SGD server is known to a client device. An SGD server can have multiple external DNS names.
Federal Information Processing Standards. Standards developed by the United States Federal government for use by non-military government agencies and government contractors.
Running SGD through a single open firewall port between client devices and SGD servers. Also known as firewall forwarding.
An unambiguous name used to specify an SGD object. For example, .../_ens/o=organization/ou=marketing/cn=Indigo Jones, specifies a User Profile object in SGD.
Using SGD when license keys have been installed. The number of users that can log in or have running applications is limited by the installed license keys.
A role object in the Tarantella System Objects organization, used to assign administrative privileges to users.
A domain controller that contains attributes for every object in the Active Directory.
An SGD object that represents a collection of applications or application servers. Each application or application server in the group is called a member. Group objects have a cn= naming attribute.
Internet Assigned Numbers Authority. Organization that allocates and manages IP addresses, domain names, and port numbers used by the Internet.
Independent Computing Architecture. A protocol used by Citrix Presentation Server to communicate with client devices.
In the Administration Console, an object link created by an LDAP search or by inheritance from another object.
The ability to define webtop content implicitly. Content is usually inherited from the parent object, but other objects can also be used.
A program that enable users to type in characters or symbols not found on their keyboard. On Microsoft Windows platforms, an IM is called an input method editor (IME).
The mode of operation of SGD where your applications are displayed in the desktop Start or Launch menu.
Internet Protocol address. A unique 32-bit numeric identifier for a computer on a network.
A web server component that handles requests for JSP pages. SGD uses the Tomcat JSP container.
Key Distribution Center. Used by Kerberos authentication as part of the Active Directory authentication mechanism.
A file that contains mapping information between keys on the user’s client keyboard and keys on a terminal. Used with SGD terminal emulators.
A database of cryptographic keys. A keystore can contain both public keys and private keys.
Lightweight Directory Access Protocol over SSL. Used for secure connections to an LDAP directory.
A string, of the form AAAAA-AAAAA-AAAAA-AAAAA-AAAAA. Installing the license key in an SGD array enables you to use certain features of the SGD software. See also Fully Licensed mode.
The collection of Microsoft Windows Terminal Services CALs allocated to non-Windows client devices. Manipulated using the tarantella tscal command.
The mechanism that delivers the best possible user experience by choosing SGD servers and application servers linked by a fast network where possible.
A set of parameters that defines the user’s language, country, and other location-specific preferences.
A store containing information about users, applications, webtops, and application servers. Stored on the primary SGD server and replicated to other SGD servers in the array. Corresponds to the _ens namespace in the SGD datastore. Can be managed using the Administration Console or the tarantella commands.
A script that runs on the SGD server when a user starts an application. Connects to the application server, supplies authentication credentials for that server, and starts the application.
Line Printer Daemon. A printing protocol used to provide print server functions to a UNIX or Linux platform system. Also known as LPR.
A constituent of a group or a role. In SGD, Group objects and Role objects contain one or more member objects. These are usually Application objects, User Profile objects, or Application Server objects.
In the Administration Console, an object link that has both direct assignment and indirect assignment sources. See also Assignment Type.
A feature of SGD that enables users to log in and display a full-screen desktop, without displaying an SGD webtop.
An identifier for a computer running Microsoft Windows. The NetBIOS name can be specified when Windows networking is installed or configured on the computer.
A self-contained entity, defined by a number of attributes and values. SGD objects have different types, such as X Application or Character Application. The available attributes for each type are defined by a schema.
An SGD object used to represent the top level of an organizational hierarchy. Organization objects can contain OU or User Profile objects. Organization objects have an o= naming attribute.
The collection of objects in the SGD datastore, descending from one or more Organization or Domain Component objects. Represents the collection of people, application servers, and applications within an organization.
An SGD object used to distinguish different departments, sites, or teams in an organizational hierarchy. Organizational Unit (OU) objects can be contained in an Organization or Domain Component object. Organizational Unit objects have an ou= naming attribute.
Open Sound System. A standard interface for audio recording and reproduction in UNIX platform operating systems
Personal Computer/Smart Card. A standard for interoperability of PCs, smart card readers, and smart cards.
An SGD feature available for client devices with Adobe Reader software installed. Enables users to print to a PDF printer from their application, which either displays the file or prints using the Adobe Reader program on their client device.
Code supplied to a SecurID device using a key pad. Combined with a tokencode to form a passcode.
Public Key Cryptography Standards. Specifications produced by RSA Laboratories for public key cryptography.
The SGD server that acts as the authoritative source for global information, and maintains the definitive copy of the SGD datastore.
In public key cryptography, a key that is only know by the recipient of a message. The private key can be used to decrypt messages and to create digital signatures.
A server that acts as an intermediary between a client device and the Internet. The proxy server can provide access control and web request caching services.
In public key cryptography, a key that can be distributed to anyone. The public key can be used to encrypt messages and to verify digital signatures.
A cryptographic system using a pair of keys, a public key and a private key. The public key is used to encrypt messages and the private key is used to decrypt messages.
An SGD software component that runs on an SGD server. Protocol Engines emulate native protocols such as X11 and RDP and communicate with application servers, sending display data using AIP to Display Engines on client devices. See also application session.
Remote Desktop Protocol. Protocol that allows a user to connect to a computer running Windows Terminal Services.
Another name for SGD printing from application servers using Windows Terminal Services.
In an LDAP directory, the part of a distinguished name that uniquely identifies a child entry for a common parent entry.
Microsoft Windows registry. On Windows client devices, a database of settings for the operating system.
The attribute of an application session that controls its lifetime. Defined on a per-application basis by an SGD Administrator, as either never resumable, resumable during the user session, or always resumable. See also resume and suspend.
