C H A P T E R 1 |
Use the Global Settings tabs to configure settings which apply to Sun Secure Global Desktop (SGD) as a whole. Changes made in the Global Settings tabs affect all SGD servers in the array.
In SGD, an array is a collection of SGD servers that share configuration information.
Use the settings on the Secure Global Desktop Authentication tab to control how users log in to SGD. The attributes apply to all SGD servers in the array. Changes to the settings take effect immediately.
From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.
User authentication can be performed by an external authentication mechanism (third-party authentication), or SGD can perform the authentication using a specified repository (system authentication).
The Secure Global Desktop Authentication tab contains the following sections:
Tokens and Cache. This section contains the following settings:
Secure Global Desktop Effective Sequence. This section displays a summary of the current SGD authentication settings. If you click the Change User Authentication button, the Authentication Wizard starts. The Wizard enables you to configure SGD authentication. See The Authentication Wizard.
LDAP Repository Details. If you are using lightweight directory access protocol (LDAP) authentication, this section displays a summary of your LDAP directory server settings.
The Authentication Wizard guides you through the process of setting up authentication for SGD users. The number of steps shown in the Authentication Wizard depend on the choices you make as you work though the Wizard.
The available steps in the Authentication Wizard are as follows:
Overview. Includes background information about how users authenticate to SGD.
Third-Party/System Authentication. Select whether you want to use third-party authentication, system authentication or both.
Third-Party Authentication – User Identity and Profile. For third-party authentication only. Choose search methods to use for finding the user identity and user profile of the authenticated user.
System Authentication – Repositories. For system authentication only. Select one or more check boxes to enable repositories that SGD uses for locating user information. The repositories are listed in the order in which they are tried. If one repository authenticates the user, no more repositories are tried.
Unix Authentication – User Profile. For system authentication only. This screen is shown if UNIX authentication is selected. Select one or more check boxes to specify how to find the user profile for the authenticated UNIX user. The authentication methods are listed in the order in which they are tried. If one method finds a matching user profile, no more search methods are tried.
Windows Domain Authentication – Domain Controller. For system authentication only. This screen is shown if the Windows Domain Controller system authentication repository is selected. Here, you specify the name of the domain controller.
This step contains the Windows Domain setting.
LDAP Repository Details. For third-party or system authentication. This screen is shown if an LDAP or Active Directory system authentication repository is selected, or if the Search LDAP Repository option is selected for third-party authentication. Here, you specify details of the LDAP repository to use.
Review Selections. Shows a summary of the choices you have made using the Wizard. You can review your authentication settings before confirming the changes.
Usage: Select or deselect the check box.
Whether to create authentication tokens for users so they can log in automatically to SGD.
To ensure that an authentication token cannot be intercepted and used by a third party, use secure Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) web servers and enable SGD security services.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ Generate Authentication Tokens
Usage: Select or deselect the check box.
Whether to save the username and password that the user types to log in to SGD in the password cache.
If you are using SecurID authentication, do not save the username and password, as SecurID passwords cannot be reused.
Array Manager: Application Launch Properties (Array-Wide) ⇒ Authentication ⇒ Save SGD Login Details in Cache
Usage: Select or deselect the check box.
Select the check box to enable third-party authentication.
This setting enables you to give access to SGD to users who have been authenticated by a third-party mechanism, such as web server authentication.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ External Authentication ⇒ Use Third Party Authentication
Usage: Select or deselect the check box.
Specifies that user authentication is done by the SGD server. Selecting this option enables the Wizard screens for system authentication settings.
Usage: Select or deselect the check box.
This attribute specifies a search method used by SGD to determine the identity and user profile of a user who has been authenticated by a third-party authentication mechanism.
This search method searches for the user identity in the local repository and then uses the matching user profile.
If additional search methods are selected, the search methods are used in the order shown. However, third-party authentication does not support ambiguous users and so the first match found is used.
If the searches do not produce a match, the standard login page is displayed and the user must log in to SGD in the normal way.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ User Identity Mapping ⇒ Search ENS for Matching Person
Usage: Select or deselect the check box.
Specifies that the LDAP repository is searched to find the user identity for a user who has been authenticated by a third-party authentication mechanism.
The search method used is defined by the Use Default LDAP Profile or Use Closest Matching LDAP Profile attribute.
Usage: Select or deselect the check box.
This attribute specifies a search method used by SGD to determine the identity and user profile of a user who has been authenticated by a third-party authentication mechanism.
This search method does not perform a search. The user identity is the third-party username. The third-party user profile, System Objects/Third Party Profile, is used.
