C H A P T E R  4

Getting Started With SGD

This chapter describes how to log in to Sun Secure Global Desktop (SGD) and get started using the software.

Topics in this chapter include the following:


Logging In to SGD

SGD supports several mechanisms for authenticating users. By default, any user with an account on the SGD host can log in to SGD using their UNIX or Linux system user name and password.

procedure icon  How to Log In to SGD

To use SGD, you need the SGD Client and a supported browser. Usually the SGD Client is installed automatically when you log in. To perform an automatic installation, the browser must have a supported Java Plug-in tool and Java technology must be enabled. If you are using Internet Explorer on Microsoft Windows Vista platforms, you must also add the Uniform Resource Locator (URL) of the SGD server to the list of Trusted Sites in Internet Explorer’s Security Settings.

If your browser does not have Java technology, you must manually install the SGD Client and then connect to SGD. See Installing the SGD Client Manually.

To use SGD with a browser, the browser must have JavaScripttrademark technology enabled.

  1. Using a browser, go to http://server.example.com where server.example.com is the name of an SGD server.

    The SGD Web Server Welcome Page is displayed, as shown in FIGURE 4-1.

    FIGURE 4-1   The SGD Web Server Welcome Page

    Screen capture of the SGD Web Server Welcome
Page


  2. (Optional) Select your preferred language.

    Click one of the flags at the top of the Welcome page.

    The Welcome Page is displayed in the selected language.

  3. Click Login.

    The SGD Login Page is displayed, as shown in FIGURE 4-2.

  4. Log in.

    When you install SGD, SGD creates a default SGD Administrator with the user name “Administrator”. This user authenticates using the password of the UNIX or Linux system root user on the host.

    Type Administrator for the Username and the superuser (root) password for the Password.

    FIGURE 4-2   The SGD Login Page

    Screen capture of the SGD Login Page


    If a Java technology security message displays, click Run to install the SGD Client.

    The Untrusted Initial Connection message is displayed. See FIGURE 4-3.

    FIGURE 4-3   An Untrusted Initial Connection message

    Screen capture of an Untrusted Initial Connection
message


  5. Check the Untrusted Initial Connection message.

    The Untrusted Initial Connection message is a security measure to ensure the SGD Client only connects to trusted hosts. The message gives you the opportunity to check the host name and server certificate details before agreeing to the connection. The message displays only once for each SGD server to which you connect.

    Check that the host details are correct. If they are, click Yes. If they are not, click No.

    The webtop for the Administrator user is displayed, as shown in FIGURE 4-4.

    FIGURE 4-4   The Administrator User’s Webtop

    Screen capture of the Administrator user’s
webtop


    The SGD Client icon is displayed in the task bar. See FIGURE 4-5.

    FIGURE 4-5   SGD Client Task Bar Icon

    SGD Client Task Bar Icon



Using the Webtop

The webtop lists the applications and documents you access through SGD, including the SGD administration tools.

The webtop lists some sample applications that the SGD installation program found on the host so that you can start using SGD.

Running Applications

To run an application, click its link on the webtop, as shown in FIGURE 4-6.

FIGURE 4-6   An Application Link on a Webtop

Screen capture of an application link on a
webtop


When you start an application, you might be asked for a user name and password. This is authentication information for the application server which is running the application. These details can be cached securely so you do not need to enter them more than once for each application server.

SGD Administrators configure how applications appear. Some applications might appear full‐screen with no window decoration, and others in a window that behaves in the same way as a window on the client device.

When an application is running, a triangle appears in front of the application's name on the webtop and a number appears in brackets after it. The session toolbar also appears below the application name, as shown in FIGURE 4-7.

FIGURE 4-7   The Session Toolbar

Screen capture of the Session Toolbar


The number in brackets is the number of separate instances of the application you have started. SGD Administrators configure how many simultaneous instances of an application that you can run.

Some applications can be configured to keep running even when they are not displayed. These are “resumable” applications. To close an application's window without ending the application, you suspend the application. To display the window again and start using the application, you resume the application.

There is a separate session toolbar for each running instance of the application, which you use as follows:

Click the triangle to hide and show the session toolbars for the application sessions, as shown in FIGURE 4-8.

FIGURE 4-8   Hidden Session Toolbars

Screen capture of hidden Session Toolbars


You can manage all your application sessions at once from the links at the top of the Applications area. You use these links as follows:

Applications can have one of three resumability settings.


