Dynamic launch is the term used to describe runtime changes that are applied when users start applications. Typically, the runtime changes enable users to select the application server that runs the application, or to choose the application that is started, or both. Configuring dynamic launch can involve dynamic application servers, dynamic applications, and client overrides.
This section covers the following topics:
A dynamic application server is an object that represents a virtual server broker (VSB). SGD uses the VSB to obtain a list of application servers that can run an application. If a user can select an application server, a chooser page is displayed that enables the user to specify the application server.
Dynamic application servers are created on the Application
Servers tab of the Administration Console, or by using the
tarantella object new_host
--dynamic
command.
The VSB used for a dynamic application server is specified using
the Virtual Server Broker Class
(--vsbclass
) attribute. Any
configurable parameters for the VSB are specified using the
Virtual Server Broker Parameters
(--vsbparams
) attribute.
You only need to create one dynamic application server object for each VSB you are using. In general, you only create multiple dynamic application servers for the same VSB if you want to pass different parameters to the VSB.
The following VSBs are supplied with SGD:
SGD. This broker enables users to select an application server from the list of application servers assigned to the application.
See Section 4.5.2, “SGD Broker” for more details about this VSB.
User-defined SGD. This broker enables users to specify an application server, or to select from the list of application servers assigned to the application.
See Section 4.5.3, “User-Defined SGD Broker” for more details about this VSB.
VDI. This broker enables SGD to request a desktop from an Oracle Virtual Desktop Infrastructure (Oracle VDI) installation.
This broker is for Oracle VDI 3.3 and later installations.
See Section 4.5.4, “VDI Broker” for more details about this VSB.
Legacy VDI. This broker enables SGD to request a desktop from a local Oracle VDI installation.
This broker is for Oracle VDI 3.2 installations only.
See Section 4.5.5, “Legacy VDI Broker” for more details about this VSB.
You can develop your own VSB for use with SGD. Your
broker must implement the
IVirtualServerBroker
interface that is
included in the sgd-webservices.jar
in the
/opt/tarantella/bin/java/com/sco/tta/soap/services/proxy
directory.
Dynamic application servers are assigned to an application in the same way as conventional application servers, as described in Section 3.2.1.1, “How to Assign Application Servers to Applications”.
Only assign one dynamic application server to an application.
Dynamic application servers can override the normal SGD mechanisms for application load balancing. This is because some VSBs, such as the SGD broker and the User-defined SGD broker, enable users to choose where an application is run. With these VSBs, you can prevent application servers from becoming overloaded by using the attributes on an application server object to filter the application servers shown on the chooser page. See Section 7.2.5.1, “Dynamic Application Servers and Load Balancing” for more details.
When dynamic application servers are used, entries in the SGD password cache are usually stored using the dynamic application server as well as the application server. But this can depend on the VSB and configured client overrides.
Some common problems when using VSBs are described in Section 4.9.22, “Troubleshooting Broker Problems”.
The SGD broker lists the application servers that are assigned to an application object. The dynamic application server itself is not listed.
The user experience when using the SGD broker is as follows:
When the user starts an application, a chooser page is displayed that lists the application servers that can run the application. The user must select an application server, and click the Start button to run the application.
If only one application server can run the application, the chooser page is not displayed. The application is automatically run on the application server.
If the application is a dynamic application, the user selects both the application and the application server.
On the command line, the fully-qualified class name
(--vsbclass
) for the
SGD broker, is
com.tarantella.tta.webservices.vsbim.SGDBroker
.
The SGD broker does not have any configurable parameters.
When you install SGD, a default dynamic application
server object called o=appservers/cn=SGD
Broker
is created automatically. This dynamic
application server is used with the My Desktop application. See
Section 4.5.8, “Using My Desktop” for details.
The User-defined SGD broker lists the application servers that are assigned to an application object, and also enables users to specify the name of any application server. Users can run applications on application servers that do not have a corresponding application server object in the local repository. The dynamic application server itself is not listed.
The user experience when using the User-defined SGD broker is as follows:
When the user starts an application, a chooser page is displayed. The user either types the name of an application server in the field provided on the chooser page, or selects an application server from the list, and clicks the Start button to start the application.
If no SGD-configured application servers are available to the user, the user must type the name of an application server.
If the application is a dynamic application, the user must select both the application and the application server.
On the command line, the fully-qualified class name
(--vsbclass
) for the
User-defined SGD broker is
com.tarantella.tta.webservices.vsbim.UserDefinedSGDBroker
.