Defines a color in the RGB color model. The amount of red, green, and blue in the color are indicated by a value from 0 to 255.
A feature of SGD that provides Microsoft Windows users with the same working environment, no matter which Microsoft Windows computer they use.
An object that defines the members and applications associated with a particular role in SGD. Currently, only one role is available, Global Administrators. This role defines the SGD Administrators.
Software that enables a UNIX or Linux platform server to act as a file server for Windows client devices. Uses a variant of the SMB file sharing protocol.
An SGD window display mode used for Windows applications. Causes an application’s windows to behave in the same way as an application running on a Microsoft Windows application server, regardless of the user’s desktop environment. Requires the SGD Enhancement Module.
An array member that is not the primary server. The primary server replicates information to secondary servers.
A connection between client device and SGD server that uses SSL to protect AIP traffic from eavesdropping, tampering, and forgery. Not related to HTTPS traffic.
Secure, encrypted, communication between SGD array members. Uses SSL.
An authentication mechanism developed by RSA Security to authenticate a user to a network resource.
A physical interface on a computer through which information is transferred one bit at a time.
Where possible, SGD runs an application on the same application server as the one used to run the previous application for the user. See also application load balancing.
The situation where a user logs in to an SGD server, but they already have a user session on another SGD server. The user session is transferred to the new SGD server and the old session ends.
An SGD user with permission to configure SGD settings and create and edit SGD objects, either using the Administration Console or the tarantella commands.
An SGD component that can be installed on client devices. The SGD Client maintains communication with the SGD server and is required to run applications.
A pre-built web server installed and configured along with the SGD server Contains Apache, mod_ssl for HTTPS support, and Tomcat for Java Servlet and JSP support.
A collection of APIs that allow developers to build their own applications to work with SGD. The APIs can be used to authenticate users, launch applications, and interact with the SGD datastore.
Secure Hash Algorithm. In cryptography, an algorithm that computes a fixed-length representation of a message, called a message digest.
When an SGD Administrator displays and interacts with a user’s application at the same time as the user.
Secret Key Identification. An authentication protocol where a shared secret is used to authenticate a connection.
A plastic card, about the size of a credit card, with an embedded microchip that can be loaded with data.
Authentication to a Windows Server 2003 application server by means of user data contained on a smart card.
Simple Object Access Protocol. A protocol for sending XML messages over computer networks using HTTP.
A protocol used by proxy servers to handle TCP connection requests from client devices inside a firewall.
A connection between a client device and an SGD server that is not secured. This is the default connection mode when using SGD.
Alternative DNS name, other than the hostname, specified for an SGD server on an X.509 certificate.
To pause an application session. A suspended application is not closed down, it can be resumed. See also resume.
A component of the SGD server that authenticates users against an external authentication service, such as a Windows domain or an LDAP directory, and determines a user’s SGD user identity and user profile.
An SGD administration tool available from the command line. Used to control the SGD server and make configuration changes.
The Organization object in the SGD datastore that contains objects essential for smooth running and maintenance of SGD.
Tool Command Language. A scripting language developed by John Ousterhout. The SGD login scripts include some Tcl functions.
A program that runs on a graphical user interface and emulates a “dumb” video terminal. SGD includes terminal emulators for SCO Console, Wyse 60, and VT420 terminals.
Microsoft Windows software that enables client devices to run applications and access data on a networked Windows server.
A component of the SGD server that trusts authentication information supplied by a third party and uses that information to automatically authenticate the user as an SGD user, allocating a user identity and a user profile.
Users and a group (ttaserv) that must be set up on a system before SGD can be installed. These users and group own some SGD files and processes after installation.
A standard for universal character encoding. Provides the basis for processing, storage, and interchange of text data in any language.
The SGD concept of who a user is. A user identity can belong to one of a number of different namespaces. User identities are allocated by authentication mechanisms. The user identity can be the same as the user profile in some cases.
In Active Directory, the required format for user names. The user principal name is in email address format, for example, indigojones@indigo.insurance.com.
An SGD object that represents a user in an organization. Can be used to give a user access to applications. User Profile objects can have a cn= (common name), a uid= (user identification), or a mail= (mail address) naming attribute.
Begins when a user logs in to SGD, and ends when the user logs out. Information about a user session is stored in memory by the SGD server.
The mechanism that determines which SGD server in the array a user logs in to to display their webtop.
Hosting of multiple web servers on the same computer. Each web server has a different DNS name.
Virtual Memory System. Operating system originally developed for use on the VAX and Alpha family of computers from DEC.
A web page where users can run applications using SGD, view documents, and manage print jobs. Can be accessed using a web browser or the SGD Client.
The ability to define webtop content implicitly. Content is usually inherited from the parent object, but other objects can also be used.
An SGD object that represents a Microsoft Windows graphical application. Windows Application objects have a cn= naming attribute.
A server in a Windows domain that hosts the Active Directory. The domain controller handles authentication of users and administration tasks.
In SGD, the protocol used to connect to an application server hosting a Microsoft Windows application.
A digital passport that establishes credentials on the web. In SGD, allows client devices to trust the identity of an SGD server.
The process of forwarding, or tunneling, the windows of a remotely started X application to a client desktop.
An SGD object that represents an X11 graphical application. X Application objects have a cn= naming attribute. See also X11 protocol.
Access control mechanisms that control whether a client application can connect to an X server.
A distributed window system for UNIX platform operating systems, based on the X11 protocol. Also called X11, or X Windows.
A feature of Solaris 10 OS that enables multiple virtual operating systems to be deployed on a single Solaris OS server.
Copyright © 2008, Sun Microsystems, Inc. All rights reserved.