Setting Description
Never The application exits when you log out of SGD.

You cannot suspend or resume, non-resumable applications.

During the User Session The application continues to run until you log out of SGD.

While you are logged in, you can suspend and resume these applications.

General The application continues to run even after you have logged out of SGD.

When you log in again, click the resume button to display the running application again.


Resumable applications are useful for the following reasons:

Changing Your Settings

If you click the Edit button in the Applications area of the webtop, you can change your settings.

On the Edit Groups tab, you can “personalize” your webtop by arranging your applications into groups. You decide how and when the groups display. Groups are useful for keeping similar applications together or for hiding applications not used very often. Only a SGD Administrator can add an application to, or remove an application from, the list of applications that are available on a user’s webtop.

On the Client Settings tab, you can configure the settings for the SGD Client, for example the proxy server to use, or whether the list of applications you can run displays in the desktop Start or Launch menu. The settings are stored in a profile on the client device.

Logging Out

You must log out of SGD before closing your browser. This enables SGD to shut down any applications that need not run any more and stop the SGD Client.

If you close your browser without logging out, you are not logged out of SGD, because the SGD Client is still running. If you accidentally close the browser, you can only display the webtop by logging in again.

To log out of SGD, click the Logout button on the webtop and click OK when prompted for confirmation.


SGD Administration Tools

SGD has the following administration tools:

The Administration Console and the Profile Editor are available on the webtop of SGD Administrators.

The Administration Console

To display the Administration Console, you can use any browser that is supported by SGD, apart from Safari. See the Sun Secure Global Desktop 4.41 Administration Guide for details of the supported browsers for SGD. The browser must have the JavaScript programming language enabled.

The Administration Console works best when you run it on the primary SGD server in the array.

Starting the Administration Console

To start the Administration Console, you click the link on the webtop.

If you want to run the Administration Console without displaying the webtop, you can run it from the following locations:

  • http://server.example.com and click the Launch the Secure Global Desktop Administration Console link

  • http://server.example.com/sgdadmin

where server.example.com is the name of an SGD server.

If you run the Administration Console without displaying a webtop, you are prompted to log in as an SGD Administrator.

Using the Administration Console

When you log in to the Administration Console, the Welcome screen is displayed, as shown in FIGURE 4-9.

FIGURE 4-9   The Administration Console Welcome Screen

Screen Capture of the Administration Console
Welcome Screen


The Welcome Screen contains links to information to help you get started. Click Continue to display the Administration Console. The Administration Console opens in Navigation View, as shown in FIGURE 4-10.

FIGURE 4-10   The Administration Console in Navigation View

Screen capture of the Administration Console
in Navigation View


Navigation View is the “top‐level” view that enables you to access the tabs for managing the different areas of SGD. The following table summarizes the tabs available in Navigation View and what they are used for.


Tab Description
Secure Global Desktop Servers Managing and configuring SGD servers.

If you upgraded from a previous release of SGD, this tab replaces Array Manager.

This tab is described in more detail in Managing SGD.

Sessions Managing users’ SGD sessions and application sessions.

If you upgraded from a previous release of SGD, this tab replaces Session Manager.

This tab is described in more detail in Monitoring Users.

User Profiles Managing and configuring users’ SGD settings.

If you upgraded from a previous release of SGD, this tab replaces Object Manager.

This tab is described in more detail in Creating Users.

Applications Managing and configuring the applications that users can run through SGD.

If you upgraded from a previous release of SGD, this tab replaces Object Manager.

This tab is described in more detail in Adding Applications to Webtops.

Application Servers Managing and configuring the application servers that run the applications displayed through SGD.

If you upgraded from a previous release of SGD, this tab replaces Object Manager.

This tab is described in more detail in Adding Applications to Webtops.

Global Settings Configuring settings that apply to SGD as a whole.

If you upgraded from a previous release of SGD, this tab replaces Array Manager.

This tab is described in more detail in Managing SGD.

Caches Managing the application server passwords and authentication tokens that SGD has stored.

SGD is built on the following principles of directory services:

  • Users, applications, and application servers are represented by objects in a directory. The objects are organized into a organizational hierarchy representing your organization.

  • Different types of object have different configuration settings, known as attributes.

  • The relationships between objects are important and have meanings.

  • Each object is identified using a unique name.

