A P P E N D I X C |
Sun Secure Global Desktop (SGD) represents users, resources, and the structure of your organization as objects in a directory. Different types of object have different configuration settings, known as attributes.
The object types used by SGD and their attributes are described in this chapter. This chapter includes the following topics:
The supported object types in SGD are as follows:
Use a 3270 application object to give a 3270 application to users.
SGD uses the third-party TeemTalk for Unix emulator for 3270 applications. See the TeemTalk for Unix User’s Guide supplied with SGD for details.
To create a 3270 application object, use the Administration Console or the tarantella object new_3270app command.
In the Administration Console, the configuration settings for 3270 application objects are divided into a series of tabs.
The General tab contains the attributes that control the name and the icon used when creating links for users. The attributes on the General tab are as follows:
The Launch tab contains the attributes that control how the application is started and whether application sessions can be suspended and resumed. The attributes on the Launch tab are as follows:
The Presentation tab contains the attributes that control how the application displays to users. The attributes on the Presentation tab are as follows:
The Performance tab contains the attributes for optimizing the performance of the application. The attributes on the Performance tab are as follows:
The Client Device tab contains the attributes that control how the user’s client device interacts with the application. The attributes on the Client Device tab are as follows:
The Third-Party Emulator tab contains the attributes for the third-party TeemTalk for Unix emulator. The attributes on the Third-Party Emulator tab are as follows:
The Assigned User Profiles tab lists the user profile objects that can run the application. See Assigned User Profiles Tab.
The Application Sessions tab lists the running and suspended application sessions for the application. See Application Sessions Tab.
Use a 5250 application object to give a 5250 application to users.
SGD uses the third-party TeemTalk for Unix emulator for 5250 applications. See the TeemTalk for Unix User’s Guide supplied with SGD for details.
To create a 5250 application object use the Administration Console or the tarantella object new_5250app command.
In the Administration Console, the configuration settings for 5250 application objects are divided into a series of tabs.
The General tab contains the attributes that control the name and the icon used when creating links for users. The attributes on the General tab are as follows:
The Launch tab contains the attributes that control how the application is started and whether application sessions can be suspended and resumed. The attributes on the Launch tab are as follows:
The Presentation tab contains the attributes that control how the application displays to users. The attributes on the Presentation tab are as follows:
The Performance tab contains the attributes for optimizing the performance of the application. The attributes on the Performance tab are as follows:
The Client Device tab contains the attributes that control how the user’s client device interacts with the application. The attributes on the Client Device tab are as follows:
The Third-Party Emulator tab contains the attributes for the third-party TeemTalk for Unix emulator. The attributes on the Third-Party Emulator tab are as follows:
The Assigned User Profiles tab lists the user profile objects that can run the application. See Assigned User Profiles Tab.
The Application Sessions tab lists the running and suspended application sessions for the application. See Application Sessions Tab.
Use an application server object to represent an application server that is used to run applications through SGD.
Application server objects are used with application load balancing. If you assign two or more application server objects to an application object, SGD chooses the application server to use, based on the load across the application servers.
To create an application server object use the Administration Console or the tarantella object new_host command.
In the Administration Console, the configuration settings for application server objects are divided into a series of tabs.
The General tab contains the attributes that control the designation and application authentication for the application server. The attributes on the General tab are as follows:
The Performance tab contains the attributes for optimizing the performance of applications. See Load Balancing Groups.
The Hosted Applications tab lists the applications hosted on the application server. See Hosted Applications Tab.
The Application Sessions tab lists the running and suspended application sessions for the application server. See Application Sessions Tab.
The Passwords tab lists the entries of the password cache for the application server. See Passwords Tab.
Use a character application object to give a VT420, Wyse 60, or SCO Console character application to users.
Character application objects support VT420, Wyse 60, or SCO Console character applications. The Emulation Type attribute determines the type of application.
To create a character application object use the Administration Console or the tarantella object new_charapp command.
In the Administration Console, the configuration settings for character application objects are divided into a series of tabs.
The General tab contains the attributes that control the name and the icon used when creating links for users. The attributes on the General tab are as follows:
The Launch tab contains the attributes that control how the application is started and whether application sessions can be suspended and resumed. The attributes on the Launch tab are as follows:
The Presentation tab contains the attributes that control how the application displays to users. The attributes on the Presentation tab are as follows:
The Performance tab contains the attributes for optimizing the performance of the application. The attributes on the Performance tab are as follows:
The Client Device tab contains the attributes that control how the user’s client device interacts with the application. The attributes on the Client Device tab are as follows:
The Hosting Application Servers tab lists the application servers that are configured to host the application. See Hosting Application Servers Tab.
The Assigned User Profiles tab lists the user profile objects that can run the application. See Assigned User Profiles Tab.
The Application Sessions tab lists the running or suspended application sessions for the application. See Application Sessions Tab.
Use an organization object for things that apply to your organization as a whole.
Organization objects are always at the top of the organizational hierarchy.
Organization objects can contain organizational unit (OU) or user profile objects.
To create an organization object use the Administration Console or the tarantella object new_org command.
In the Administration Console, the configuration settings for organization objects are divided into a series of tabs.
The General tab contains the attributes that control the name of the organization. The attributes on the General tab are as follows:
The Printing tab contains the attributes for users printing from Windows applications that use the Microsoft Remote Desktop Protocol (RDP). The attributes on the Printing tab are as follows:
The Client Device tab contains the attributes that control how the user’s client device interacts with the application. The attributes on the Client Device tab are as follows:
The Security tab contains attributes that define the connections that are allowed between the client device and the SGD server. See Connections.
The Assigned Applications tab lists the applications that are available to users in the organization. See Assigned Applications Tab.
Use an organizational unit (OU) object to distinguish different departments, sites, or teams in your organization.
An OU can be contained in an organization or a domain component object.
To create an OU object use the Administration Console or the tarantella object new_orgunit command.
In the Administration Console, the configuration settings for OU objects are divided into a series of tabs.
The General tab contains the attributes that control the name of the OU. The attributes on the General tab are as follows:
The Printing tab contains the attributes for users printing from Windows applications. The attributes on the Printing tab are as follows:
The Client Device tab contains the attributes that control how the user’s client device interacts with the application. The attributes on the Client Device tab are as follows:
The Security tab contains attributes that define the connections that are allowed between the client device and the SGD server. See Connections.
The Assigned Applications tab lists the applications that are available to users in the organizational unit. See Assigned Applications Tab.
Use an Active Directory container object to replicate your Microsoft Active Directory structure within the SGD organizational hierarchy.
Active Directory container objects are similar to OU objects, but do not include additional SGD-specific attributes or allow you to assign applications. This is why they are called Directory (light) objects.
An Active Directory container object can be contained in an Organization, an OU, or a Domain Component object.
To create an Active Directory container object use the Administration Console or the tarantella object new_container command.
In the Administration Console, the configuration settings for an Active Directory container object are divided into a series of tabs.
The General tab contains the attributes that control the name of the Active Directory container. See Name.
Use a domain component object to replicate a directory structure, usually a Microsoft Active Directory structure, within the SGD organizational hierarchy.
Domain component objects are similar to organization objects, but do not include additional SGD-specific attributes or allow you to assign applications. That is why they are called Directory (light) objects.
Domain component objects can only appear at the top of the organizational hierarchy, or within another domain component object.
Domain component objects can contain OU, domain component, Active Directory container, or user profile objects
To create a domain component object use the Administration Console or the tarantella object new_dc command.
In the Administration Console, the configuration settings for domain component objects are divided into a series of tabs.
The General tab contains the attributes that control the name of the domain component. See Name.
Use a document object to give a document to users.
A document object can refer to any Uniform Resource Locator (URL). This can be any document on the web, including Sun StarOffice documents, or Adobe Acrobat files. A document can also refer to a web application.
It is the user’s client device that actually fetches the URL and so firewall or other security measures might prevent a user from accessing a URL.
To create a document object use the Administration Console or the tarantella object new_doc command.
In the Administration Console, the configuration settings for document objects are divided into a series of tabs.
The General tab contains the attributes that control the name and the icon used when creating links for users. The attributes on the General tab are as follows:
The Launch tab contains the the URL that is displayed when users click the link for the document. See URL.
The Presentation tab contains the attributes that control how the document displays to users. The attributes on the Presentation tab are as follows:
The Assigned User Profiles tab lists the user objects that can access the document. See Assigned User Profiles Tab.
Use a group object to associate groups of applications with a user profile, OU, or organization, or to associate similar application servers for application load balancing.
Group objects are not the same as OUs. Applications and application servers can only belong to one OU, but can be a member of many different groups.
Members of a group can be moved or renamed without affecting group membership.
Group objects can be added to the following tabs for an object.
Assigned Applications tab. Use this tab to assign a group of applications to a user profile, OU or organization object. The group members are shown recursively, but not the group itself. See Assigned Applications Tab.
Hosting Application Servers tab. Use this tab to assign a group of application servers to an application object. The group members are used recursively for application server load balancing. See Hosting Application Servers Tab.
To create a group object use the Administration Console or the tarantella object new_group command.
In the Administration Console, the configuration settings for group objects are divided into a series of tabs.
The General tab contains the attributes that control the name of the group. The attributes on the General tab are as follows:
The Members tab is used to display and edit the members of the group object. See Members Tab.
The Assigned User Profiles tab lists the user profile objects that can run the applications in the group. See Assigned User Profiles Tab.
The Hosted Applications tab lists the applications hosted on the application servers in the group. See Hosted Applications Tab.
Use a user profile object to represent a user in your organization, and give that user access to applications.
Depending on the authentication mechanisms used, users might be able to log in to SGD even if they do not have a user profile object.
To use inheritance, create user profile objects within OUs. This makes administration easier and more efficient, see Inherit Assigned Applications from Parent.
To create a user profile object use the Administration Console or the tarantella object new_person command.
In the Administration Console, the configuration settings for user profile objects are divided into a series of tabs.
The General tab contains user naming attributes for user designation and authentication. The attributes on the General tab are as follows:
The Printing tab contains the attributes for users printing from Windows applications. The attributes on the Printing tab are as follows:
The Performance tab contains the attributes that control the user’s bandwidth limit. See Bandwidth Limit.
The Client Device tab contains the attributes that control how the user’s client device interacts with the application. The attributes on the Client Device tab are as follows:
The Security tab contains attributes that define the connections that are allowed between the client device and the SGD server. See Connections.
The Assigned Applications tab lists the applications that are available to the user. See Assigned Applications Tab.
The Passwords tab lists the entries in the password cache for the user. See Passwords Tab.
The Tokens tab lists the authentication tokens for the user. See Tokens Tab.
The User Sessions tab lists the active user sessions for the user. See User Sessions Tab.
The Application Sessions tab lists the running and suspended application sessions for the user. See Application Sessions Tab.
Use a Windows application object to give a Microsoft Windows graphical application to users.
To create a Windows application object use the Administration Console or the tarantella object new_windowsapp command.
In the Administration Console, the configuration settings for Windows application objects are divided into a series of tabs.
The General tab contains the attributes that control the name and the icon used when creating links for users. The attributes on the General tab are as follows:
The Launch tab contains the attributes that control how the application is started and whether application sessions can be suspended and resumed. The attributes on the Launch tab are as follows:
The Presentation tab contains the attributes that control how the application displays to users. The attributes on the Presentation tab are as follows:
The Performance tab contains the attributes for optimizing the performance of the application. The attributes on the Performance tab are as follows:
The Client Device tab contains the attributes that control how the user’s client device interacts with the application. The attributes on the Client Device tab are as follows:
The Hosting Application Servers tab lists the application servers hosting the application. See Hosting Application Servers Tab.