If additional search methods are selected, the search methods are used in the order shown. However, third-party authentication does not support ambiguous users and so the first match found is used.
If the searches do not produce a match, the standard login page is displayed and the user must log in to SGD in the normal way.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ User Identity Mapping ⇒ Use Default Profile
This attribute specifies a search method used by SGD to determine the identity and user profile of a user who has been authenticated by a third-party authentication mechanism.
This search method searches for the user identity in an LDAP repository and then uses the default LDAP user profile, System Objects/LDAP Profile.
If additional search methods are selected, the search methods are used in the order shown. However, third-party authentication does not support ambiguous users and so the first match found is used.
If the searches do not produce a match, the standard login page is displayed and the user must log in to SGD in the normal way.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ User Identity Mapping ⇒ Search LDAP and Use LDAP Profile
This attribute specifies a search method used by SGD to determine the identity and user profile of a user who has been authenticated by a third-party authentication mechanism.
This search method searches for the user identity in an LDAP repository and then uses the closest matching user profile in the local repository, allowing for differences between the LDAP and SGD naming systems.
SGD searches for the following until a match is found:
A user profile with the same name as the LDAP person object.
For example, if the LDAP person object is cn=Emma Rald,cn=Sales,dc=Indigo Insurance,dc=com, SGD searches the local repository for dc=com/dc=Indigo Insurance/cn=Sales/cn=Emma Rald.
A user profile in the same organizational unit as the LDAP person object but with the name cn=LDAP Profile.
For example, dc=com/dc=Indigo Insurance/cn=Sales/cn=LDAP Profile.
A user profile in any parent organizational unit with the name cn=LDAP Profile.
If there is no match, the profile object System Objects/LDAP Profile is used for the user profile.
If additional search methods are selected, the search methods are used in the order shown. However, third-party authentication does not support ambiguous users and so the first match found is used.
If the searches do not produce a match, the standard login page is displayed and the user must log in to SGD in the normal way.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ User Identity Mapping ⇒ Search LDAP and Use Closest ENS Match
Usage: Select or deselect the check box.
Specifies that an LDAP directory server or Active Directory server is used for authentication.
Selecting this option enables the Wizard screen where you can type in LDAP directory server or Active Directory server details.
Usage: Select or deselect the check box.
Selecting this option enables the Wizard screen where you can configure UNIX authentication settings.
Usage: Select or deselect the check box.
Enables authentication using an authentication token.
Authentication using an authentication token can only be used when the SGD Client is operating in Integrated mode.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ Authentication Token Login Authority
Usage: Select or deselect the check box.
Enables authentication against a Windows domain controller.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ NT Login Authority
Usage: Select or deselect the check box.
Enables users with RSA SecurID tokens to log in to SGD.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ SecurID Login Authority
Usage: Select or deselect the check box.
Enables users to log in to SGD without supplying a username and password.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ Anonymous User Login Authority
Usage: Select or deselect the check box.
Specifies a search method used to find the user profile for an authenticated UNIX user. Select this attribute to search for the user identity in the local repository and use the matching user profile.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ ENS Login Authority
Usage: Select or deselect the check box.
Specifies a search method used to find the user profile for an authenticated UNIX user. Select this attribute to use the UNIX user identity and search for a user profile in the local repository that matches the user’s UNIX Group ID.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ UNIX Group Login Authority
Usage: Select or deselect the check box.
Specifies a search method used to find the user profile for an authenticated UNIX user. Select this attribute to use the default UNIX user profile, System Objects/UNIX User Profile, for the authenticated user.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ UNIX User Login Authority
Usage: Type the Windows domain name in the field.
The name of the domain controller used for Windows domain authentication.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ Windows NT Domain
Command option: --login-nt-domain dom
Usage: Replace dom with the name of the Windows domain controller used to authenticate users.
In the following example, users are authenticated with the Windows domain controller sales.indigo-insurance.com.
--login-nt-domain sales.indigo-insurance.com
Enables Active Directory authentication.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ Active Directory Login Authority
Usage: Select the LDAP option.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ LDAP Login Authority
Usage: Type the uniform resource locators (URLs) in the field. Type each separate URL on a line and press the Return key.
The locations of the LDAP directory servers or Active Directory servers used for the following authentication mechanisms.
If you use an LDAP directory for authentication, you can use SGD Directory Services Integration (DSI). DSI enables you to use an LDAP version 3 directory instead of the local repository for holding user information. Using DSI means you do not need to mirror your LDAP organization in the local repository.