SGD includes a number of different object types. When you select an object to work with, the Administration Console changes to Object View. The Administration Console provides links to enable you to switch between Object View and Navigation View, and also an Object History that enables you to switch between the objects you have recently worked with, as shown in FIGURE 4-11.

FIGURE 4-11   The Administration Console Navigation Links

Screen capture showing the Administration Console
navigation links




caution icon

Caution - When using the Administration Console, do not use the browser’s Back button. Instead, use the navigation links to move between pages in the Administration Console.



The User Profiles, Applications, and Application Servers tabs are divided into two sections. On the left is the navigation tree and on the right is the content area, as shown in FIGURE 4-12. The navigation tree only shows the container objects that are used to structure your organizational hierarchy. As you browse and select objects in the navigation tree, the content area displays a list of objects contained in the selected object.

FIGURE 4-12   The Navigation Tree and Content Area

Screen capture showing the navigation tree
and content area


Several of the tabs and screens in the Administration Console have a search field. The search is case insensitive and accepts only the * wildcard character. The search results are displayed in a table and are limited to a maximum of 150 hits.

Most tabs in the Administration Console present information in tables. Often the information in a table cell is a link that can be clicked to display further information.

The tarantella Command

The tarantella command is a script installed in the install-dir/bin directory. By default, install-dir is /opt/tarantella. As this script is not on the standard PATH, you must use the full path each time you run the command, or change to /opt/tarantella/bin before running the command. Alternatively, do the following:

The tarantella command is actually a family of commands, each of which can have its own set of subcommands. You always run the subcommands through the tarantella command, for example:


# tarantella license list

Help is available for every command by using the --help command‐line argument.

Many commands are designed so that you can build scripts around them.

The following restrictions apply as to which users can use particular tarantella commands:

Use the usermod -G command to make a user a member of the ttaserv group. The ttaserv group does not have to be the user’s primary or effective group.


Creating Users

This section describes how to use the Administration Console to create an SGD user. You do this by creating a user profile object. A user profile is used to control a user’s SGD settings, such as whether they can log in to SGD and the applications that they can run. This section also describes how to make a user an SGD Administrator.



Tip - You can configure SGD to use a Lightweight Directory Access Protocol (LDAP) directory for obtaining information about users. If you configure SGD for LDAP integration, you do not have to create user profiles. The Sun Secure Global Desktop 4.41 Administration Guide has details of how to configure SGD for LDAP integration.



In the Administration Console, the User Profiles tab is where you create and manage user profiles. See FIGURE 4-13.

FIGURE 4-13   The User Profiles Tab

Screen capture of the User Profiles tab


By default, this tab contains two “top-level” objects, a Directory object called organization (o=organization on the command line) and a Directory (light) object called com (dc=com on the command line). You can rename or delete these objects, or create new top‐level objects. You create all the objects you need for managing users within these top-level object types.

You can use other Directory objects to subdivide your organization. For example, you might want to use a Directory (organizational unit) for each department in your organization.

Creating User Profiles and SGD Administrators

In this section, you learn how to create a user profile for yourself, and how to make yourself an SGD Administrator. SGD Administrators always have a user profile. Only SGD Administrators can create user profiles.

Users who occupy the Global Administrators role are SGD Administrators. SGD Administrators can configure SGD using any of the SGD administration tools. Users who do not occupy the Global Administrators role have no administration privileges.

The Global Administrators role is an object in the System Objects organization on the User Profiles tab. The Global Administrators role object is used to assign users administrative privileges and to give them access to the administration tools.

After following these procedures, you can log in to SGD using your UNIX or Linux platform user name and password, and run the Administration Console.

You can also use the tarantella object new_person command to create a user profile, and the tarantella role add_member command to add an SGD Administrator.

procedure icon  How to Create a User Profile

  1. In the Administration Console, click the User Profiles tab.

  2. Select an object in the organizational hierarchy.

    Use the navigation tree to select the organization object, as shown in FIGURE 4-14.

    You can move your user profile to a different location later if needed.

    FIGURE 4-14   The Organization Object Selected

    Screen capture showing the organization object
selected


  3. Create the user profile object.

    1. In the content area, click New.

      The Create a New Object window displays.

    2. In the Name field, type your name.

      For example, Rusty Spanner.

    3. Ensure that the User Profile option is selected and click Create.

      The Create a New Object window closes and the content area is updated with the new object. See FIGURE 4-15.

      FIGURE 4-15   A Newly-Created User Profile

      Screen capture showing a newly-created user
profile


  4. Click the View New Object link.

    The General tab for the user profile displays in Object View. See FIGURE 4-16.