The Assigned User Profiles tab lists the user profile objects that can run the application. See Assigned User Profiles Tab.
The Application Sessions tab lists the running and suspended application sessions for the application. See Application Sessions Tab.
Use an X application object to give an X11 graphical application to users.
To create an X application object use the Administration Console or the tarantella object new_xapp command.
In the Administration Console, the configuration settings for X application objects are divided into a series of tabs.
The General tab contains the attributes that control the name and the icon used when creating links for users. The attributes on the General tab are as follows:
The Launch tab contains the attributes that control how the application is started and whether application sessions can be suspended and resumed. The attributes on the Launch tab are as follows:
The Presentation tab contains the attributes that control how the application displays to users. The attributes on the Presentation tab are as follows:
The Performance tab contains the attributes for optimizing the performance of the application. The attributes on the Performance tab are as follows:
The Client Device tab contains the attributes that control how the user’s client device interacts with the application. The attributes on the Client Device tab are as follows:
The Hosting Application Servers tab lists the application servers hosting the application. See Hosting Application Servers Tab.
The Assigned User Profiles tab lists the user profile objects that can run the application. See Assigned User Profiles Tab.
The Application Sessions tab lists the running and suspended application sessions for the application. See Application Sessions Tab.
This section describes the available attributes for the SGD objects.
For each attribute, usage information is given for the Administration Console. The corresponding command line is also described, where applicable.
Usage: Type a Domain Name System (DNS) name, or Internet Protocol (IP) address, in the field.
Application server objects have this attribute.
This attribute specifies the network address of the application server.
It is best to use the DNS name.
When you create a new application server object, the Name setting is automatically entered in the Address field.
You can use the Test button to validate that the DNS name or IP address is a valid network address. To enable the Test button, you must first save any changes you make to the General tab.
Usage: Type a text string in the field.
Character application objects have this attribute.
Defines the message to return when an inquiry is sent from the application server to the emulator.
This attribute applies to VT420 and Wyse 60 character applications only.
Usage: Type the full path name of the application in the field.
The following objects have this attribute:
This attribute specifies the application that runs when users click the link for the application on the webtop or in the desktop Start or Launch menu.
The path name must be the same on all application servers that might run the application.
For any command-line arguments, use the Arguments for Command attribute.
With X applications, use the Window Manager attribute to start a window manager for the application.
With Windows applications, you can use a backslash (\) or a forward slash (/) between subdirectories. On the command line you might need to escape backslashes, for example, \\.
With Windows applications, leave the field blank to start a full Microsoft Windows session rather than a particular application.
Command option: --app pathname
Usage: Replace pathname with the full path name of the application. Make sure that you quote any path names containing spaces
The following example specifies a UNIX X application.
--app /usr/local/bin/xfinance
The following example specifies a Windows application.
--app "c:/Program Files/Indigo Insurance/cash.exe"
Usage: Select the Override Global Setting check box, and then select an option. To use the global setting defined in the Global Settings tab, deselect the Override Global Setting box.
The following objects have this attribute:
When the application is started, this setting determines the algorithm SGD uses to choose the application server to run the application. The server is selected from those defined on the application object’s Hosting Application Servers Tab.
The default setting for this attribute is to use the setting defined on the Global Settings -> Performance tab. You can override this by selecting the Override Global Setting check box and selecting an option.
The Administration Console options and their command line equivalents are shown in the following table.
Administration Console | Command Line | Description |
---|---|---|
Override Global Setting (deselected) | default | Use the default algorithm defined on the Global Settings -> Performance tab. |
Most Free Memory | memory | Choose the application server with the most free memory. |
Least CPU Usage | cpu | Choose the application server with the most central processing unit (CPU) idle time. |
Fewest Applications | sessions | Choose the application server that is running the fewest application sessions through SGD. |
Note - To use the Least CPU Usage and Most Free Memory algorithms, you must install the SGD Enhancement Module on the application server. |
The following objects have this attribute:
This attribute determines for how long a user is able to resume an application.
Administration Console | Command Line | Description |
---|---|---|
Never | never | The application can never be resumed.
Use for applications that do not provide a mechanism for the user to exit. For example, a clock application. |
During the User Session | session | The application keeps running and is
resumable until the user logs out of SGD.
If a user does not log out of SGD cleanly, for example, if they close their web browser or terminate the SGD Client without logging out, then applications that are user session resumable keep running for a time. See Application Resumability: Timeout. |
General | always | The application keeps running for a time,
see Application Resumability: Timeout, after the user logs
out of SGD, and can be resumed when they next log in.
Use for applications that need to exit in a controlled way. For example, an email application that might need to remove lock files before it exits. |
An X application configured with a Window Type setting of Local X Server is not resumable, whatever the value of the Application Resumability attribute.
A Windows application configured to run on the client device, see Windows Protocol: Try Running From Client First, is not resumable, whatever the value of the Application Resumability attribute.
Users can see if an application is resumable or not by pointing to its link on the webtop and looking at the popup window that is displayed.
The webtop has controls for suspending and resuming individual application sessions. If you are using the SGD Client in Integrated mode, applications that have a General resumability setting are automatically suspended when you log out. When you log in again, they are automatically resumed.
Command option: --resumable never | session | always
Usage: Specify one of the valid resumability settings.
In the following example, the application is never resumable.
--resumable never
In the following example, the application is resumable until the user logs out of SGD.
--resumable session
Usage: Type the number of minutes you want the application to be resumable for in the field.
The following objects have this attribute:
This attribute ensures that resources on the SGD server are used as efficiently as possible. It is used with the Application Resumability attribute to define when the SGD server ends a suspended application session.
If you leave this setting blank, the default timeout for the Application Resumability attribute is used. You can configure the default timeouts on the Global Settings -> Communication tab of the Administration Console.
Command option: --resumetimeout mins
Usage: Replace mins with the number of minutes you want the application to be resumable for.
The following example configures the application to be resumable for at least 30 minutes. This timeout is appropriate for an application configured to be resumable During the User Session.
--resumetimeout 30
Usage: Use the buttons in the Application Sessions tab to view and manage application sessions.
The following objects have this attribute:
This tab lists the running and suspended application sessions for the selected object. An application session represents an application running on an application server on behalf of a user.
To show more details about an application session, select the check box for the application session in the Application Session List table and click the View Details button.
To end an application session, select the check box for the application session in the Application Session List table and click the End button.
To shadow an application session, select the check box for the application session in the Application Session List table and click the Shadow button. Suspended applications or character applications cannot be shadowed.
Note - In some countries, it is illegal to shadow a user without their knowledge. It is your responsibility to comply with the law. |
The Reload button refreshes the Application Session List table.
You can use the Search options to search the Application Session List table. When searching for a User Identity, User Profile, Secure Global Desktop Server, or Application Server, you can use the “*” wildcard in your search string. Typing a search string of name is equivalent to searching for “*name*” and returns any match of the search string.
To search for a Start Time, use a search string format of yyyy/mm/dd hh:mm:ss.
The number of results returned by a search is limited to 150, by default.
On the command line, use the tarantella emulatorsession commands to list, end, or shadow application sessions. See The tarantella emulatorsession Command.
Command option: tarantella emulatorsession list --person pobj
Usage: Replace pobj with the full name of the user profile object.
The following example lists application sessions for the Indigo Jones user profile object.
tarantella emulatorsession list --person \ "o=Indigo Insurance/ou=IT/cn=Indigo Jones"
Usage: Select or deselect the check box.
Application server objects have this attribute.
This attribute specifies whether applications can run on this application server.
Selecting the check box allows applications to run. The check box is selected by default. An application is started on the application server only if both of the following are true:
The application server object appears on the application object’s Hosting Application Servers Tab.
The application’s load balancing algorithm chooses this application server.
Deselecting the check box means that no new applications can be started on the application server. Making an application server unavailable does not affect applications that are already running. If a user has a suspended application session on the application server and the application is set up to be always resumable, the user can resume their session.
You can use this attribute, for example, to make an application server temporarily unavailable while you carry out maintenance work. If the application server is the only server configured to run a particular application, then the application is not available to users.
Usage: Type the command-line arguments for the application in the field.
The following objects have this attribute:
This attribute specifies the command-line arguments to use when starting the application. The Application Command attribute specifies the application that runs, without arguments.
For X applications, do not include the -display argument. The display is set automatically for each user.
Usage: Type command-line arguments for the Windows Protocol in the field.
Windows application objects have this attribute.
This attribute specifies the command-line arguments to use with the Windows Protocol.
Usage: To assign applications to a user profile, organization, or OU object, click the Add button in the Editable Assignments table.
To delete applications for a user profile, organization, or OU object, use the Delete button in the Editable Assignments table.
The following objects have this attribute:
The Assigned Applications tab lists the applications that are assigned to the selected user profile, organizational unit or organization.
This attribute defines a series of application links available to the user. Each link is stored as a reference to the application object, so the same application object can be assigned to many users. If an object is moved or renamed later, all references to it are automatically updated.
If a group of applications is added to an Assigned Applications tab, the group’s members and not the group are assigned.
User profile objects and organizational unit objects can inherit applications from their parent in the organizational hierarchy. See Inherit Assigned Applications from Parent. To inherit applications assigned to the parent object, select the Inherit Assigned Applications from Parent check box in the Editable Assignments area.
The following sections of the Assigned Applications tab are used to display, select, and assign applications:
The Effective Applications table shows all the application objects that are assigned to the selected object. The Local Assignments section of the table lists applications that are selected from the local repository.
The Assignment Type column shows one of the following:
Direct. The assignment was made using the Editable Assignments table.
Indirect. The assignment is the result of another relationship, such as membership of a group, or inheritance from another object.
Multiple. The assignment has multiple sources, both Direct and Indirect.
If an assignment type is Indirect or Multiple, clicking the See Details link displays information that enables you to trace the origin of the link.
You can use the Editable Assignments table to select applications from the local repository.
Click the Add button in the Editable Assignments table. The Add Application Assignment window is shown.
To select applications in the Add Application Assignment window, do either of the following:
Browse the Navigation Tree. As you browse the tree, the Content Area is updated with applications.
Use the Search Applications field. Use this field to search for applications. Type in the names of applications in the field. Note that you can use the “*” wildcard in your search string. Typing a search string of name is equivalent to searching for “*name*” and returns any match of the search string. Results of the search are displayed in the Search Results table in the Content Area. The number of results returned by a search is limited to 150, by default.
Select the required applications from those listed in the Content Area. When you have finished selecting applications click the Add button.
The selected applications are displayed in the Effective Applications table of the Assigned Applications tab.
To delete applications from the Assigned Applications tab, use the Delete button in the Editable Assignments table.
Command option: --links object
Usage: Replace object with the full name of the object. For example, "o=applications/ou=Finance/cn=XClaim". Make sure that you quote any object names containing spaces.
The following example adds Pers-o-dat and Slide-o-win as links on a webtop.
--links "o=applications/cn=Pers-o-dat" \ "o=applications/cn=Slide-o-win"
Usage: To assign user profiles to an application, click the Add button in the Editable Assignments table. If you are using SGD with a Lightweight Directory Access Protocol (LDAP) directory, you can also use the LDAP Searches area of the Assigned User Profiles tab to search for users in your LDAP directory server.