See the Sun Secure Global Desktop Administration Guide for more information about using DSI.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ LDAP Server ⇒ URL
For LDAP authentication or third-party authentication, type in a list of URLs.
The URLs are used in the order they are listed. If the first LDAP directory server listed is unavailable, SGD tries the next one in the list.
Each URL has the form ldap://server:port/searchroot. Each of these options is defined as follows:
Port. The TCP port which the LDAP directory server listens on for connections. You can omit this (and the preceding ":") to use the default port.
Searchroot. The position in the LDAP directory structure from where the LDAP repository starts searching for matching users. For example, dc=indigo-insurance,dc=com.
Use an ldaps:// URL if your LDAP directory server uses Secure Sockets Layer (SSL) connections. Extra configuration is required for SSL connections. See the Sun Secure Global Desktop Administration Guide for more information about securing connections to LDAP directory servers.
Usage: Type the user name and password in the fields.
The user name and password of a user that has privileges to search an LDAP directory server or Active Directory server. This is not required for some LDAP directory servers.
For LDAP authentication or third-party authentication, type the distinguished name of a user, such as cn=Bill Orange,cn=Users,dc=indigo-insurance,dc=com.
For Active Directory authentication, type a user principal name such as orange@indigo-insurance.com.
Note - For security reasons, the password is not displayed, even if it has been previously set. |
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ LDAP Server ⇒ Username
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ LDAP Server ⇒ Password
From the command line, use the tarantella passcache new --ldap command.
Command option: tarantella passcache new --ldap --resuser resuser --respass respassr
Usage: Replace resuser and respass with the user name and password.
The following example specifies a user name (test1) and password (test2) for searching an LDAP directory server.
tarantella passcache new --ldap --resuser test1 --respass test2
Usage: Select or deselect the check box.
Whether to use client certificates to authenticate the connection to an Active Directory server.
This enables you to use secure connections for the Active Directory server. Extra configuration is required for SSL connections. See the Sun Secure Global Desktop Administration Guide for more information about securing connections to LDAP directory servers.
This option is disabled by default.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ Active Directory ⇒ Use Certificates
Usage: Type a domain name in the field.
The domain that SGD uses for Active Directory authentication if users only supply a partial domain when they log in.
For example, if the base domain is set to indigo-insurance.com and a user logs in with the user name rouge@west, SGD tries to authenticate rouge@west.indigo-insurance.com.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ Active Directory ⇒ Base Domain
Usage: Type a domain name in the field.
The domain that SGD uses for Active Directory authentication if users do not supply a domain when they log in.
For example, if the default domain is set to east.indigo-insurance.com and a user logs in with the user name rouge, SGD tries to authenticate rouge@east.indigo-insurance.com.
Array Manager: Secure Global Desktop Login Properties (Array-Wide) ⇒ Active Directory ⇒ Default Domain
Settings on the Application Authentication tab control the user experience when starting applications.
From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.
Changes to these attributes take effect immediately.
This tab contains the following sections:
Usage: Select or deselect the check box.
Whether to try the password the user typed for the SGD server (if it is stored in the password cache) as the password for the application server.
SGD server passwords might be stored in the cache if some applications are configured to run on the SGD host, or if Password Cache is selected.
This setting can be overridden by a application server object's Password Cache Usage attribute.
Array Manager: Application Launch Properties (Array-Wide) ⇒ Authentication ⇒ Try Secure Global Desktop Password if Cached
The action to take if the user’s password has expired on the application server.
The command line options and their Administration Console equivalents are shown in the following table.
Administration Console | Command Line | Description |
---|---|---|
Authentication Dialog | dialog | Show an SGD authentication dialog. |
Aged Password Handler | manual | Show a terminal window, where the user can change their password. |
Launch Failure | none | Take no further action. Treat as a startup failure. |
Array Manager: Application Launch Properties (Array-Wide) ⇒ If Password Has Expired
Usage: Select or deselect the check box.
Enable users to log in with a smart card. Smart card authentication is only supported for applications running on a Microsoft Windows Server 2003 application server.
Array Manager: Application Launch Properties (Array-Wide) ⇒ Authentication ⇒ Allow Smart Card Authentication
Usage: Select or deselect the check boxes.
Controls when the application server’s authentication dialog is displayed. The check boxes are inter-related, enabling you to select from three possible options.
The command line options and their Administration Console equivalents are shown in the following table.