The User-defined SGD broker has the following
optional parameters for the Virtual Server Broker Parameters
(--vsbparams
) attribute:
createAppserver
. SGD
automatically creates new application server objects for any
user-specified application servers that do not already exist
in the local repository. This parameter is disabled by
default.
hideAppservers
. The list of application
servers is not displayed in the chooser page. This parameter
is disabled by default.
checkAppserver
. For user-specified
application servers, SGD checks that the
application server has been assigned to the application
object. If the application server is not assigned to the
application object, an error message is shown. This
parameter is disabled by default.
This parameter can be used to prevent users from specifying application servers that have not been configured in the local repository. Using this parameter with dynamic applications is not supported.
When this parameter is enabled, users must enter the common name of the application server object in the chooser page.
The VDI broker enables SGD to request a desktop from an Oracle VDI installation. This broker is for Oracle VDI 3.3 and later installations.
HTTPS connections between the VDI host and the VDI broker are secured using an SSL certificate. If the VDI host uses an unsupported or Intermediate CA to sign web services certificates you might need to install the CA or root certificate on the SGD server. See Section 4.5.10, “Integrating with Oracle VDI Using the VDI Broker” for more details.
A typical user experience when using the VDI broker is as follows:
When the user starts an application, a login page is displayed. The user must type a VDI user name and password and click the Login button.
By default the user's SGD credentials are tried, so the login page might not be displayed. SGD can also be configured to cache the VDI credentials, so that the authentication page only displays once for each user. See Section 4.5.7, “Client Overrides”.
If the user is assigned multiple VDI desktops, whether a dedicated desktop or desktop pool, a chooser page is displayed that lists the available desktops. The user must select a desktop, and click the Start button to run the application.
If the user is assigned a single VDI desktop or desktop pool, the chooser page is not displayed. The VDI desktop is run automatically.
On the command line, the fully-qualified class name
(--vsbclass
) for the VDI
broker is
com.oracle.sgd.vsbim.OracleVDIVirtualServerBroker
.
You can configure settings for the VDI broker in the following ways:
Global settings. These settings apply to all SGD servers in the array.
Server-specific settings. These settings apply to a specific SGD server.
Global settings are made by configuring the Virtual Server
Broker Parameters
(--vsbparams
) attribute for
a dynamic application server object, using the Administration
Console or command line.
The following global settings for the VDI broker are available:
preferredhosts
. This parameter is
required.
Enter a comma-separated list of VDI hosts, enclosed in double-quotes. SGD users are load balanced between the servers in this list.
Use the web services URL for each VDI host. By default, this
is
https://
,
where vdihost.com
:1802/clientvdihost.com
is the name of
the VDI host. For example:
preferredhosts="https://vdihost1.com:1802/client,https://vdihost2.com:1802/client, https://vdihost3.com:1802/client"
failoverhosts
Enter a comma separated-list of VDI hosts, enclosed in
double-quotes. These servers are used if none of the servers
specified by preferredhosts
are
available.
Use the web services URL for each VDI host. For example:
failoverhosts="https://vdihost4.com:1802/client,https://vdihost5.com:1802/client, https://vdihost6.com:1802/client"
You must restart each SGD server in the array for changes to the Virtual Server Broker Parameters attribute to take effect.
Server-specific settings are configured using a broker properties file on the SGD server. Settings made in a broker properties file override global settings made in the Administration Console or on the command line.
Using server-specific settings means that you can configure
different preferredhosts
and
failoverhosts
settings for each
SGD server, to take advantage of geographical or
network proximity.
The broker properties file supports additional broker parameters, such as timeout settings and the location of the certificate truststore. These parameters are not available when using the Administration Console or command line.
The broker properties file is named
oracle-vdi-vsb.properties
and is located in
the following directory on an SGD server:
/opt/tarantella/webserver/tomcat/
tomcat-version
/webapps/sgd/WEB-INF/classes/com/oracle/sgd/vsbim
A sample broker properties file,
oracle-vdi-vsb.properties.sample
, is
included in this directory. To create a broker properties file,
make a copy of this file and rename it to
oracle-vdi-vsb.properties
. Edit the
parameters in the file to suit your requirements.
You must restart the SGD server for changes to the broker properties file to take effect.
Table 4.2, “Properties File Settings for the VDI Broker” lists the available parameters when you use a broker properties file.
Table 4.2. Properties File Settings for the VDI Broker
Parameter | Description |
---|---|
| Path to a dedicated certificate truststore on the SGD server. For example:
|
| A comma separated list of VDI hosts. SGD users are load balanced between the servers in this list. For example:
Note When using a broker properties file, lists of host names do not need to be enclosed in double quotes.