The following objects have this attribute:
Use this tab to define the user profile objects that can run an application, or group of applications. The application, or group of applications, is in addition to any applications already defined for the user profile in its Assigned Applications tab.
User profile objects can be selected from the local repository. If you are using an LDAP directory, you can also select the following:
The following sections of the Assigned User Profiles tab are used to display, select and assign user profile objects:
Object Manager: Directory Services Integration -> LDAP Groups
Object Manager: Directory Services Integration -> LDAP Search
Object Manager: Directory Services Integration -> LDAP Users
The Effective User Profiles table shows all the user profile objects that are assigned to the application.
The Local Assignments section of the table lists user profiles that are selected from the local repository.
The LDAP Assignments section of the table lists users and groups that are selected from an LDAP directory. This section is only shown if the Local + LDAP setting is selected for the Repository field in the User Profiles tab. You can click the Load LDAP Assignments link to refresh this area of the table.
The Assignment Type column shows one of the following:
Direct. The assignment was made using the Editable Assignments table.
Indirect. The assignment is the result of another relationship, such as an LDAP search, membership of a group, or inheritance from another object.
Multiple. The assignment has multiple sources, both Direct and Indirect.
If an assignment type is Indirect or Multiple, clicking the See Details link displays information that enables you to trace the origin of the link.
You can use the Editable Assignments table to select user profile objects from the local repository, and, if you are using LDAP authentication, users, or groups in an LDAP directory.
Click the Add button in the Editable Assignments table. The Add User Assignment window is shown.
The Add User Assignment window can be used to select the following:
To use the local repository, select the Local option in the Repository list.
To use the local repository and your LDAP directory server, select the Local + LDAP option in the Repository list.
To select user profiles in the Add User Assignment window, do either of the following:
Browse the Navigation Tree. As you browse the tree, the Content Area is updated with user profiles.
Use the Search User Profiles field. Use this field to search the user profiles within the selected repositories. You can type in names of users and groups in your LDAP directory. Note that you can use the “*” wildcard in your search string. Typing a search string of name is equivalent to searching for “*name*” and returns any match of the search string. Results of the search are displayed in the Search Results table in the Content Area. The number of results returned by a search is limited to 150, by default. The Matched Attribute field of the Search Results table indicates the LDAP attribute that the search matched on.
Select the required user profiles from those listed in the Content Area. When you have finished selecting user profiles, click the Add button.
The selected user profiles are displayed in the Effective User Profiles table of the Assigned User Profiles tab.
To delete applications you have added to the Assigned User Profiles tab, use the Delete button in the Editable Assignments table.
The LDAP Searches section is used to define search criteria for locating users in an LDAP directory. You can use this feature to assign an application or group of applications to all users in an LDAP directory that match the search criteria.
The search criteria can be either of the following:
For an RFC2254 search filter, enclose each search criteria in double quotes and brackets.
For an LDAP URL, use the format ldap:///search-criteria. If you include the host, port and return attribute specification in the URL they are ignored. This is because the LDAP directory server configured as part of SGD authentication is used.
The LDAP Search area includes two options:
Simple Search. This option enables an area where you can “build” a simple LDAP search filter using the window controls. In the Filter Components table, select the attributes you want to match and define search criteria for them.
Advanced Search. This option displays a field where you can type in an LDAP URL or search filter.
The Simple Search option is designed for creating LDAP search filters that are based on attributes such as cn and uid. The Advanced Search option enables you to create more complex LDAP search filters.
As you build a simple search, the LDAP filter string is shown in gray text in the Advanced Search area. If you then select the Advanced Search option, the LDAP filter string can be edited. This enables you to start with a simple search and then edit the search string manually to specify an advanced search.
You cannot revert to a simple search after specifying an advanced search that is incompatible with the capabilities of the simple search. You must delete the advanced search and re-enter the simple search.
To specify where in the LDAP directory to start searching from, click the Browse button next to the Search Root field. You can then use the Select Root for LDAP Search window to browse or search for a location in the LDAP directory. Selecting a new Search Root loads a new LDAP URL. The new URL is indicated next to the Browse button and in the Advanced Search box.
Select the Search Filter options to specify the attributes you want to match in your search. You can choose to match all of the attributes (Match All), any of the attributes (Match Any), or none of the attributes (Match None).
Click the Preview button to show the list of user profiles returned by the LDAP search.
To save the LDAP search definition, click the Save button.
Click the Load LDAP Assignments link in the Effective User Profiles tab. The user profiles from the LDAP search are displayed in the LDAP Assignments section of the Effective User Profiles table.
On the command line, make sure that you quote any object names containing spaces.
Command option: --ldapusers user_dn
Usage: Enter one or more distinguished names (DNs) of users in an LDAP directory.
The following example assigns the application or groups of applications to users with the UID “violet” in the Sales department and the UID “emmarald” in the Marketing department.
--ldapusers uid=violet,ou=Sales,dc=indigo-insurance,dc=com uid=emmarald,ou=Marketing,dc=indigo-insurance,dc=com
Command option: --ldapgroups group_dn
Usage: Enter one or more DNs of groups in an LDAP directory.
If your organization uses nested groups (sub-groups), you might need to change the depth of the group search.
The following example assigns the application or groups of applications to users in the managers group in the Sales and Marketing departments.
--ldapgroups cn=managers,ou=Sales,dc=indigo-insurance,dc=com cn=managers,ou=Marketing,dc=indigo-insurance,dc=com
Command option: --ldapsearch search_string
Usage: Enter one or more LDAP search strings.
The following example assigns the application or groups of applications to any manager in the Sales department and anyone who has Violet Carson as their manager.
--ldapsearch "(&(job=manager)(dept=Sales))" \ "(manager=Violet Carson)"
The following example assigns the application or groups of applications to any manager in the Sales department of indigo-insurance.com.
--ldapsearch "ldap:///ou=Sales,dc=indigo-insurance,dc=com??sub?job=manager"
Usage: Type the full path name of the attribute map in the field.
Character application objects have this attribute.
This attribute specifies the attribute map to use for the application. This maps attributes such as bold and underline to colors.
To use the default attribute map, leave the setting blank.
An example attribute map is installed in /opt/tarantella/etc/data/attrmap.txt.
Usage: Select or deselect the check box.
X application objects have this attribute.
This attribute specifies whether the application enables the SGD audio redirection library.
Some X applications are hard-coded to use the /dev/audio or /dev/dsp devices for audio output. Enabling the audio redirection library causes the application to use the device specified by the SGDAUDIODEV environment variable instead.
Usage: Type a valid color resource, such as yellow, in the field.
The following objects have this attribute:
Specifies the background color of the application’s text window.
Color names are resolved to RGB values using the file named in the X Protocol Engine’s RGB Database attribute.
Command option: --3270bg color
Usage: Replace color with a valid color resource, such as yellow.
In the following example, the background color of the 3270 application text window is set to the color plum4.
--3270bg plum4
In the following example, the background color of the 5250 application text window is set to the color plum4.
--bg plum4
Usage: Select the maximum bandwidth from the list.
User profile objects have this attribute.
This attribute specifies the maximum bandwidth a user can use between the client device and the SGD server for X and Windows applications.
Select None to specify no limit. The user can then use as much of the available bandwidth as possible. This gives the best application usability for the speed of the network connection.
You do not need to change this unless you have particular bandwidth restrictions. For normal use, use None.
The table below shows the bandwidth settings in the Administration Console and the equivalent values to use on the command line:
Administration Console | Command Line |
---|---|
2400 bps | 2400 |
4800 bps | 4800 |
9600 bps | 9600 |
14.4 Kbps | 14400 |
19.2 Kbps | 19200 |
28.8 Kbps | 28800 |
33.6 Kbps | 33600 |
38.8 Kbps | 38800 |
57.6 Kbps | 57600 |
64 Kbps | 64000 |
128 Kbps | 128000 |
256 Kbps | 256000 |
512 Kbps | 512000 |
768 Kbps | 768000 |
1 Mbps | 1000000 |
1.5 Mbps | 1500000 |
10 Mbps | 10000000 |
None | 0 |
Command option: --bandwidth bandwidth
Usage: Replace bandwidth with the maximum bandwidth, in bits per second.
The following example limits the user to a maximum bandwidth of 512 kilobits per second.
--bandwidth 512000
The following example enables the user to use as much of the available bandwidth as possible.
--bandwidth 0
Character application objects have this attribute.
This attribute determines whether the terminal window has a raised, indented, or “flat” (normal) appearance.
Usage: Use the Client Drive Mapping table to create client drive mapping (CDM) specifications. Use the Add, Edit and Delete buttons to create, edit and remove CDM specifications. Order the specifications using the Move Up and Move Down buttons. Any CDM specifications you create are listed in the Mappings Defined Directly section of the Client Drive Mapping table.
The following objects have this attribute:
This attribute defines the drives on their Microsoft Windows client device that a user can access from applications running on Microsoft Windows, UNIX, and Linux application servers, and the drive letters to use on the application server for those drives.
The Client Drive Mapping attribute is an ordered list of drive mapping specifications. Each specification includes the following:
Note - The first matching entry in the list is used, so make sure that the most specific settings, for example A or B, appear before more general settings, for example All Drives. |
The following tables show the available options for each part of a drive mapping specification, and the corresponding value to use on the command line.
The following Client Drive options are available.
Administration Console | Command Line |
---|---|
All Drives | alldrives |
Fixed Drives | fixeddrives |
R/W Removable | rw |
R/O Removable | ro |
Network Drives | networkdrives |
A:, B: ... Z: | a, b ... z |
The following Access Rights options are available.
Administration Console | Command Line |
---|---|
Read Only | ro |
Read/Write | rw |
None | none |
The following Drive Letter options are available.
Administration Console | Command Line |
---|---|
Same as Client | same |
A:, B: ... Z: | a, b ... z |
Command option: --cdm drive_spec
Usage: Replace drive_spec with a drive mapping specification of the form clientdrive:access:driveletter. For example, a:rw:z. Separate each drive_spec with the pipe character, (|).
For a user profile object, the following example means the user is given read-write access to drive A on their client device using drive Z on the application server, and also has read-write access to all network drives defined on their client device using the same drive letter used on the client.
--cdm 'a:rw:z|networkdrives:rw:same'
The user might have access to other drives, for example a fixed drive C, depending on the Client Drive Mapping attributes for the user profile object’s ancestors in the organizational hierarchy.
The following objects have this attribute:
Controls the client printers that users can print to when printing from Windows applications that use the Microsoft RDP Windows Protocol.
This attribute can only be edited using the Administration Console if Client Printing: Override is enabled for the object.
The setting for this attribute overrides either of the following:
The setting for a parent object in the organizational hierarchy
The default setting configured on the Global Settings -> Printing tab of the Administration Console, if no parent object configuration exists
Changes to this attribute only take effect for new user sessions.
If you select No Printer, you can still use an SGD Portable Document Format (PDF) printer.
The Administration Console options and their command line equivalents are shown in the following table.
Administration Console | Command Line | Description |
---|---|---|
All Printers | 2 | Let users print to all client printers |
Default Printer | 1 | Let users print to client’s default printer |
No Printer | 0 | No client printers are available |
If users can only print to their default printer and they want to print to a different printer, they have to log out of SGD, change the default printer and then log in again.
Usage: For user profile objects or organizational unit objects, select the Override Parent’s Settings check box. To use the setting defined for the parent object, deselect the Override Parent’s Settings check box.
For organization objects, select the Override Global Settings check box. To use the default setting defined in the Global Settings -> Client Device tab, deselect the Override Global Settings check box.