Administration Console | Command Line | Description |
---|---|---|
On Shift-Click (selected) | user | Show the authentication dialog if the user holds down the Shift key when they click an application’s link, or if there is a password problem. |
On Shift-Click (deselected) | system | Only show the authentication dialog when there is a password problem. |
On Shift-Click (deselected) | none | Never show the authentication dialog. |
Array Manager: Application Launch Properties (Array-Wide) ⇒ Authentication Dialog
Command option: --launch-showauthdialog user | system | none
In the following example, the application server’s authentication dialog is shown if you hold down the Shift key and click a link to start an application, or if there is a problem with the password.
--launch-showauthdialog user
Usage: Select or deselect the check boxes.
Two attributes that control the initial state of the Save Password check box in the application server authentication dialog and whether users can change it.
If users cannot change the setting, the Initially Checked setting determines whether users can save passwords in the application server password cache.
Array Manager: Application Launch Properties (Array-Wide) ⇒ Save Password
Command option: --launch-savepassword-initial checked | cleared
Command option: --launch-savepassword-state enabled | disabled
Usage: Specify a valid option.
In the following example, the initial state of the Save Password check box is selected. Users can change this setting.
--launch-savepassword-initial checked --launch-savepassword-state enabled
Usage: Select or deselect the check boxes.
Two attributes that control the initial state of the Always Use Smart Card check box in the application server authentication dialog box and whether users can change it.
If users cannot change the setting, the Initially Checked setting determines whether the user’s decision to always use smart card authentication is cached.
Array Manager: Application Launch Properties (Array-Wide) ⇒ Always Use Smart Card
Command option: --launch-alwayssmartcard-initial checked|cleared
Command option: --launch-alwayssmartcard-state enabled|disabled
Usage: Specify a valid option.
In the following example, the initial state of the Always Use Smart Card check box is selected. Users can change to this setting.
--launch-alwayssmartcard-initial checked --launch-alwayssmartcard-state enabled
Usage: Enter a time period, measured in seconds, in the field.
The delay in seconds before showing the Application Launch dialog to users.
Array Manager: Application Launch Properties (Array-Wide) ⇒ Launch Dialog
Usage: Select or deselect the check boxes.
Attributes that control the initial display state of the Launch Details area of the Application Launch dialog, whether users can change it and whether to show the Launch Details area if an application startup fails.
If users cannot change the setting, the Showed by Default setting determines whether the users see the application launch details.
Array Manager: Application Launch Properties (Array-Wide) ⇒ Launch Details
Array Manager: Application Launch Properties (Array-Wide) ⇒ If Launch Fails
Command option: --launch-details-initial shown | hidden
Command option: --launch-details-state enabled | disabled
Command option: --launch-details-showonerror 1 | 0
Usage: Specify a valid option.
In the following example, the initial state of the Launch Details area is hidden. Users can change this setting. The Launch Details area is shown if the application fails to start.
--launch-details-initial hidden --launch-details-state enabled --launch-details-showonerror 1
Settings on the Communication tab control connections between the client device, the SGD server, and application servers. They also control the resumability behavior for application sessions.
From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.
This tab contains the following sections:
This section contains the Resource Synchronization Service setting.
Usage: Type a port number in the field.
The Transmission Control Protocol (TCP) port number used for unencrypted connections between client devices and SGD servers.
Open this port in your firewall to enable connections from users who have standard connections. Standard connections are connections that do not use Secure Sockets Layer (SSL).
You must restart every SGD server in the array for changes to this attribute to take effect.
Array Manager: Array Properties (Array-Wide) ⇒ Port Numbers (Unencrypted Connections)
Usage: Type a port number in the field.
The TCP port number used for encrypted connections between client devices and SGD servers.
Open this port in your firewall to enable connections from users who have secure (SSL-based) connections to SGD.
You must restart every SGD server in the array for changes to this attribute to take effect.
Array Manager: Array Properties (Array-Wide) ⇒ Port Numbers (Encrypted Connections)
Usage: Type a time period, measured in seconds, in the field.
Determines how often a keepalive message is sent to client devices during application sessions. The default value is 100 seconds.
Some HTTP proxy servers close a connection if there is no activity on it. Using a keepalive ensures that a connection stays open.
Set this to 0 to disable keepalive messages.
This setting is also used keep open connections between the SGD Client and the SGD server for client drive mapping.
Changes to this attribute take effect immediately.
Array Manager: Emulator Session Properties (Array-Wide) ⇒ AIP Keepalive
Usage: Type a timeout value, measured in minutes, in the field.
For applications configured to be resumable during the user session, the length of time (in minutes) a suspended application session is guaranteed to be resumable if the connection to SGD is lost. Note that if the user logs out, the application sessions end. See the Application Resumability attribute.