This property setting overrides any
|
|
A comma separated list of VDI hosts. These servers are
used if none of the servers specified by
Note When using a broker properties file, lists of host names do not need to be enclosed in double quotes.
This property setting overrides any
|
| The time period before a VDI host marked as unavailable is contacted again, in seconds. A host might be marked as unavailable if the broker could not contact the server, or if an error message was returned when contacting the server. The default time period is 60 seconds. This is the minimum setting. |
| The time period allowed to connect to a VDI host, in seconds. The default time period is 30 seconds. This is the minimum setting. |
| The time period allowed to perform a read operation from a VDI host, in seconds. The default time period is 90 seconds. The minimum setting is 30 seconds. |
The Legacy VDI broker enables SGD to request a desktop from a local Oracle VDI 3.2 installation.
To use this broker, SGD and VDI must be installed on the same host. See Section 4.5.11, “Integrating with Oracle VDI Using the Legacy VDI Broker” for more details.
The user experience when using the Legacy VDI broker is the same as for the VDI broker. See Section 4.5.4, “VDI Broker”.
On the command line, the fully-qualified class name
(--vsbclass
) for the Legacy
VDI broker is
com.sun.sgd.vsbim.SunVDIVirtualServerBroker32
.
The Legacy VDI broker has a one mandatory parameter, the host
name of a VDI server. When you create a dynamic application
server for the Legacy VDI broker, specify
localhost
for the Virtual Server Broker
Parameters (--vsbparams
)
attribute.
A dynamic application represents one or more application objects. When the user starts a dynamic application, a chooser page is displayed that enables the user to select an application to run.
A dynamic application object consists of a set of mappings between type strings and SGD application objects. For example, you could create a dynamic application to enable users to choose between a Windows desktop session or Linux desktop session. Such a dynamic application might use the mappings shown in the following table.
Type | Application |
---|---|
|
|
|
|
Dynamic applications are created on the Applications tab of the Administration Console, or by using the tarantella object new_dynamicapp command. See Section 4.5.6.1, “How to Create a Dynamic Application”.
Type-application mappings for dynamic applications can be configured on the Mappings tab for the dynamic application object, or with the tarantella object add_mapping and tarantella object remove_mapping commands.
The type is a string that is specified when a mapping is added. Because the type is displayed on the chooser page, generally the type identifies the type of application. But it can be any unique string you want.
Dynamic applications are assigned to users in the same way as conventional applications, as described in Section 3.2, “Publishing Applications”. You can assign multiple dynamic applications to a user.
When you install SGD, a default dynamic application
object called o=applications/cn=My Desktop
is
created automatically and is used for the My Desktop
application. See Section 4.5.8, “Using My Desktop” for
details.
Ensure that the applications that you want to map to the dynamic application already exist.
In the Administration Console, go to the Applications tab.
Create the dynamic application object.
Select an object in the organizational hierarchy.
Use the navigation tree to select a directory object to contain the dynamic application.
In the content area, click New.
The Create a New Object window is displayed.
In the Name field, type the name of the dynamic application.
The name you type is used for the link on the webtop.
Ensure that the Dynamic Application option is selected and click Create.
The Create a New Object window closes and the content area is updated with the new object.
Configure the dynamic application.
Click the View New Object link.
The General tab for the dynamic application object is displayed.
(Optional) Change the Icon for the dynamic application.
The icon is used on the webtop.
Click the Mappings tab.
In the Editable Mappings table, click Add.
The Add a New Mapping window is displayed.
In the Mapping Type field, type a string to identify the mapping.
The string can be anything. The string is displayed on the chooser page that is displayed to users. Usually the type identifies the type of application.
Select the check box next to an application object.
Use the Navigation tree to browse for a directory object that contains the application.
You can only select application objects.
Click Add.
The Add a New Mapping window closes and the Mappings tab is updated with the new mapping.
Repeat steps d to g to create further mappings.
Assign the dynamic application to users.
Dynamic applications are assigned to users in the same way as conventional applications. See Section 3.2, “Publishing Applications”.
Client overrides are a comma-separated list of options used to configure dynamic launch. By default, the client override to configure support for dynamic applications and dynamic application servers is enabled.
You use the following command to configure client overrides:
$ tarantella config edit \
--tarantella-config-applaunch-allowclientoverrides opt
...
where opt
is a comma-separated list.
The following table lists the available options.