  5. Configure the user profile.

    1. In the Surname field, type your family name.

      For example, Spanner.

    2. Ensure the Login check box is selected and that the Multiple check box is not selected.

      This ensures that you can log in to SGD.

    3. In the User Name field, type your UNIX or Linux platform user name.

      For example, rusty.

      This attribute can be used to identify and authenticate users.

    4. In the Email Address field, type your full email address.

      For example, rusty.spanner@indigo-insurance.com.

      This attribute can be used to identify and authenticate users.

      FIGURE 4-16   The General Tab for a User Profile

      Screen capture showing the general tab for
a user profile


    5. Click Save.

procedure icon  How to Add an SGD Administrator

  1. In the Administration Console, click the User Profiles tab.

  2. In the navigation tree, click System Objects.

    The System Objects table is displayed in the content area, as shown in FIGURE 4-17.

    FIGURE 4-17   The System Objects Table

    Screen capture showing the System Objects table


  3. In the System Objects table, click the Global Administrators link.

    The Members tab is displayed in Object View, as shown in FIGURE 4-18.

    FIGURE 4-18   The Members Tab

    Screen capture of the Members tab


  4. In the Editable Members table, click Add.

    The Add User Assignment window is displayed. See FIGURE 4-19.

  5. Locate your user profile.

    Use the Search field to find your user profile, or browse the navigation tree.

  6. Select the check box next to your user profile and click Add.

    FIGURE 4-19   The Add User Assignment Window

    Screen capture of the Add User Assignment window


    The Members tab is displayed and your user profile is listed in the Editable Members table. See FIGURE 4-20.

    FIGURE 4-20   Updated Members Tab

    Screen capture of an updated Members tab



Adding Applications to Webtops

This section describes how to use the Administration Console to create an application object that can be displayed through SGD, and how to make a link for starting the application appear on a user’s webtop.

In the Administration Console, the Applications tab is where you configure the applications that users can run through SGD. See FIGURE 4-21. The Application Servers tab is where you configure the application servers that run the applications. See FIGURE 4-22.

FIGURE 4-21   The Applications Tab

Screen capture of the Applications tab


Application objects are always contained in the Applications organization (o=applications on the command line). Application server objects are always contained in the Application Servers organization (o=appservers on the command line).

You can use Directory (organizational unit) objects to subdivide these organizations. For example, you might want to use a Directory object to contain the applications used by a particular department. You can also arrange applications and application servers into Groups.

In SGD, there are links or relationships between user profiles, applications, and application servers. The Administration Console calls these links assignments. Each relationship is managed from an assignment tab. For example, user profile objects have an Assigned Applications tab that shows all the application objects that are assigned to the user. These are the applications that display on a user’s webtop. Similarly, application objects have a Hosting Application Servers tab that shows the application servers that can run the application.



Tip - You can configure SGD to use searches of an LDAP directory to assign applications to users. This is called Directory Services Integration (DSI). The Sun Secure Global Desktop 4.41 Administration Guide has details of how to configure DSI.



Creating and Assigning an Application Object

Creating and assigning an application object involves the following steps:

  1. Create an application server object.

    In this step, you specify the name and location of the application server that runs the application.

    See How to Create an Application Server Object.

  2. Create an application object.

    In this step, you specify the command that runs when users start the application and how the application is presented.

    See How to Create an Application Object.

  3. Assign the application object.

    In this step, you assign the application server object to the application object, so that SGD knows where to run the application. Then you assign the application object to an object on the user profiles tab, so that SGD puts a link for the application on a user’s webtop.

    See How to Assign an Application Object.

Only SGD Administrators can create objects and assign them.

The following procedures describe how to create and assign a Windows application object. The principles are the same for other application types.

On the command line, you can also perform all these steps with the tarantella object family of commands.

procedure icon  How to Create an Application Server Object

  1. In the Administration Console, click the Application Servers tab.

    FIGURE 4-22   The Application Servers Tab

    Screen capture of the Application Servers tab


  2. Create the application server object.

    Create the application server object directly in the Application Servers organization, as shown in FIGURE 4-22. You can move it to a different location later if needed.

    1. In the content area, click New.

      The Create a New Object window displays.

    2. In the Name field, type the name of the application server.

      For example, rome.