After this period, the SGD server ends the session.
You can override this setting using the Application Resumability: Timeout attribute of an application.
Note - If an application is terminated because the SGD Client exits unexpectedly, the timeout is the timeout plus 20 minutes. |
Changes to this attribute take effect immediately.
Array Manager: Emulator Session Properties (Array-Wide) ⇒ Resumability Timeout ⇒ Webtop Session
Usage: Type a timeout value, measured in minutes, in the field.
For applications configured to be generally resumable, the length of time (in minutes) a suspended application session is guaranteed to be resumable after the user logs out or the connection to SGD is lost. See the Application Resumability attribute.
After this period the SGD server ends the session.
You can override this setting using the Application Resumability: Timeout attribute of an application.
Note - If an application is terminated because the SGD Client exits unexpectedly, the timeout is the timeout plus 20 minutes. |
Changes to this attribute take effect immediately.
Array Manager: Emulator Session Properties (Array-Wide) ⇒ Resumability Timeout ⇒ Always
Usage: Select or deselect the check box.
Whether to enable replication of resources for the array.
If enabled, synchronization starts at a time determined by the Daily Resource Synchronization Time for each SGD server in the array.
Resource synchronization is enabled by default.
Changes to this attribute take effect immediately.
Array Manager: Array Properties (Array-Wide) ⇒ Enable Resource Synchronization
Attributes on the Client Device tab are settings for the user’s client device. This tab controls the use of client device features for applications displayed through SGD.
From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.
This tab contains the following sections:
This section contains the Editing setting.
Usage: Select or deselect the check box.
Whether to enable client drive mapping (CDM) for the array.
To use client drive mapping, the Sun Secure Global Desktop Enhancement Module (SGD Enhancement Module) must be installed and running on the application server.
If you enable drive mapping, CDM services only become available when you restart all SGD servers in the array. To manually start CDM services without restarting the array, run the tarantella start cdm command on all SGD servers in the array.
If you disable drive mapping, the CDM processes only stop when you restart all SGD servers in the array. To manually stop CDM services without restarting the array, run the tarantella stop cdm command on all SGD servers in the array.
Changes to this attribute only take effect for new user sessions.
Array Manager: Array Properties (Array-Wide) ⇒ Client Drive Mapping ⇒ Let Users Access Client Drives
Usage: Select or deselect the check box.
Whether to enable the Windows Internet Naming Service (WINS) to improve client drive access performance. Without WINS, performance can be limited by known problems with Microsoft Windows networking.
WINS services use User Datagram Protocol (UDP) port 137 on the SGD server.
Only enable WINS if either of the following is true:
Your Microsoft Windows application servers are on the same subnet as an SGD server in the array
Your Microsoft Windows application servers list an SGD server in the array as a WINS server
Changes to this attribute take effect on an SGD server the next time the server starts.
Array Manager: Array Properties (Array-Wide) ⇒ Client Drive Mapping ⇒ Use WINS for Better Performance
Usage: Select a drive letter from the Start At list and select a Direction option.
Used for client drives that cannot be mapped using the configured drive letter, because that drive letter is already in use. This attribute specifies the drive letter to start searching from and the direction to search. The first unused drive letter is used to map the client drive.
The Start At list is used to specify the drive letter to start searching from. The Direction option specifies whether the alphabetic search is done backwards or forwards.
Changes to this attribute take effect for new user sessions.
Array Manager: Array Properties (Array-Wide) ⇒ Client Drive Mapping ⇒ Fallback Drive
Command option: --array-cdm-fallbackdrive letter-direction
Usage: Replace letter-direction with a drive letter to start from and a search direction.
Allowed values are of the form [a-zA-Z][+-]. For example, V- to start at drive V and search alphabetically backwards, or f+ to search forwards from drive F. Drive letters are case-insensitive.
The default setting when CDM is enabled is to start at drive V and search backwards.
The following example starts at drive T and searches backwards.
--array-cdm-fallbackdrive t-
Usage: Select or deselect the check box.
Whether to enable Windows audio services for the array.
Audio is only available for applications running on a Microsoft Windows 2003 application server. Audio redirection must also be enabled on the application server.
Changes to this attribute only take effect for new user sessions.
Array Manager: Array Properties (Array-Wide) ⇒ Audio ⇒ Enable Windows Audio Service
Array Manager: Array Properties (Array-Wide) ⇒ Audio ⇒ Windows Audio Sound Quality
The sample rate of the audio data.
Adjusting the audio quality increases or decreases the amount of audio data sent.