The following objects have this attribute:
Enables user-specific printing configuration. This configuration is used when printing from Windows applications that use the Microsoft RDP Windows Protocol.
If user-specific printing is enabled, the printing settings for this object override the following:
The printing settings for a parent object in the organizational hierarchy.
The default printing settings configured on the Global Settings -> Printing tab of the Administration Console, if no parent object printing configuration exists.
Changes to this attribute only take effect for new user sessions.
Object Manager: Printing -> User-Specific Printing Configuration
Usage: For user profile objects or organizational unit objects, select the Override Parent’s Setting check box and then select or deselect the Enabled option. To use the setting defined for the parent object, deselect the Override Parent’s Setting check box.
For organization objects, select the Override Global Setting check box and then select or deselect the Enabled option. To use the default setting defined in the Global Settings tab, deselect the Override Global Setting check box.
The following objects have this attribute:
This attribute controls whether or not users can create and edit profiles for use with the SGD Client.
Note - Profile editing must also be enabled on the Global Settings -> Client Device tab of the Administration Console. |
The Administration Console options and their command line equivalents are shown in the following table.
Administration Console | Command Line | Description |
---|---|---|
Override Parent’s Setting (deselected) | 2 | User profile objects or organizational unit objects. Use the setting inherited from the parent object. |
Override Global Setting (deselected) | 2 | Organization objects. Use the global setting. |
Enabled (selected) | 1 | Enable client profile editing. |
Enabled (deselected) | 0 | Disable client profile editing. |
For user profile objects or organizational unit objects, deselect the Override Parent’s Setting check box to inherit the setting of a parent object in the organizational hierarchy. This is used to enable or disable profile editing for many users without having to edit each user profile object.
For organization objects, deselect the Overrride Global Setting check box to use the default setting configured on the Global Settings -> Client Device tab of the Administration Console.
SGD checks the user profile object for the user and then any parent object further up the organizational hierarchy to see whether profile editing is enabled or disabled. If all the objects selected are configured to use the parent’s setting, then the default setting is used.
If profile editing is disabled for a user profile object in the System Objects organization, for example o=Tarantella System Objects/cn=UNIX User Profile, this affects all users who are assigned that profile.
Character application objects have this attribute.
This attribute specifies the code page you want to use for the emulator. Different code pages are available for different types of character application.
Application Type | Code Pages Available |
---|---|
SCO Console | |
VT420 | |
Wyse 60 |
Command option: --codepage 437 | 850 | 852 | 860 | 863 | 865 | 8859-1 | 8859-2 | Multinational | Mazovia | CP852
Usage: Specify a valid setting for the type of character application.
The following example uses the ISO 8859-1 code page, appropriate for a VT420 application.
--codepage 8859-1
Usage: Select a setting from the list.
The following objects have this attribute:
The color depth for the application. As the number of colors increases, more memory is required on the SGD server and on the client device, and more network bandwidth is used between them.
Object Manager: General -> Color Depth
The 16/8-bit, 24/8-bit, 8/16-bit, and 8/24-bit settings are only available to X applications.
The 16/8-bit, 24/8-bit, 8/16-bit, and 8/24-bit settings enable you to support X applications with multiple color depths. For example, if you need to run an 8-bit application in a 16-bit or 24-bit high color X application session, such as a Common Desktop Environment (CDE) desktop, use either the 16/8-bit or the 24/8-bit setting.
Changing these settings can affect system performance as follows:
Increases the amount of memory used on the SGD server compared to an application using a single color depth.
The amount of extra memory used for each setting is as follows:
To reduce network bandwidth at greater color depths for X applications, change the Color Quality setting.
For Windows applications, only applications running on a Microsoft Windows 2003 Server can be displayed using 16-bit or 24-bit color. By default, a Microsoft Windows 2003 Server displays applications using 16-bit color. If the color depth setting of a Windows application object is different from that of the application server, SGD automatically adjusts the color depth to match the server setting.
Usage: Type the full path name of the color map in the field.
Character application objects have this attribute.
This attribute specifies the color map to use for the application. A color map maps logical colors such as Color_1, Color_2 and so on, to displayed colors.
To use the default color map, /opt/tarantella/etc/data/colormap.txt, leave the setting blank.
Usage: Select a setting from the list.
X application objects have this attribute.
The effective color depth displayed on client devices. Reducing color quality reduces bandwidth usage, but also reduces the number of colors that can be displayed.
Note - If the Color Depth is set to 8‐bit, this attribute is not available. If the Color Depth is set to 16-bit, only the 16-bit, 15-bit, 12-bit, 9-bit, and 6-bit settings are available. |
The default setting Best at Applications Start fixes the color depth at the most appropriate setting according to network conditions at the time the user starts the application. The color depth does not change while the session is running.
Specify Adjust Dynamically to enable the quality level to change at any time during the session, depending on network conditions. This setting works within the following ranges:
The following table shows the effect on color quality of using a numeric quality setting.
Color Quality Setting | Approximate Color Quality for 16-bit Applications | Approximate Color Quality for 24-bit Applications |
---|---|---|
24 | - | 100% |
21 | - | 88% |
18 | - | 75% |
16 | 100% | 67% |
15 | 94% | 63% |
12 | 75% | 50% |
9 | 56% | 38% |
6 | 38% | 25% |
The physical color quality of the client device is not forced to match that of the X session. If a 24-bit color session is being displayed on an 8-bit client device, the client dithers the image locally so that the session can be displayed reasonably.
Command option: --quality automatic|best|24|21|18|16|15|12|9|6
Usage: Specify a valid setting.
The following example sets the color quality to 12-bit color. If the Color Depth is set to 24-bit, this reduces color quality to approximately 50% on client devices.
--quality 12
The following objects have this attribute:
This attribute determines whether the Adaptive Internet Protocol (AIP) compresses commands for transmission.
Select Adjust Dynamically to allow compression to be turned on or off at any stage, according to the network conditions.
With some applications, compression incurs a greater overhead than transmitting commands uncompressed. Turn off compression for these applications.
Object Manager: Adaptive Internet Protocol -> Command Compression
The following objects have this attribute:
This attribute determines whether the AIP protocol always executes commands in order, or optimizes commands for performance reasons.
Select Adjust Dynamically to allow the network conditions to determine the setting.
For some applications, for example those that use animation, the order that commands are executed is critical.
Object Manager: Adaptive Internet Protocol -> Command Execution
Usage: Type a description of the object in the field.
The following objects have this attribute:
This attribute describes the object. Use this as an optional comment field for administrator notes
Command option: --description text
Usage: Replace text with a description of the object. Ensure that you quote any descriptions containing spaces.
The following example describes the object. You might use this description with a document object, for example.
--description "The intranet for Indigo Insurance"
Usage: Select a telnet close option.
The following objects have this attribute:
Specifies the course of action to be taken by the TeemTalk for Unix emulator when the telnet connection to the application server is closed.
The Administration Console options and their command line equivalents are shown in the following table.
Administration Console | Command Line | Description |
---|---|---|
Prompt User for Action | 0 | Prompt the user to choose to either reconnect, close the connection or exit the emulator. |
Reconnect | 2 | Attempt to reconnect to the 3270 application server. |
Close Connection | 3 | Close the connection. |
Exit Emulator | 1 | Exit the TeemTalk for Unix emulator. The SGD application session is terminated. |
Command option: --3270tn 0|1|2|3
Usage: Specify one of the valid telnet close options.
The following example exits the emulator when the telnet connection to the 3270 application server is closed.
--3270tn 1
The following example exits the emulator when the telnet connection to the 5250 application server is closed.
--tn 1
Usage: Select a connection method option.
The following objects have this attribute:
This attribute specifies the mechanism used by the SGD server to access the application server and start the application.
The default connection method is telnet.
For character applications, only the connection methods telnet and ssh are allowed.
Usage: Create as many connection type specifications as you need, using the Connection Definitions table. Use the Add, Edit, and Delete buttons to create, modify, and delete connections. Order the connections using the Move Up and Move Down buttons.
The following objects have this attribute:
This attribute defines, for ranges of DNS names or IP addresses, the connections that are allowed between the client device and the SGD server.
Once a user is logged in to an SGD server, the DNS names and IP addresses of the client device and the SGD server are used to determine the type of connection. First, the Connections attribute for the user profile object is selected. If no matching entry exists, the parent organizational unit’s Connections attribute is selected, and so on up the organizational hierarchy to the organization object.
If no matching entry for the organization object is found, the user is given the best available connection.
Processing of connection types is turned off by default, enabling users to log in more quickly. You can turn on processing of connection types on the Security tab in the Global Settings -> Security tab of the Administration Console.
The Connections attribute is an ordered list of connection type specifications. Each specification names the following:
The DNS name or IP address of a client device. Use the wildcards ? and * to match more than one client device.
The DNS name or IP address of an SGD server. Use the wildcards ? and * to match more than one SGD server.
In all cases, DNS names or IP addresses are considered from the perspective of the SGD server. They are peer DNS names and IP addresses. If your network is configured to use different names on each side of a firewall, you must use the names on the side of the SGD servers for this attribute.
The following connection types are available.
Note - If security services have been enabled on the SGD server, all connections are secure until the user logs in. Once the user is known, the connection can be downgraded. |
Command option: --conntype type_spec
Usage: Replace type_spec with a connection type specification of the form: client:server:type. For example, 192.168.5.*:*:STD.
Separate each type_spec with the “pipe” character, “|”.
The following example, for a user profile object, means the user is given a secure connection to all SGD servers if the client device has an IP address that starts 192.168.5, and a standard connection for all other client devices.
--conntype '192.168.5.*:*:SSL|*:*:STD'
For an organizational unit or an organization object, these connection type specifications are used only if no match is found for the client device and SGD server in the user profile object’s attribute.
Usage: Select the ssh Connection Method option and type the ssh command-line arguments in the field.
The following objects have this attribute:
The attribute enables you to specify the command-line arguments for the ssh client when the Connection Method for an application is ssh.
See Securing Connections to Application Servers with SSH for information on installing and using ssh with SGD.
Usage: For user profile objects or organizational unit objects, select the Override Parent’s Setting check box and then select or deselect the Enabled option. To use the setting defined for the parent object, deselect the Override Parent’s Setting check box.
For organization objects, select the Override Global Setting check box and then select or deselect the Enabled option. To use the default setting defined in the Global Settings -> Client Device tab, deselect the Override Global Setting check box.
The following objects have this attribute:
This attribute controls whether users can use copy and paste in Windows or X application sessions.
For user profile objects or organizational unit objects, deselect the Override Parent’s Setting check box to inherit the setting of a parent object in the organizational hierarchy. This is used to enable or disable copy and paste for many users without having to edit each user profile object.
For organization objects, deselect the Overrride Global Setting check box to use the default setting configured on the Global Settings -> Client Device tab of the Administration Console.
When a user starts an application, SGD checks the user profile object for the user and then any parent object further up the organizational hierarchy to see whether copy and paste is enabled or disabled. If all the objects selected are configured to use the parent’s setting, then the default setting is used.
By default, copy and paste is enabled.
The Administration Console options and their command line equivalents are shown in the following table.
Administration Console | Command Line | Description |
---|---|---|
Override Parent’s Setting (deselected) | 2 | User profile objects or organizational unit objects. Use the setting inherited from the parent object. |
Override Global Setting (deselected) | 2 | Organization objects. Use the global setting. |
Enabled (selected) | 1 | Enable copy and paste. |
Enabled (deselected) | 0 | Disable copy and paste. |
Changes to this attribute only take effect for new application sessions.