    3. Ensure the Application Server option is selected and click Create.

      The Create a New Object window closes and the content area is updated with the new object. See FIGURE 4-23.

      FIGURE 4-23   A Newly-Created Application Server Object

      Screen capture of a newly-created application
server object


  3. Click the View New Object link.

    The General tab for the application server object is displayed in Object View, as shown in FIGURE 4-24.

  4. Configure the application server object.

    1. In the Address field, type the fully-qualified DNS name of the application server.

      For example, rome.indigo-insurance.com.

    2. Ensure that the Application Start check box is selected.

      This tells SGD that the application server is available to run applications.

    3. In the Domain Name field, type the name of the Microsoft Windows domain.

      For example, rome.

      This attribute is used in the authentication process when users run the application.

      FIGURE 4-24   The General Tab for an Application Server Object

      Screen capture of the General tab for an application
server object


    4. Click Save.

procedure icon  How to Create an Application Object

The following procedure is an example of how to create a Windows application object.

  1. In the Administration Console, click the Applications tab.

    FIGURE 4-25   The Applications Tab

    Screen capture of the Applications tab


  2. Create the application object.

    Create the application object directly in the Applications organization, as shown in FIGURE 4-25. You can move it to a different location later if needed.

    1. In the content area, click New.

      The Create a New Object window displays.

    2. In the Name field, type the name of the application.

      For example, Notepad.

      The name you type is used for the application link on the webtop.

    3. Ensure that the Windows Application option is selected and click Create.

      The Create a New Object window closes and the content area is updated with the new object, as shown in FIGURE 4-26.

      FIGURE 4-26   A Newly-Created Application Object

      Screen capture of a newly-created application
object


  3. Click the View New Object link.

    The General tab for the application object displays in Object View.

  4. Configure the application.

    The configuration settings for a Windows application are described in more detail in the Sun Secure Global Desktop 4.41 Administration Guide. For this example, the default settings are sufficient, apart from the following configuration.

    1. Click the Launch tab.

    2. In the Application Command field, type the application command.

      For Windows desktop sessions, leave this field blank.

      To run a particular application, type the full path of the command that runs the application, for example, C:\Windows\notepad.exe.

      The application must be installed in the same location on all application servers.

    3. Ensure that the Try Running from Application Server check box is selected and that the Microsoft RDP Protocol option is selected.

      FIGURE 4-27   The Launch Tab

      Screen capture of the Launch tab


    4. Click Save.

  5. Click the Presentation tab.

    1. Configure the Window type.

      For a Windows desktop session, select the Kiosk setting from the list.

      For an individual application, select the Independent Window setting from the list. You can use the Window Size options to specify the size of the window.

      FIGURE 4-28   The Presentation Tab

      Screen capture of the Presentation tab


    2. Click Save.

procedure icon  How to Assign an Application Object

  1. In the Administration Console, click the Applications tab and select the application object.

    The General tab is displayed in Object View.

  2. Specify the application servers that can run the application.

    1. Click the Hosting Application Servers tab. See FIGURE 4-29.

      FIGURE 4-29   The Hosting Application Servers Tab

      Screen capture of the Hosting Application Servers
tab


    2. In the Editable Assignments table, click Add.

      The Add Application Server Assignment window displays. See FIGURE 4-30.

    3. Locate the application server.

      Use the Search field to find the application server object, or browse the navigation tree.

    4. Select the check box next to the application server object and click Add

      If you select more than one application server object, SGD load balances between application servers.

      If you select a group object containing application server objects, you select all the application server objects in that group.

      FIGURE 4-30   The Add Application Server Assignment Window

      Screen capture of the Add Application Server
Assignment window


      The Effective Application Servers table is updated with the selected application server object, as shown in FIGURE 4-31.

      FIGURE 4-31   Updated Hosting Application Servers Tab

      Screen capture of an updated Hosting Application
Servers tab


  3. Specify the users that see the application on their webtop.

    1. Click the Assigned User Profiles Tab. See FIGURE 4-32.

      FIGURE 4-32   The Assigned User Profiles tab

      Screen capture of the Assigned User Profiles
tab


    2. In the Editable Assignments table, click Add.

      The Add User Assignment window displays, as shown in FIGURE 4-33.

    3. Locate the user profile.

      Use the Search field to find the user profile, or browse the navigation tree.

      You can assign an application object to a user profile or directory object.

      If you assign an application object to a directory object, all the user profiles contained in that directory object automatically receive the application. This is called inheritance. Assigning an application object to directory objects is more efficient.