Usage: Select or deselect the check box.
Whether to enable UNIX audio services for the array.
Unix audio is only available for X applications. The audio module of the SGD Enhancement Module must be installed and running on the application server.
Changes to this attribute only take effect for new user sessions.
Array Manager: Array Properties (Array-Wide) ⇒ Audio ⇒ Enable UNIX Audio Service
The sample rate of the audio data.
Adjusting the audio quality increases or decreases the amount of audio data sent.
By default, SGD uses Medium Quality Audio.
The sample rates are as follows:
Array Manager: Array Properties (Array-Wide) ⇒ Audio ⇒ UNIX Audio Sound Quality
Usage: Select or deselect the check box.
Whether to enable smart card services for the array.
Support for smart cards is only available for applications running on a Microsoft Windows Server 2003 application server.
Changes to this attribute only take effect for new user sessions.
Array Manager: Array Properties (Array-Wide) ⇒ Smart Card ⇒ Enable Smart Card Services
Usage: Select or deselect the check box.
Whether to enable access to serial ports for the array.
By default, access to serial ports is enabled.
Access to serial ports for individual users can be enabled and disabled using the Serial Port Mapping attribute for organization, organizational unit or user profile objects.
Changes to this attribute only take effect for new user sessions.
Array Manager: Array Properties (Array-Wide) ⇒ Serial Port ⇒ Enable Serial Port Mapping
Usage: Select or deselect the check box.
Whether to allow copy and paste operations for Windows and X application sessions for the array.
By default, copy and paste is allowed.
Copy and paste operations for individual users can be enabled and disabled using the Copy and Paste attribute for organization, organizational unit or user profile objects.
Changes to this attribute only take effect for new application sessions.
Array Manager: Array Properties (Array-Wide) ⇒ Clipboard ⇒ Enable Copy and Paste
Usage: Type a number in the field.
The security level for the SGD Client.
Used to control copy and paste operations between Windows or X application sessions and applications running on the client device.
The security level can be any positive integer. The higher the number, the higher the security level. The default security level is 3.
Changes to this attribute only take effect for new application sessions.
Array Manager: Array Properties (Array-Wide) ⇒ Clipboard ⇒ Client Security Level
Usage: Type the file name in the field.
A file that contains mappings between UNIX client device and Windows application server time zone names.
Usage: Select or deselect the check box.
Whether to allow users to edit their own profiles for use with the SGD Client.
By default, profile editing is enabled.
If profile editing is disabled, it is disabled for all users, including SGD Administrators. However, SGD Administrators can still create and edit profiles using the Profile Editor application.
Profile editing for individual users can be enabled and disabled using the Client Profile Editing attribute for organization, organizational unit or user profile objects.
Changes to this attribute only take effect for new user sessions.
Array Manager: Array Properties (Array-Wide) ⇒ Profile Editing ⇒ Enable User Profile Editing
Attributes on the Printing tab control printing from Windows applications that use the Microsoft RDP Windows Protocol. The settings on this tab are default settings which can be overridden by the Client Printing: Override (--userprintingconfig) attribute for an organization, organizational unit or user profile object.
From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.
Controls the client printers users can print to from Windows application.
By default, users can print to all their client printers.
If you select the No Printer option, you can still use an SGD PDF printer.
Changes to this attribute take effect for new user sessions.
If SGD is configured so you can only print to the client’s default printer and you want to print to a different printer, log out of SGD. Then change the default printer and log in to SGD again.
Usage: Select or deselect the check box.
Enables users to print from a Windows application using the SGD Universal PDF printer.
When a user prints to the Universal PDF printer, the print job is converted into a PDF file and is printed on the user’s client device.
Changes to this attribute take effect for new user sessions.
Array Manager: Printing Properties (Array-Wide) ⇒ PDF Printing ⇒ Let Users Print to a PDF Printer
Usage: Select or deselect the check box.
Sets the SGD Universal PDF printer as the client’s default printer when printing from a Windows application.
When a user prints to the Universal PDF printer, the print job is converted into a PDF file and is printed on the user’s client device.
This attribute is only available if the Universal PDF printer is enabled.
By default, the Universal PDF printer is not the default printer.
Changes to this attribute take effect for new user sessions.
Array Manager: Printing Properties (Array-Wide) ⇒ PDF Printing ⇒ Make PDF Printer the Default for Windows 2000/3
Usage: Select or deselect the check box.
Enables users to print from a Windows application using the SGD Universal PDF Viewer printer.