Usage: Select the Enabled check box and type a number in the field.
The following objects have this attribute:
This attribute is used to control user copy and paste operations in Windows or X application sessions.
Use this attribute to specify a security level. The security level can be any positive integer. The higher the number, the higher the security level.
You can only copy and paste data to an application if it has the same security level or higher as the source application. The source application is the application the data was copied from.
SGD Clients also have a security level. You can only copy and paste data to applications running on the client device if the client has the same security level or higher as the source application. See Client’s Clipboard Security Level.
The default security level is 3.
Changes to this attribute only take effect for new application sessions.
Command option: --clipboardlevel level
Usage: Replace level with the security level. Specify -1 to disable copy and paste operations for the application object.
The following example sets the security level for an application to 5. You can only copy and paste data to this application if the source application or SGD Client has a security level of 5 or less.
--clipboardlevel 5
Usage: Select a cursor style option.
Character application objects have this attribute.
Usage: Select or deselect the check box.
Character application objects have this attribute.
This attribute specifies the behavior of the cursor keys. It determines whether they always generate cursor movement codes, or whether the application changes the codes generated by the cursor keys.
This attribute applies to VT420 character applications only.
Usage: Select or deselect the check box.
The following objects have this attribute:
This attribute specifies whether delayed updates of the display are enabled. This accumulates changes and can improve performance.
If your application’s display must always be exact, deselect the check box. To improve performance, turn off delayed updates for animation.
Object Manager: Adaptive Internet Protocol -> Allow Delayed Updates
The following objects have this attribute:
Specifies how many levels of “soft buttons” are displayed.
Command option: --3270bl 0|1|2|3|4
Command option: --bl 0|1|2|3|4
Usage: Specify a level between 0 and 4.
The following example sets the number of levels of “soft buttons” for a 3270 application to 2.
--3270bl 2
The following example sets the number of levels of “soft buttons” for a 5250 application to 2.
--bl 2
Usage: Type the domain to use for application server authentication in the field.
The following objects have this attribute:
This attribute specifies the domain to use for the application server authentication process.
Usage: Type the user’s email address in the field.
User profile objects have this attribute.
This attribute specifies a user’s email address, in the form: name@domain
When authenticating users, SGD might use this attribute for identifying the user.
Usage: Select an emulation type option.
Character application objects have this attribute.
This attribute identifies the type of emulation required for the application: SCO Console, VT420, or Wyse 60. Set the correct Terminal Type for the selected Emulation Type.
Not all character application attributes apply to all emulation types. In the Administration Console, selecting an emulation type option enables and disables other attributes for the object.
Usage: Type the environment variables in the field, one on each line. Press Return to add new entries.
The following objects have this attribute:
This attribute specifies any environment variable settings needed to run the application. For example, you might need to set LD_LIBRARY_PATH to access shared libraries.
Quote any environment variable setting with a value containing spaces.
Do not set the DISPLAY variable. SGD sets the display automatically for each user.
Character application objects have this attribute.
This attribute specifies how escape sequences are sent from the emulator to the application server. Escape sequences can be sent as 7-bit or 8-bit control codes.
This attribute applies to VT420 character applications only.
Usage: Select a setting from the list.
The following objects have this attribute:
This attribute specifies the keycode mapping required by the application to support the euro character. Most euro-compliant applications currently use iso8859-15. If in doubt, check your X application’s documentation to see which method to use.
To use the euro character with SGD, the client device must be capable of entering the character.
To display the euro character, you must configure your application to use an iso8859‐15 font. Add one of the following to the Arguments for Command attribute:
-fn 5x7euro -fn 6x10euro -fn 6x13euro -fn 6x13boldeuro -fn 7x13euro -fn 7x13boldeuro -fn 7x14euro -fn 7x14boldeuro -fn 8x13euro -fn 8x13boldeuro -fn 8x16euro -fn 9x15euro -fn 9x15boldeuro -fn 10x20euro -fn 12x24euro
This ensures that the application uses the iso8859-15 fonts supplied with SGD. You can use your own fonts if you wish. However, to display the euro character they must be iso8859-15 compliant.
The application server must also support the euro character.
Usage: Select or deselect the check box.
The following objects have this attribute:
Specifies whether or not the File and Settings menu items are enabled. When disabled, only the window resize buttons are displayed in the menu bar.
Usage: Select a font family from the list.
Character application objects have this attribute.
This attribute determines the font family used within the terminal window for the application.
Only Courier, Helvetica, or Times Roman can be used. It is not possible to use any other font family.
Usage: Type a font size, in points, in the field.
Character application objects have this attribute.
Usage: Select or deselect the Fixed Font Size check box.
Character application objects have this attribute.
If this attribute is not selected, the emulator chooses a font size that fits the defined number of Window Size: Columns and Window Size: Lines into the Window Size: Width and Window Size: Height defined for the application. The application’s Font Size setting is used as a minimum value.
If this attribute is selected, the Font Size defined is used, and scroll bars appear if necessary.
Note - If this attribute is selected, the Window Size: Client’s Maximum Size attribute is ignored. |
Command option: --fixedfont true|false
The following example uses the font size specified by Font Size for the terminal window.
--fixedfont true
Usage: Type a valid color resource, such as yellow, in the field.
The following objects have this attribute:
Specifies the color of the text in the application’s text window.
Color names are resolved to RGB values using the file named in the X Protocol Engine’s RGB Database attribute.
Command option: --3270fg color
Usage: Replace color with a valid color resource, such as yellow.
In the following example, the text in the 3270 application’s text window is set to the color plum4.
--3270fg plum4
In the following example, the text in the 5250 application’s text window is set to the color plum4.
--fg plum4
Usage: Select or deselect the check box.
The following objects have this attribute:
This attribute specifies whether acceleration is enabled. Acceleration optimizes how graphics are rendered and improves performance at the expense of smoothness and exactness. For example, colors might not always be exact.
If your application’s display must always be exact, deselect the check box.
Object Manager: Adaptive Internet Protocol -> Use Graphics Acceleration
Usage: Type the hints in the field. Separate each hint with a semi-colon.
The following objects have this attribute:
This attribute enables you to define one or more strings that can be used to control the publishing and display of objects on the webtop.
You can use any number of strings and the strings can be anything. Separate each hint with a semi-colon. Use a name=value naming convention for webtop hints.
This attribute is blank by default.
This attribute is for developers who are using the SGD web services to develop custom webtops.
Usage: To assign applications to an application server object, click the Add button in the Editable Assignments table.
To delete applications for an application server object, use the Delete button in the Editable Assignments table.
Application server objects have this attribute.
The Hosted Applications tab lists the applications that are hosted by the application server.
The following sections of the Hosted Applications tab are used to display, select and assign applications:
The Effective Applications table shows all the application objects that are assigned to the selected object. The Local Assignments section of the table lists applications that are selected from the local repository.
The Assignment Type column shows one of the following:
Direct. The assignment was made using the Editable Assignments table.
Indirect. The assignment is the result of another relationship, such as membership of a group, or inheritance from another object.
Multiple. The assignment has multiple sources, both Direct and Indirect.
If an assignment type is Indirect or Multiple, clicking the See Details link displays information that enables you to trace the origin of the link.
You can use the Editable Assignments table to select applications from the local repository.
Click the Add button in the Editable Assignments table. The Add Application Assignment window is shown.
To select applications in the Add Application Assignment window, do either of the following:
Browse the Navigation Tree. As you browse the tree, the Content Area is updated with applications.
Use the Search Applications field. Use this field to search for applications. Type in the names of applications in the field. Note that you can use the “*” wildcard in your search string. Typing a search string of name is equivalent to searching for “*name*” and returns any match of the search string. Results of the search are displayed in the Search Results table in the Content Area. The number of results returned by a search is limited to 150, by default.
Select the required applications from those listed in the Content Area. When you have finished selecting applications click the Add button.
The selected applications are displayed in the Effective Applications table of the Hosted Applications tab.
To delete applications from the Hosted Applications tab, use the Delete button in the Editable Assignments table.
Usage: To assign application servers to a character, Windows, or X application object, click the Add button in the Editable Assignments table. To delete application servers for a character, Windows, or X application object, use the Delete button in the Editable Assignments table.
The following objects have this attribute:
This attribute defines the application servers that can run the application. The SGD server uses application server load balancing to determine the application server to use. Each application server is stored as a reference to the object, so a particular object can appear on many Hosting Application Server tabs. If an object is moved or renamed later, all references to it are automatically updated.
If a group is added to a Hosting Application Servers tab, the group’s members and not the group are used for application server load balancing.
If you do not specify any application servers to run the application, the application can run on any SGD server in the array that supports that type of application.
The following sections of the Hosting Application Servers tab are used to display, select and assign applications:
The Effective Application Servers table shows all the application server objects that are assigned to the selected object. The Local Assignments section of the table lists applications that are selected from the local repository.
The Assignment Type column shows one of the following:
Direct. The assignment was made using the Editable Assignments table.
Indirect. The assignment is the result of another relationship, such as membership of a group, or inheritance from another object.
Multiple. The assignment has multiple sources, both Direct and Indirect.
If an assignment type is Indirect or Multiple, clicking the See Details link displays information that enables you to trace the origin of the link.
You can use the Editable Assignments table to select application servers from the local repository.
Click the Add button in the Editable Assignments table. The Add Application Server Assignment window is shown.
To select application servers in the Add Application Server Assignment window, do either of the following:
Browse the Navigation Tree. As you browse the tree, the Content Area is updated with application servers.
Use the Search Application Servers field. Use this field to search for application servers. Type in the names of application servers in the field. Note that you can use the “*” wildcard in your search string. Typing a search string of name is equivalent to searching for “*name*” and returns any match of the search string. Results of the search are displayed in the Search Results table in the Content Area. The number of results returned by a search is limited to 150, by default.
Select the required application servers from those listed in the Content Area. When you have finished selecting application servers click the Add button.
The selected application servers are displayed in the Effective Application Servers table of the Hosting Application Servers tab.
To delete application servers from the Hosting Application Servers tab, use the Delete button in the Editable Assignments table.
Command option: --appserv object
Usage: Replace object with the full name of an object, for example, "o=appservers/ou=IT/cn=london". Make sure that you quote any object names containing spaces.
The following example adds geneva and prague as application servers for an application.
--appserv "o=appservers/ou=IT/cn=geneva" \ "o=appservers/cn=prague"
Usage: Click the Edit button and select an icon option from the Select Application Icon list. Click OK to save the setting.
The following objects have this attribute:
This attribute specifies the icon that users see on their webtop, or their desktop Start menu or Launch menu.
Usage: Select or deselect the check box and click the Save button.
The following objects have this attribute:
This attribute determines whether the assigned applications for the object also includes the assigned applications for the object’s parent in the organizational hierarchy.
Depending on this attribute’s setting in the parent object, the aggregation of assigned applications can continue up the hierarchy to the organization object.
The following objects have this attribute:
This attribute determines whether images are transmitted and displayed in a series of interlaced passes or in one pass from top to bottom.
Select Adjust Dynamically to allow interlacing to be turned on or off at any stage, according to the network conditions.
Use interlacing for graphics-intensive applications, particularly over low-bandwidth connections.
Object Manager: Adaptive Internet Protocol -> Interlaced Images
Usage: Select or deselect the check box.
The following objects have this attribute:
This attribute specifies whether to keep open the connection used to start the application, or to close the connection.