    4. Select the check box next to your user profile and click Add.

      FIGURE 4-33   The Add User Assignment Window

      Screen capture of the Add User Assignment window


      The Effective User Profiles table is updated with the selected users. See FIGURE 4-34.

      FIGURE 4-34   Updated Assigned User Profiles Tab

      Screen capture of an updated Assigned User
Profiles tab


  4. Check that the application appears on your webtop.

    You might have to log out and log in using your UNIX or Linux system user name and password to see the application on your webtop.


Managing SGD

In the Administration Console, the Global Settings tab is where you configure the settings that apply to SGD as a whole. See FIGURE 4-35.

FIGURE 4-35   The Global Settings Tab

Screen capture of the Global Settings tab


The Global Settings tab contains other tabs for configuring and managing SGD. For example, the Secure Global Desktop Authentication tab is where you configure how users authenticate to SGD.

In the Administration Console, the Secure Global Desktop Servers tab is where you manage individual SGD servers. See FIGURE 4-36.

FIGURE 4-36   The Secure Global Desktop Servers Tab

Screen capture of the Secure Global Desktop
Servers tab


The Secure Global Desktop Servers tab shows you the status of an SGD server, whether it is running, how many user sessions there are, and how many application sessions the server is hosting.

When you click on the name of an SGD server in the Secure Global Desktop Servers List table, the Administration Console displays further tabs in Object View. You use these tabs to configure and manage the selected SGD server. See FIGURE 4-37.

FIGURE 4-37   The General Tab for an SGD Server

Screen capture of the General tab for an SGD
server


On the command line, you use the tarantella config command to configure global settings and SGD servers. The Sun Secure Global Desktop 4.41 Administration Guide has details of all the command-line arguments.

Arrays

The Secure Global Desktop Servers tab enables you to group SGD servers together to form an array. An array is a collection of SGD servers that share configuration information.

An array contains the following:

A single, standalone server is considered to be the primary server in an array with no secondary servers.

SGD servers in an array might run different operating systems. However, all the array members must run the same version of SGD.

While you are evaluating SGD you are limited to an array containing a maximum of two SGD servers. Once you install a license key, this restriction is removed.

Arrays have the following benefits:

Users see the same webtop and can resume applications no matter which SGD server they log in to.

You add an SGD server to an array by clicking Add in the Secure Global Desktop Servers List table.

Monitoring Users

You can keep track of what your users are doing by monitoring the user sessions and application sessions in progress. User sessions and application sessions are always associated with a user identity and a user profile. The user identity is the unique authenticated identity of the user. The user profile is the SGD user profile object that contains the user’s settings.

User Sessions

A user session begins when a user logs in to SGD and ends when a user logs out. User sessions are hosted by the SGD server the user logs in to. User sessions can be standard sessions or secure sessions. Secure sessions are only available when SGD security services are enabled.

If a user logs in and they already have a user session, the user session is transferred to the new SGD server and the old session ends. This is sometimes called session grabbing, or session moving.

In the Administration Console, you can list user sessions as follows:

  • The Sessions tab, in Navigation View, shows all the user sessions that are running on all SGD servers in the array.

  • The User Sessions tab for an SGD server shows all the user sessions that are hosted by that server.

  • The User Sessions tab for a user profile shows all the user sessions associated with the user profile.

On the Sessions tab and the User Sessions tabs, you can select and end user sessions. On the User Sessions tabs, you can view further details about the user session, for example the information the SGD Client detects about the client device.

On the command line, you use the tarantella webtopsession command to list and end user sessions.

Application Sessions

An application session begins when a user starts an application and ends when the application exits. Each application session corresponds to an application currently running through SGD. Application sessions can be running or suspended.

An application session can be hosted by any SGD server in the array. This might not be the same SGD server that the user logged in to.

In the Administration Console you can list application sessions as follows:

  • The Application Sessions tab for an SGD server shows all the application sessions that are hosted by that server.

  • The Application Sessions tab for a user profile shows all the application sessions associated with the user profile.

  • The Application Sessions tab for an application server shows all the applications that are running on that application server.

On the Applications Sessions tabs, you can view further details about an application session. You can also end and shadow application sessions. With shadowing, you and the user see and interact with the application at the same time.



Note - You can only shadow Windows applications and X applications, and the application sessions must not be suspended.



On the command line, you use the tarantella emulatorsession command to list and end application sessions.