When a user prints to the Universal PDF Viewer printer, the print job is converted into a PDF file and can be viewed, saved or printed on the user’s client device.
This setting is enabled by default.
Changes to this attribute take effect for new user sessions.
Array Manager: Printing Properties (Array-Wide) ⇒ PDF Printing ⇒ Let Users Print to a PDF Local File
Usage: Select or deselect the check box.
Sets the SGD Universal PDF Viewer printer as the client’s default printer when printing from a Windows application.
When a user prints to the Universal PDF Viewer printer, the print job is converted into a PDF file and can be viewed, saved or printed on the user’s client device.
This attribute is only available if Universal PDF Viewer is enabled.
By default, the Universal PDF Viewer printer is not the default printer.
Changes to this attribute take effect for new user sessions.
Array Manager: Printing Properties (Array-Wide) ⇒ PDF Printing ⇒ Make PDF File Printer the Default for Windows 2000/3
Usage: Type the printer driver name in the field.
The name of the printer driver to use for SGD PDF printing. This printer driver must be installed on every Windows application server used with SGD.
The printer driver must be a PostScript printer driver.
The default is HP Color LaserJet 8500 PS.
The name of the printer driver must match the name of the printer driver installed on the Windows application server exactly. Pay particular attention to the use of capitals and spaces. The install-dir/etc/data/default.printerinfo.txt file contains all the common printer driver names, ordered by manufacturer. To avoid errors, copy and paste the driver name from this file.
Changes to this attribute take effect for new user sessions.
Array Manager: Printing Properties (Array-Wide) ⇒ PDF Printing ⇒ Driver Name
Attributes on the Performance tab are used to specify the following load balancing settings:
The method for selecting the SGD server used to host the application session
The method for selecting the application server used to host the application
From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.
Changes to these attributes take effect immediately.
The algorithm used at application start time to choose the SGD server in the array that hosts the application session. In other words, the method used to choose where to run the Protocol Engine when a user starts an application.
Select the Server Hosting the User Session option to choose the SGD server in the array that is hosting the user session.
Array Manager: Load Balancing Properties (Array-Wide) ⇒ Emulator Sessions ⇒ Use Array Member With
Command option: --sessions-loadbalancing-algorithm algorithm
Usage: Replace algorithm with the load balancing algorithm to use for application sessions.
The following algorithms are available:
Server Hosting the User Session – .../_beans/com.sco.tta.server.loadbalancing.tier2.LocalLoadBalancingPolicy
Least CPU Load – .../_beans/com.sco.tta.server.loadbalancing.tier2.CpuLoadBalancingPolicy
Fewest Application Sessions – .../_beans/com.sco.tta.server.loadbalancing.tier2.SessionLoadBalancingPolicy
The following example specifies that the SGD server hosting the user session is used to host the application session.
--sessions-loadbalancing-algorithm \ .../_beans/com.sco.tta.server.loadbalancing.tier2.LocalLoadBalancingPolicy
The default algorithm SGD uses to choose the best application server to run the application. The server is selected from those defined on the application object’s Hosting Application Servers tab.
This attribute is only used if the value of the application object’s Application Load Balancing attribute is not set to Override Global Setting.
Select one of the following settings:
Most Free Memory. Choose the application server with the most free memory.
Least CPU Load. Choose the application server with the most CPU idle time.
Fewest Applications. Choose the application server that is running the fewest application sessions through SGD. This is the default setting.
Note - To use the Most Free Memory and Least CPU Load algorithms, you must install the SGD Enhancement Module on the application server. |
Array Manager: Load Balancing Properties (Array-Wide) ⇒ Applications ⇒ Use Application Server With
Attributes on the Security tab are global security settings which apply to all SGD servers in the array.
From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.
Usage: Select or deselect the check box.
Whether to generate a new encryption key for the password cache when an SGD server is restarted.
If a new encryption key is generated, the existing password cache is preserved and encrypted with the new key.
Array Manager: Security Properties (Array-Wide) ⇒ Password Cache ⇒ Generate New Encryption Key on Restart
Usage: Type a timeout value, measured in seconds, in the field.
The period of time an entry in the print name mapping table is retained. This table is used to ensure that users can print from an application and then exit the application, without losing the print job.
The timer starts counting when the user closes the last application on the application server.
Set the timeout value to be greater than the maximum delay between choosing to print from an application and the printer responding.
If you change this value, all existing expiry timeouts are reset. Changes take effect immediately.
To flush the table, type in 0 and click Apply. You can then set the timeout to the required value.
To display the table, use the tarantella print status --namemapping command.