Usually, you deselect the check box.
Select the check box if users experience either of these symptoms:
The application has problems shutting down. In this case, also set the Session Termination attribute to Login Script Exit
Usage: Select or deselect the check box.
Character application objects have this attribute.
This attribute determines whether the application can change the codes generated by keys on the keyboard.
This attribute applies to Wyse 60 character applications only.
Usage: For user profile objects, select an option. For the Custom Value option, type the path name of a keyboard map file in the field. For character applications, type the path name of a keyboard map file in the field.
The following objects have this attribute:
This attribute specifies the path name of a keyboard map file. You can use a full path name or a relative path name. Relative path names are relative to the /opt/tarantella/etc/data/keymaps directory.
Object Manager: General -> Keyboard Map
The keyboard map file specified is used for all graphical applications started by this user.
To use a keyboard map based on the locale of the client device, select Client’s Input Locale. The actual keymap used is determined using the /opt/tarantella/etc/data/keymaps/xlocales.txt file.
Note - You can use the * or ? wildcards in the xlocales.txt file to support a range of input locales. See the xlocales.txt file for details. |
To use the X Protocol Engine settings defined for an SGD server to determine the keyboard map, select the X Protocol Engine Value option.
Alternatively, to always use a particular keyboard map for this user, type a file name.
The specified keyboard map file is used for this application.
Leave blank to use the default keyboard map for the application type. These are built-in to the emulators, but are equivalent to the keyboard maps in the files ansikey.txt, vt420key.txt and w60key.txt. These files are in the /opt/tarantella/etc/data/keymaps directory.
Command option: --keymap keymap
Usage: For user profile objects, use either default or client-locale or replace keymap with the path name of a keyboard map file. For character applications, replace keymap with the path name of a keyboard map file.
The following example uses the named keymap, which is stored in /opt/tarantella/etc/data/keymaps.
--keymap mykeymap.txt
Usage: Select or deselect the check box.
The following objects have this attribute:
This attribute specifies whether an application is prevented from changing the default keyboard mappings. Select the check box to ensure that the keyboard mappings cannot be changed.
Usage: Select a keyboard type option.
The following objects have this attribute:
Specifies the layout to use for mapping the keyboard to the terminal being emulated.
Command option: --3270kt pc|sun4|sun5|hp
Command option: --kt pc|sun4|sun5|hp
Usage: Specify one of the valid keyboard types.
In the following example, the keyboard type for a 3270 application is set to pc.
--3270kt pc
In the following example, the keyboard type for a 5250 application is set to pc.
--kt pc
Usage: Select or deselect the check box.
Character application objects have this attribute.
This attribute determines the behavior when a user types characters extending beyond the right edge of the terminal window.
Select the check box to wrap the characters onto the next line.
Deselect the check box to not display the characters. The characters are placed in the keyboard buffer.
Usage: Type one or more load balancing groups for the application server in the field. Press the Return key after each load balancing group.
Application server objects have this attribute.
This attribute specifies the load balancing group used for application load balancing.
You can use any string, for example “Scandinavia” or “US-East”. Application load balancing tries to choose an application server and SGD server with the same location, to minimize the “network distance” between them and maximize performance. The connection between the user’s client device and the SGD server uses the AIP protocol, which adapts to the network conditions.
Leave this attribute blank unless you use an array spanning a wide area network (WAN), or one that includes slow links, and you use the intelligent array routing load balancing groups feature. More than one string is allowed, but this slows application startup.
If used, set this attribute on all appropriate application server objects, and for all SGD servers in the array. Use the Server Settings -> General tab of the Administration Console.
Usage: Select or deselect the check box.
User profile objects have this attribute.
This attribute specifies whether someone can log in using this user profile object.
Deselect the check box to deny a user access to SGD.
This attribute is always selected for profile objects in the System Objects organization. Users can always log in using the profile object, as long as the appropriate authentication mechanism is available. The authentication mechanism is configured on the Global Settings -> Secure Global Desktop Authentication tab of the Administration Console.
To deny access to all users who use a particular authentication mechanism, deselect the appropriate authentication repository using the Authentication Wizard on the Global Settings -> Secure Global Desktop Authentication tab of the Administration Console.
To stop all users from logging in to a particular SGD server, deselect User Login for the server on the Server Settings -> General tab of the Administration Console.
Object Manager: General -> May Log In to Secure Global Desktop
Usage: Select or deselect the check box.
User profile objects have this attribute.
This attribute specifies whether the user profile is used by a single user, or can be shared by multiple users in the form of a “guest” account.
The following table shows the similarities and differences between user profile objects with the attribute deselected and with the attribute selected.
Account is Not Shared | Account is Shared |
---|---|
Must be used by one user. | Can be used by more than one user. |
Each user has their own application sessions. | Each user has their own application sessions. |
Application sessions can continue between user sessions. | Application sessions end when a user logs out. |
One set of password cache entries. | One set of password cache entries, which is shared between all users. |
The user can save entries in the password cache. | Users cannot save entries in the password cache. |
If the user is already logged in, logging in again from a different client device relocates the user session. The old user session ends. | Logging in again creates a new user session. No existing user sessions are affected. |
Usage: Type the user’s login name in the field.
User profile objects have this attribute.
This attribute specifies the login name of a user. This is typically their UNIX user name.
An authentication repository might use this attribute for identifying and authenticating users.
Usage: Type the login script file name in the field.
The following objects have this attribute:
This attribute specifies the login script that runs to start this application. Only change this attribute if you are having problems starting an application.
To configure SGD to choose a login script automatically, leave the setting blank.
You can use a full path name or a relative path name. Relative path names are considered relative to the value of the Execution Protocol Engine’s Login Script Directory attribute.
The current working directory of the login script is the directory containing the script. If the script sources another script using a relative path name, it is considered relative to this directory.
Usage: Select or deselect the check box.
The following objects have this attribute:
Sets the SGD Universal PDF printer as the client’s default printer when printing from Windows applications that use the Microsoft RDP Windows Protocol.
This attribute is only available if the Universal PDF Printer is enabled.
This attribute can only be edited using the Administration Console if Client Printing: Override is enabled for the object.
By default, the Universal PDF printer is not the default printer. The setting is false on the command line.
The setting for this attribute overrides either of the following:
The setting for a parent object in the organizational hierarchy
The default setting configured on Global Settings -> Printing tab of the Administration Console, if no parent object configuration exists
Changes to this attribute only take effect for new user sessions.
Object Manager: Printing -> Make PDF Printer the Default for Windows 2000/3
Usage: Select or deselect the check box.
The following objects have this attribute:
Sets the SGD Universal PDF Viewer printer as the client’s default printer when printing from Windows applications that use the Microsoft RDP Windows Protocol.
By default, the Universal PDF Viewer printer is not the default printer. The setting is false on the command line.
This attribute is only available if the Universal PDF Viewer is enabled.
This attribute can only be edited using the Administration Console if Client Printing: Override is enabled for the object.
The setting for this attribute overrides either of the following:
The setting for a parent object in the organizational hierarchy
The default setting configured on the Global Settings -> Printing tab of the Administration Console, if no parent object configuration exists
Changes to this attribute only take effect for new user sessions.
Object Manager: Printing -> Make PDF File Printer the Default for Windows 2000/3
Usage: To add group members to a group object, click the Add button in the Editable Assignments table.
To delete group members from a group object, use the Delete button in the Editable Assignments table.
Group objects have this attribute:
The Members tab shows the members of the selected group object. You can only create groups of applications or groups of application servers.
A group can have many members, including other groups. Each member is stored as a reference to the object, so a particular object can be a member of many groups. If an object is moved or renamed later, all references to it are automatically updated.
The following sections of the Members tab are used to display, select, and assign group members:
The Effective Members table shows all the objects that are assigned to the selected group object.
The Assignment Type column shows one of the following:
Direct. The assignment was made using the Editable Assignments table.
Indirect. The assignment is the result of another relationship, such as membership of a group, or inheritance from another object.
Multiple. The assignment has multiple sources, both Direct and Indirect.
If an assignment type is Indirect or Multiple, clicking the See Details link displays information that enables you to trace the origin of the link.
You can use the Editable Members table to select group members from the local repository.
Click the Add button in the Editable Assignments table. The Add Application Member window, or Add Application Server Member window, is shown, depending on the whether you are editing a group of applications or a group of application servers.
To select group members in the Add Application Assignment or Add Application Server Member window, do either of the following:
Browse the Navigation Tree. As you browse the tree, the Content Area is updated with applications.
Use the Search Applications or Search Application Servers field. The name of this field varies, depending on whether you are editing a group of applications or a group of application servers. Use this field to search for group members. Type in the names of applications or application servers in the field. Note that you can use the “*” wildcard in your search string. Typing a search string of name is equivalent to searching for “*name*” and returns any match of the search string. Results of the search are displayed in the Search Results table in the Content Area. The number of results returned by a search is limited to 150, by default.
Select the required group members from those listed in the Content Area. When you have finished selecting members click the Add button.
The selected group members are displayed in the Effective Members table of the Members tab.
To delete members from the Members tab, use the Delete button in the Editable Members table.
Command option: --member object
Usage: Replace object with the full name of the object. For example,"o=Indigo Insurance/ou=Finance/cn=XClaim". Make sure that you quote any object names containing spaces.
The following example names Indigo Jones and Emma Rald as members.
--member "o=Indigo Insurance/cn=Indigo Jones" \ "o=Indigo Insurance/ou=Marketing/cn=Emma Rald"
Usage: Select or deselect the check box.
The following objects have this attribute:
Specifies whether the application’s menu bar is displayed or not.
Usage: Type a timeout, in milliseconds, in the field.
The following objects have this attribute:
This attribute enables you to emulate the middle mouse button on a two-button mouse by clicking the left and right mouse buttons at the same time.
This attribute is the maximum time that can elapse between pressing the left and the right mouse buttons for the action to be treated as a middle mouse button operation.
Usage: Type a resolution, in dots per inch, in the field.
The following objects have this attribute:
This attribute specifies the monitor resolution, in dots per inch, that SGD reports to X applications asking for this information. Some X applications need this value to determine what font size to use.
If you leave this attribute blank, the value specified in the X Protocol Engine’s Monitor Resolution attribute is reported.
The default resolution might cause the X application to choose a font size larger than it normally uses. This can cause clipping problems, as the X application needs more screen space. If this happens, try reducing the resolution by typing a smaller value, for example, 75.
The X application might also use too large a font if the X Protocol Engine’s Font Path attribute uses a different order than the console or X terminal.
Usage: Select or deselect the Only 3-Button Mouse Supported check box.
X application objects have this attribute.
This attribute enables you to specify whether the X application only supports a 3‐button mouse.
Select the check box if the application only supports a 3-button mouse. The check box is cleared by default.
Object Manager: Advanced -> Application Supports 3-Button Mouse Only
Usage: Type the name used for the object, for example, Indigo Jones.
The following objects have this attribute:
This attribute specifies the name of the object in the local repository.
The following naming conventions are used for SGD objects.
Active Directory container objects have a cn= naming attribute.
User profile objects can have a cn= (common name), a uid= (user identification), or a mail= (mail address) naming attribute.
In the Administration Console, names can include any characters, except the backslash (\) or plus (+) characters.
When you create a new application server object, the Name setting is automatically entered in the Address field.
Usage: Replace name with the full name of the object, for example, "o=applications/ou=Finance/cn=XClaim".
Make sure that you quote any names containing spaces.