Controlling SGD

To control SGD from the command line, use the tarantella start, tarantella stop, and tarantella restart commands.

You control an SGD server and the SGD Web Server with the following commands:

Subcommands for the tarantella start, tarantella stop, and tarantella restart commands enable you to control individual components of SGD, as follows:

See the Sun Secure Global Desktop 4.41 Administration Guide for more information about the available subcommands and options for the tarantella stop, tarantella start, and tarantella restart commands.

Controlling the SGD Enhancement Module

This section describes how you control the SGD Enhancement Module.

Controlling the SGD Enhancement Module for Microsoft Windows

When you install the SGD Enhancement Module for Microsoft Windows, the load balancing service starts immediately. The load balancing service also starts automatically whenever the Windows host is rebooted.

procedure icon  How to Manually Control the Load Balancing Service

Use the following procedure to manually stop and start the load balancing service on a Windows host.

  1. Log in to the Windows host as a user with administrative privileges.

  2. In the Windows Control Panel, click Administrative Tools.

  3. Click Computer Management.

  4. In the tree, expand Services and Applications.

  5. Click Services.

  6. Double-click the Tarantella Load Balancing Service.

  7. Click Stop or Start to stop or start the service.

Controlling the SGD Enhancement Module for UNIX and Linux Platforms

When you install the SGD Enhancement Module for UNIX and Linux Platforms, the load balancing and UNIX audio processes start immediately. The client drive mapping processes have to be started manually because extra configuration is required.

Whenever the host is rebooted, all the Enhancement Module processes are started automatically.

On UNIX and Linux platforms, you can control the Enhancement Module processes manually with the tem command. The tem command is a script installed in the install-dir/bin directory. By default, install-dir is /opt/tta_tem. As this script is not on the standard PATH, you must use the full path each time you run the command, or change to /opt/tta_tem/bin before running the command. Alternatively, do the following:

  • Add /opt/tta_tem/bin to the PATH, for example:

    PATH=$PATH:/opt/tta_tem/bin; export PATH

  • Create an alias, for example:

    alias em=/opt/tta_tem/bin/tem

You control the Enhancement Module processes manually by running the following commands as superuser (root):

  • tem start – Starts the load balancing processes

  • tem stop – Stops the load balancing processes

  • tem startcdm – Starts the CDM processes

  • tem stopcdm – Stops the CDM processes

  • tem startaudio – Starts the UNIX platform audio processes

  • tem stopaudio – Stops the UNIX platform audio processes

Use the tem status command to show the status of the various modules in the Enhancement Module.


SGD Network Architecture

SGD is built around a three-tier network architecture model, consisting of the following tiers:

Different tiers can reside on the same host. For example, a single UNIX platform host can act as both an SGD server and an application server, but the tiers remain logically independent.

Client Devices

The first tier contains client devices. A client device is a piece of hardware that can communicate with SGD using a browser and the SGD Client.

The browser communicates with the SGD Web Server on the second tier and displays the webtop to users.

The SGD Client communicates with SGD servers on the second tier and displays the applications that users run.

The Adaptive Internet Protocol (AIP) ensures optimal network usage between the first and second tiers.

SGD Servers

The second tier contains SGD servers, which act as a gateway between the first and third tiers. This tier might contain a single SGD server, or many SGD servers configured to form an array.

An SGD server is responsible for the following:

Application Servers

The third tier contains application servers that run users’ applications.

When a user clicks a link on their webtop, SGD starts the application on an appropriate application server. Output from the application is redirected by the SGD server from the application server to the client device.

When you tell SGD about an application, you include information about all the application servers that can run the application. SGD load balances between the application servers.


Next Steps

By default, SGD installs in a 30-day evaluation mode. During the evaluation period, the following restrictions apply:

After 30 days, the SGD server no longer permits users to log in.

To continue using SGD, you must add a license key. You can add license keys in the following places:

What You Need to Tell Users

The following information is essential to help people use SGD:

Where to Get More Help

On the webtop, click Help to display the Sun Secure Global Desktop 4.41 Administration Guide. This is the online documentation for configuring and running SGD. Online help is also available in the Administration Console.

Documentation in Hypertext Markup Language (HTML) and Portable Document Format (PDF) formats is also available from the following locations:

You can also discuss technical issues at the SGD forum on Sun Developer Network http://forum.java.sun.com/forum.jspa?forumID=815.