Array Manager: Security Properties (Array-Wide) ⇒ Print Name Mapping ⇒ Expire After
Usage: Select or deselect the check box.
Whether to take note of the Connections attribute when a user logs in to SGD.
Select the check box (or set the command line option to 1) if you are using the Connections attribute for user profile, organizational unit or organization objects.
Deselect the check box if SGD security services are not enabled.
If SGD security services are enabled, connections are secure unless the check box is selected and some connections are defined otherwise.
Deselecting the check box enables users to log in more quickly.
Changes to this attribute take effect immediately.
Array Manager: Security Properties (Array-Wide) ⇒ Connection Types ⇒ Apply When Users Log In
Usage: Select or deselect the check box.
Whether to secure all SGD X displays using X authorization. This prevents users from accessing X displays they are not authorized to access.
X authorization is enabled by default.
To use X authorization, xauth must be installed on the application server.
If X authorization is enabled, SGD checks the standard locations for the xauth binary. Extra configuration might be needed if the binary is in a nonstandard location.
Changes to this attribute take effect immediately.
Note - This setting only secures the X display between the SGD server and the application server. |
Array Manager: Security Properties (Array-Wide) ⇒ X Displays ⇒ Use X Authorization (xauth)
Settings on the Monitoring tab are used to configure system message log filters and enable billing services.
From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.
Usage: Type log filter definitions in the field. Press the Return key to add new entries.
This attribute specifies which diagnostic messages are logged and a destination file or handler for log messages.
The attribute contains multiple values, each of the form:
component/subcomponent/severity:destination
Use the wildcard (*) to match multiple components, subcomponents and severities.
Valid destinations are a file name or the name of a plug-in log handler.
File names can include the placeholder %%PID%%, which is substituted with a process ID.
Changes to this attribute take effect immediately.
The Sun Secure Global Desktop Administration Guide includes details of the available log filters and how to set them.
Command option: --array-logfilter filter...
Usage: Replace filter... with a list of log filter definitions. Separate each filter definition with a space. Quote any filters that contain wildcards (*), to stop your shell from expanding them.
The following example specifies a log filter that stores all warnings and error messages for the SGD server to a .log file.
--array-logfilter */*/*error:jserver%%PID%%_error.log
Usage: Select or deselect the check box.
Whether to enable billing services for the array.
This might use significant additional disk space on SGD servers in the array.
If enabled, you can use tarantella query billing to analyze the billing logs.
You must restart an SGD server for billing services to start.
Array Manager: Array Properties (Array-Wide) ⇒ Enable Billing Services
The Licenses tab consists of two sections as follows:
The New License Key field enables you to add new SGD license keys
The Licenses table shows a summary of license status for the array
Usage: Type a license key in the field.
To add a license key, type or paste the key into the empty field. Click the Add button to validate and activate the key.
As you add license keys, SGD updates the information in the Licenses table.
If an invalid license key is entered, a validation error message is displayed.
Array Manager: Licenses Properties (Array-Wide) ⇒ License Keys
The Licenses table shows the number of user licenses and application licenses for the SGD array. The current usage of licenses is also shown.
The number of license keys is indicated in brackets at the top of the table.
Array Manager: Licenses Properties (Array-Wide) ⇒ License Summary
The Licenses table includes the following columns:
Lists the installed license keys for the SGD array.
To remove a license key, click the Delete link in the Licenses table.
As you remove license keys, SGD updates the information in the Licenses table.
If you remove all the license keys, SGD reverts to evaluation mode or expired evaluation mode, depending on how recently you installed the software.
You cannot log in to an SGD server when it is in expired evaluation mode.
To license a server when it is in expired evaluation mode, you must either add a valid license key (using tarantella license add) or join the server to an array that is already fully licensed.
Shows the number of user licenses for each license key.
Subcolumns in the User column indicate the number of standard and secure user licenses.
The current number of user licenses being used is shown in the Current Use row of the table.
A user license is used when a user logs in and freed when the user logs out.
Shows the number of application licenses for each license key.
Subcolumns in the Application column indicate the number of licenses for each application type (Windows, Unix, AS/400 and Mainframe).
The current number of application licenses being used is shown in the Current Use row of the table.
An application license is used when a user starts the first application of one of the application types. The application license is freed when the last application of the same type terminates. A second application of the same type started by the same user does not use an additional license. Suspended applications use licenses.
From the command line, use the tarantella license commands to add and remove license keys and to show license status and license usage information. See The tarantella license command.
Copyright © 2007, Sun Microsystems, Inc. All rights reserved.