If you use a forward slash (/) in an object name, you must backslash protect (escape) it. For example, to create an object with the relative name cn=a/b beneath o=organisation, type cn=a\/b.
This creates an object o=organisation/"cn=a/b".
The following example defines the name of the organization object as Indigo Insurance.
--name "o=Indigo Insurance"
The following example defines the name of the organizational unit object as Finance. The object belongs to the directory object, Indigo Insurance, which must already exist.
--name "o=Indigo Insurance/ou=Finance"
The following example defines the common name of a user profile object as Indigo Jones. The object belongs to the organization object, Indigo Insurance.
--name "o=Indigo Insurance/cn=Indigo Jones"
The following example defines the names of a domain component object as indigo-insurance.
--name "dc=com/dc=indigo-insurance"
Usage: Select or deselect the Limited check box. If the Limited check box is selected, type a number in the Max per User field.
The following objects have this attribute:
This attribute enables you to set the maximum number of instances of an application a user can run simultaneously. The default is 3.
The application’s link on the webtop indicates how many instances of the application the user can run. The webtop also provides tools for suspending, resuming or ending each application instance.
Usage: Select a keypad behavior option from the list.
Character application objects have this attribute.
This attribute specifies the behavior of the numeric keypad, whether it always generates numbers or whether you want the application to change the codes generated by the keypad.
This attribute applies to VT420 character applications only.
Usage: Use the Password Cache table to manage entries in the password cache.
The following objects have this attribute:
The Passwords tab lists the password cache entries for the selected user profile or application server object.
Use the New button to add a password cache entry, using the Create New Password Cache Entry page.
Use the Edit button to edit an entry in the password cache, or the Delete buton to remove an entry from the password cache.
Use the Reload button to refresh the Password Cache table.
Use the Search field to search for entries in the Password Cache table. You can use the “*” wildcard in your search string. Typing a search string of name is equivalent to searching for “*name*” and returns any match of the search string. The number of results returned by a search is limited to 150, by default.
On the command line, use the tarantella passcache commands to delete and examine entries in the password cache. See The tarantella passcache Command.
Usage: Select the Override Global Setting check box and then select or deselect the Secure Global Desktop Password Tried option. To use the default setting defined in the Global Settings -> Application Authentication tab, deselect the Override Global Setting check box.
Application server objects have this attribute.
This attribute specifies the policy for authenticating users on the application server, if no password is already cached for that server.
The Administration Console options and their command line equivalents are shown in the following table.
Administration Console | Command Line | Description |
---|---|---|
Secure Global Desktop Password Tried (selected) | --auth trytta | If the user’s password for logging in
to SGD is cached, the same password is used to try to log in to
the application server. If the attempt fails, the user is prompted
for a password.
When listing object attributes on the command line, this attribute value is displayed as true. |
Secure Global Desktop Password Tried (deselected) | --auth nevertrytta | The user’s password for logging in to
SGD is not used. The user is prompted to enter a user name and password
for the application server.
When listing object attributes on the command line, this attribute value is displayed as false. |
Override Global Setting (deselected) | --auth default | The Password Cache Usage attribute
determines whether to try the user's password or not.
When listing object attributes on the command line, this attribute value is displayed by default. |
A user’s password for logging in to SGD can be stored in the password cache if an SGD server is also used as an application server, or if Password Cache is selected in the Secure Global Desktop Authentication Tab.
Usage: Type the name of the printer driver to use for PDF printing in the field.
The following objects have this attribute:
The name of the printer driver to use for PDF printing when printing from Windows applications that use the Microsoft RDP Windows Protocol.
This printer driver must be installed on every Windows application server used with SGD.
The printer driver must be a PostScript printer driver. The default is HP Color LaserJet 8500 PS.
The name you type must match the name of the printer driver installed on your Windows application servers exactly. Pay particular attention to the use of capitals and spaces. The /opt/tarantella/etc/data/default.printerinfo.txt file contains all the common printer driver names ordered by manufacturer. To avoid errors, copy and paste the driver name from this file.
This attribute is only available if Universal PDF Printer is enabled.
This attribute can only be edited using the Administration Console if Client Printing: Override is enabled for the object.
The setting for this attribute overrides either of the following:
The setting for a parent object in the organizational hierarchy
The default setting configured on the Global Settings -> Printing tab of the Administration Console, if no parent object configuration exists
Changes to this attribute only take effect for new user sessions.
Command option: --pdfdriver driver_name
Usage: Replace driver_name with the name of the printer driver to use for PDF printing. Use quotes on the command line if the name includes spaces.
The following example configures the HP LaserJet 8000 Series PS printer driver as the driver to use for PDF printing.
--pdfdriver "HP LaserJet 8000 Series PS"
Usage: Type a locale in the field.
Application server objects have this attribute.
This attribute controls the language used in the login scripts when pattern matching the login data from an application server.
When using the login scripts supplied with SGD, the vars.exp script defines variables for matching system prompts. By default, English system prompts are supported. This script can be customized to support users in other locales.
A locale has two parts, a language and an optional territory, separated by an underscore.
The language part of a locale is specified using ISO 639 language codes, for example en for English or ja for Japanese.
The territory part of a locale is specified using ISO 3166 territory codes, for example us for the United States or jp for Japan.
Usage: Select a scroll style option.
Character application objects have this attribute.
This attribute specifies how the terminal window scrolls. The available options are line-by-line, several lines at once, or smoothly.
When listing object attributes on the command line, the following applies:
Usage: For user profile objects or organizational unit objects, select the Override Parent’s Setting check box and then select or deselect the Enabled option. To use the setting defined for the parent object, deselect the Override Parent’s Setting check box.
For organization objects, select the Override Global Setting check box and then select or deselect the Enabled option. To use the setting defined in the Global Settings tab, deselect the Override Global Setting check box.
The following objects have this attribute:
This attribute controls whether users can access the serial ports on a client device from a Windows application running on a Microsoft Windows Server 2003 application server.
By default, a user profile object or organizational unit object inherits the setting of its parent object in the organizational hierarchy. This is used to enable or disable access to serial ports for many users without having to edit each user profile object. To override this, select the Override Parent’s Setting check box and change the setting.
By default, organization objects use the global setting configured on the Global Settings -> Client Device tab of the Administration Console. To override this, select the Override Global Setting check box and change the setting.
The Administration Console options and their command line equivalents are shown in the following table.
Administration Console | Command Line | Description |
---|---|---|
Override Parent’s Setting (deselected) | 2 | User profile objects or organizational unit objects. Use the setting inherited from the parent object. |
Override Global Setting (deselected) | 2 | Organization objects. Use the global setting. |
Enabled (selected) | 1 | Enable access to serial ports. |
Enabled (deselected) | 0 | Disable access to serial ports. |
When a user starts a Windows application, SGD checks the user profile object for the user and then any parent object further up the organizational hierarchy to see whether access to serial ports is enabled or disabled. If all the objects selected are configured to use the parent’s setting, then the default setting is used.
Usage: Type DNS name or IP address of the application server in the field.
The following objects have this attribute:
This attribute names the 3270 (mainframe) or AS/400 application server that runs the application.
Use a DNS name rather than an IP address, if it is known.
Usage: Type the Transmission Control Protocol (TCP) port number used to connect to the application server in the field.
The following objects have this attribute:
This attribute specifies the TCP port used by the emulator to exchange data with the 3270 (mainframe) application server or AS/400 application server.
By default, TCP port 23 is used.
Usage: Select a setting from the list.
The following objects have this attribute:
This attribute determines when an application session ends.
The Administration Console options and their command line equivalents are shown in the following table.
Administration Console | Command Line | Description |
---|---|---|
Last Client Exit | lastclient | The SGD server keeps track of the number of X clients running within the session, and ends the session when this reaches zero. |
Window Manager Exit | windowmanager | The SGD server ends the session when the Window Manager exits, no matter how many X clients are running. |
Only Window Manager Remaining | windowmanageralone | The SGD server ends the session when the only remaining X client is the Window Manager. Some Window Managers, such as OpenLook, run X clients in the background, which means that this condition is never met. If you encounter this problem, use the No Visible Windows setting. |
Login Script Exit | loginscript | The SGD server ends the session when the login script completes. Use this setting with Keep Launch Connection Open if an application has problems shutting down. |
No Visible Windows | nowindows | The SGD server ends the session when no windows are visible. This is useful for window managers, such as OpenLook, that run X clients in the background. |
Login Script Exit or No Visible Windows | loginscriptnowindows | The SGD server ends the session when either the login script completes or no windows are visible. Use this setting for applications that have a General Application Resumability setting and that use X clients, as this forces a session to close if an application server is rebooted or disconnected from the network. Use this setting with Keep Launch Connection Open if an application has problems shutting down. |
Usage: Select or deselect the check box.
The following objects have this attribute:
This attribute specifies whether application sessions for applications configured with a Window Type setting of Client Window Management try to share resources. Sharing sessions reduces the memory overhead on both the SGD server and the client device.
Resources are shared between applications with the same settings for the following attributes:
Object Manager: Advanced -> Share Resources Between Similar Sessions
Usage: Select a type of status line from the list.
Character application objects have this attribute.
This attribute specifies the type of status line to show for the application.
Application Type | Types of Status Line Available |
---|---|
VT420 | |
Wyse 60 | |
SCO Console |
When listing object attributes on the command line, the attribute value hostmessages is displayed as host writable.
Usage: Type the user’s surname in the field.
User profile objects have this attribute.
This attribute specifies the surname, or family name, of the user.
Usage: Select a terminal type option, or select the Custom option and type in the field.
Character application objects have this attribute.
This attribute specifies the terminal type required for the application. You must set this appropriately for the Emulation Type.
Usage: Use the Token Cache table to manage entries in the token cache.
User profile objects have this attribute.
The Tokens tab is used to manage tokens used for the authentication token authentication mechanism. This authentication mechanism is used when the SGD Client is in Integrated mode.
The Tokens tab shows the token cache entries for the selected user profile object.
Use the Delete button to delete a token from the token cache.
Use the Reload button to refresh the Token Cache table.
Use the Search field to search for entries in the Token Cache table. You can use the “*” wildcard in your search string. Typing a search string of name is equivalent to searching for “*name*” and returns any match of the search string. The number of results returned by a search is limited to 150, by default.
On the command line, use the tarantella tokencache commands to delete and examine entries in the token cache. See The tarantella tokencache Command.
Use the tarantella tokencache list command to display entries in the token cache.
Command option: tarantella tokencache list
Usage: Select or deselect the check box.
The following objects have this attribute:
This attribute enables users to print using the SGD Universal PDF printer when printing from Windows applications that use the Microsoft RDP Windows Protocol.
This attribute can only be edited using the Administration Console if Client Printing: Override is enabled for the object.
The setting for this attribute overrides either of the following:
The setting for a parent object in the organizational hierarchy
The default setting configured on the Global Settings -> Printing tab of the Administration Console, if no parent object configuration exists
Changes to this attribute only take effect for new user sessions.
Object Manager: Printing -> Let Users Print to a PDF Printer
Usage: Select or deselect the check box.
The following objects have this attribute:
This attribute enables users to print using the SGD Universal PDF Viewer printer when printing from Windows applications that use the Microsoft RDP Windows Protocol.
This attribute can only be edited using the Administration Console if Client Printing: Override is enabled for the object.
The setting for this attribute overrides either of the following:
The setting for a parent object in the organizational hierarchy
The default setting configured on the Global Settings -> Printing tab of the Administration Console, if no parent object configuration exists
Changes to this attribute only take effect for new user sessions.
Object Manager: Printing -> Let Users Print to a PDF Local File
Usage: Type a URL in the field.
Document objects have this attribute.
The URL associated with the object. This is displayed when users click the link on their webtop or in their desktop Start or Launch menu
You can use absolute or relative URLs. Relative URLs are considered relative to the SGD document root. This is usually /opt/tarantella/var/docroot.
Usage: Replace url with a URL. Make sure that you quote any values containing spaces or other characters that might be interpreted by your shell.
The following example makes the object display the Indigo Insurance home page when clicked.
--url http://www.indigo-insurance.com
The following example displays the specified URL, considered relative to the SGD document root.
--url ../my_docs/index.html
Usage: Use the buttons in the User Sessions tab to view and manage user sessions.
User profile objects have this attribute.
This tab lists the active user sessions for the selected user profile object. A user session represents a user who is connected to an SGD server.
Use the View Details button in the User Session List table to show more details for the selected user session. Use the End button to end the selected user session. The Reload button refreshes the User Session List table.
Use the Search options to search the User Session List table. When searching for a User Identity or Secure Global Desktop Server, you can use the “*” wildcard in your search string. Typing a search string of name is equivalent to searching for “*name*” and returns any match of the search string.
To search for a Login Time, use a search string format of yyyy/mm/dd hh:mm:ss.
The number of results returned by a search is limited to 150, by default.
On the command line, use the tarantella webtopsession commands to list and end user sessions. See The tarantella webtopsession Command.
Use the tarantella webtopsession list command to show user session details for a specified user profile object.
Command option: tarantella webtopsession list --person pobj
Usage: Replace pobj with the full name of the user profile object.
The following example lists user sessions for the Indigo Jones user profile object.
tarantella webtopsession list \ "o=Indigo Insurance/ou=IT/cn=Indigo Jones".
Usage: Select a setting from the list.
The following objects have this attribute:
This attribute determines what happens if the user closes the main application window using the Window Manager decoration. This attribute only applies for applications that are configured with a Window Type setting of Client Window Management or Independent Window.
The Administration Console options and their command line equivalents are shown in the following table.
Administration Console | Command Line | Description |
---|---|---|
Notify Application | notifyapp | The application is notified of a close
action in the normal way. If the application ignores the request,
SGD kills it.
When listing object attributes on the command line, this attribute value is displayed as notifyclient. This setting only applies to X applications that are configured with a Window Type setting of Client Window Management. |
Kill Application | killapp | SGD kills the application. This is similar
to using the program xkill to exit the application.
Use this setting only if your users are having difficulty closing
an application.
When listing object attributes on the command line, this attribute value is displayed as killclient. This setting only applies to X applications that are configured with a Window Type setting of Client Window Management. |
Suspend Application Session | suspendsession | If the application object is resumable,
the application’s application session is suspended. If the application
object is not resumable, the application session ends. Use this
setting only if the application provides its own mechanism for the user
to exit. See also Application Resumability.
If you are using the SGD Client in Integrated mode, there are no controls for resuming a suspended application. Users have to log out and log in again to resume their applications, or display a webtop. |
End Application Session | endsession | SGD ends the application session.
This is the default setting for Windows and character applications configured with a Window Type setting of Independent Window. |
Usage: Select an option. For the Custom Color option, type a color in the field.
The following objects have this attribute:
This attribute determines the appearance of the root window.
Select Default Colors to show the standard X “root weave” pattern. To use your own color, select Custom Color and specify a Window Color: Custom Color attribute.
When listing object attributes on the command line, the custom attribute value is displayed as color.
Usage: Used when the Custom Color option is selected for the Window Color attribute. Type a valid color resource, such as yellow, in the field.
The following objects have this attribute:
This attribute determines the color of the root window.
Color names are resolved to RGB values using the file named in the X Protocol Engine’s RGB Database attribute.
Usage: Select or deselect the check box.
The following objects have this attribute:
Keyboard shortcuts that deal with window management can either be sent to the remote session or acted on locally. This attribute is only effective for applications having a Window Type setting of Kiosk mode.
To exit kiosk mode when this attribute is enabled, use the key sequence Alt-Ctrl-Shift-Space. This minimizes the kiosk session on the local desktop.
Usage: Type the full path name of the Window Manager in the field. Press Return to add new entries.
The following objects have this attribute:
This attribute specifies the Window Manager to use for the application. You can also use this to name any other applications to run alongside the main application.
You can name as many Window Manager applications as you want.
A Window Manager is not needed for X applications configured with a Window Type setting of Client Window Management, or for Windows applications that use the Microsoft RDP Windows Protocol.
Usage: Select or deselect the check box.
The following objects have this attribute:
This attribute affects the initial size of the application.
Select the check box to ensure that the application fills the user’s screen when it starts.
The application appears with window decoration. To cause an application to fill the screen completely, without window decoration, set the application object’s Window Type attribute to Kiosk.
Deselect the check box to size the application according to the object’s Window Size: Width and Window Size: Height attributes.
Unless Window Size: Scale to Fit Window is selected, the application size does not change during the lifetime of the application session. If the user starts an application on one client device, then resumes the same application on a client device with a different screen resolution, the application does not resize to fit the screen.
Note - If this attribute is selected and the application is a character application, the Font Size: Fixed Font Size attribute must be deselected. |
Usage: Type the number of columns for the application’s terminal window in the field.
Character application objects have this attribute:
This attribute defines the number of columns in the terminal window, in the range 5–132.
Usage: Type the height of the application, in pixels, in the field.
The following objects have this attribute:
This attribute defines the height of the application, in pixels. The minimum height is 10 pixels, the maximum 65535 pixels.
Command option: --height pixels
Usage: Replace pixels with the height of the application, in pixels. You must specify the height, even if this attribute is not required, for example because the application is configured with a Window Type setting of Client Window Management, or to display at the Window Size: Client’s Maximum Size.
The following example uses a 600-pixel high window to display the application.
--height 600
Usage: Type the number of lines for the application’s terminal window in the field.
Character application objects have this attribute:
Usage: Select or deselect the Maximized check box.
The following objects have this attribute:
Specifies whether the emulator window is maximized.
These commands cause the window to be displayed at the maximum size possible when the TeemTalk for Unix emulator is loaded. The window retains the default number of lines and columns and includes all window elements, such as the title bar and soft buttons, if enabled.
Usage: Select or deselect the Scale to Fit Window check box.
The following objects have this attribute:
This attribute specifies that the application is scaled to fit the window in which it is displayed.
This attribute is only available if the application has a Window Type setting of Independent Window or Kiosk.
If this attribute is selected, the application is always scaled to fit the window in which it is displayed. If you resize the window, SGD rescales the application to fit the new window size and scroll bars never display.
You can toggle between a scaled and an unscaled application by pressing the Scroll Lock key.
Usage: Type the width of the application, in pixels, in the field.
The following objects have this attribute:
This attribute defines the width of the application, in pixels. The minimum width is 10 pixels, the maximum 65535 pixels.
Command option: --width pixels
Usage: Replace pixels with the width of the application, in pixels. You must specify the width, even if this attribute is not required, for example because the application is configured with a Window Type setting of Client Window Management or to display at the Window Size: Client’s Maximum Size.
The following example uses a 300-pixel wide window to display the application.
--width 300
Usage: Select a setting from the list.
The following objects have this attribute:
This attribute determines how the application is displayed to the user.
Some settings affect other attributes. For example, in the Administration Console, choosing Client Window Management disables the attributes for configuring the application’s size. You can specify these attributes on the command line, but they have no effect.
The Administration Console options and their command line equivalents are shown in the following table.
Administration Console | Command Line | Applies To | Description |
---|---|---|---|
Client Window Management | clientwm | X applications | The application's windows behave in the
same way as those of applications running on the client device.
For example, the windows can be resized, moved, minimized and maximized
using the client’s normal window management controls.
The object's Window Close Action attribute determines what happens when the user closes the application's last or main window. When listing object attributes on the command line, this attribute value is displayed as multiplewindows. |
Independent Window | independent | All application types | The application appears in a new window, without
any web browser toolbars or menus.
This window can be resized, but this does not resize the application: the window includes scrollbars. The object's Window Size: Width and Window Size: Height attributes determine the size of the application. Closing the window ends or suspends the application session, depending on the object's Window Close Action attribute. A dialog is shown when the window is closed, asking you to confirm closure of the application. When listing object attributes on the command line, this attribute value is displayed as awtwindow. |
Kiosk | kiosk | Character, X, and Windows applications | The application appears full-screen, with no window decoration. |
Local X Server | localx | X and Windows applications | The application is displayed using an
X server installed on the client device, if one is available. Otherwise,
an independent window is used.
Applications configured with this setting are not resumable, even if an independent window is used. The client device X server’s host access control must grant access to the application server. See your X server’s documentation for information about host access control. |
Seamless Window | seamless | Windows applications | The application’s windows behave like
an application running on a Windows application server.
If an application is started in a seamless window, you can toggle between a seamless and independent window by pressing the Scroll Lock key. When listing object attributes on the command line, this attribute value is displayed as seamlesswindows. Do not use for full-screen desktop sessions. Use a kiosk or independent window instead. |
Command option: --displayusing clientwm | independent | kiosk | localx | seamless
Usage: Specify one of the valid settings. Not all settings are available for all types of application.
The following example displays the application as a full-screen desktop session.
--displayusing kiosk
The following example displays the application in an independent window.
--displayusing independent
Usage: Select or deselect the check box.
Document objects have this attribute.
For users logged in to SGD using a web browser, if this attribute is selected the URL specified for the object is displayed in a new browser window. If this attribute is not selected, the URL is displayed on the webtop.
Usage: Select or deselect the check box.
The following objects have this attribute:
Enables a pull-down header for the application. The header includes icons for minimizing and closing the application window. This attribute is only effective for applications having a Window Type setting of Kiosk mode.
To display the pull-down header when this attribute is enabled, move the mouse to the top of the application window.
Usage: Select the Try Running from Application Server check box and then select a protocol option.
Windows application objects have this attribute.
This attribute identifies the protocol used to connect to the server hosting the Windows application.
Administration Console | Command Line |
---|---|
Microsoft RDP | wts |
Citrix ICA | winframe |
Use Microsoft RDP to run an application using Microsoft Terminal Services.
Deselect the Try Running from Application Server check box, which selects the Windows Protocol: Try Running From Client First check box, if you only want to run a Windows application installed on the client device.
Use the Arguments for Protocol attribute for any command-line options that apply to the defined Windows Protocol.
Usage: Select or deselect the Try Running from Client First check box.
Windows application objects have this attribute.
This attribute specifies whether to try starting the application from the user’s client device.
If this attribute is selected and the application is not installed on the client device, the Windows Protocol attribute is used. If this attribute is selected the application is not resumable, even if the Windows Protocol is used.
Usage: Select or deselect the check box.
X application objects have this attribute.
Whether to enable the X Security Extension for the application.
The X Security Extension divides X clients, also known as hosts, into trusted and untrusted clients. Untrusted clients cannot interact with windows and resources owned by trusted clients.
If you need to run an X application from an application server that might not be secure, enable the X Security Extension and run the application in untrusted mode. This restricts the operations that the X application can perform in the X server and protects the display.
To run an application in untrusted mode, do the following:
Configure the X application to use ssh as the Connection Method.
The X Security Extension only works with versions of ssh that support the -Y option.
Copyright © 2008, Sun Microsystems, Inc. All rights reserved.