Option | Description |
---|---|
| Enables reading of password cache entries for application servers. |
| Enables reading of the password cache for users' SGD passwords. |
| Enable support for dynamic applications and dynamic application servers. |
| Enables reading of password cache entries for dynamic application servers. |
| Disable all client overrides. |
| Enable all client overrides. |
For example, to disable all client overrides, use the following command:
$ tarantella config edit \ --tarantella-config-applaunch-allowclientoverrides false
For example, if you are integrating with Oracle VDI and you want SGD to read the password cache for the users' VDI credentials, use the following command:
$ tarantella config edit \ --tarantella-config-applaunch-allowclientoverrides dynamic,dynamicappserver_pw
My Desktop enables users to log in and display a full-screen desktop without displaying a webtop.
To be able to use My Desktop, a user must be assigned an
application object called My Desktop (cn=My
Desktop
).
A default My Desktop object (o=applications/cn=My
Desktop
) is created automatically when
SGD is installed. This object is a dynamic
application object that has the type-application mappings shown
in the following table.
Type | Application |
---|---|
|
|
|
|
By default, this object runs the default desktop application
available on the SGD server, as configured for the
o=applications/cn=Unix Desktop
application
object. The windows type-application mapping for My Desktop is
configured to run a Windows desktop application. However to be
able to use Windows Desktop, you must first assign at least one
application server object to the
o=applications/cn=Windows Desktop
application
object. If you do this, users are prompted to choose which
desktop application to run. See Section 4.5.6, “Dynamic Applications”
for more details.
You can reconfigure the default My Desktop object to run any application you want, but it works best with full-screen desktop applications. If users require different desktop applications, you can create additional My Desktop objects as required.
Users access My Desktop from their webtop or by using the My
Desktop URL, at
https://
,
where
server.example.com
/sgd/mydesktop
is the name of an SGD server. This URL displays the
SGD Login page. Once the user has logged in,
selected an application and application server (if configured),
the desktop session is displayed. After the user has logged in,
the browser window can be closed.
server.example.com
Alternatively, users can click the My Desktop link on the
SGD web server Welcome Page, at
https://
.
server.example.com
Users can be assigned any number of applications, but the My Desktop URL only gives users access to the My Desktop application. To use the My Desktop URL, a user must be assigned only one application called My Desktop.
If the user has paused print jobs, they see a message in the
browser window when they log in which enables them to resume
printing. You can disable this feature by setting the following
value in the mydesktop/index.jsp
file,
which is located in the
/opt/tarantella/webserver/tomcat/
directory.
tomcat-version
/webapps/sgd/
boolean promptForPrintResume=false
SGD provides the following methods of integrating with Oracle VDI.
Using a broker. SGD includes virtual server brokers that enable you to give users access to desktops provided by an Oracle VDI server.
The following types of broker are supplied with SGD:
VDI broker. This broker is for Oracle VDI 3.3 or later installations.
See Section 4.5.10, “Integrating with Oracle VDI Using the VDI Broker” for details of how to integrate with Oracle VDI using the VDI broker.
Legacy VDI broker. This broker is for Oracle VDI 3.2 installations.
See Section 4.5.11, “Integrating with Oracle VDI Using the Legacy VDI Broker” for details of how to integrate with Oracle VDI using the Legacy VDI broker.
Using a Windows application object. This method can be used if you are unable to use either of the brokers supplied with SGD.
See Section 4.5.12, “Integrating with Oracle VDI Using a Windows Application” for details of how to integrate with Oracle VDI using a Windows application.
The supported versions of Oracle VDI are listed in the Oracle Secure Global Desktop Platform Support and Release Notes for Release 4.7 available at http://www.oracle.com/technetwork/documentation/sgd-193668.html.
Integrating SGD with Oracle VDI using the VDI broker involves the following configuration steps:
(Optional) Import certificates from each VDI server, as shown in Section 4.5.10.1, “How to Install VDI Certificates on an SGD Server”.
This step is only required if you are using the VDI broker with a VDI server that uses an unsupported or Intermediate CA to sign web services certificates. In this case, the SGD server must be configured to trust the web services certificates. This is done by importing the following certificates:
Unsupported CA. Import the CA or root certificate
Intermediate CA. Import the CA certificate chain
Create a Windows application object for use with VDI.
SGD connects to VDI using RDP and so you must use a Windows application object.
You could create an application object specifically for VDI integration, or you could adapt the My Desktop application. See Section 4.5.8, “Using My Desktop”.
Create a dynamic application server for the VDI broker.
See Section 4.5.10.2, “How to Create a Dynamic Application Server for the VDI Broker”.
For information about dynamic application servers and the VDI broker, see Section 4.5.1, “Dynamic Application Servers”.
Assign the VDI dynamic application server to the VDI Windows application.
Dynamic application servers are assigned to applications in the same way as conventional application servers, as described in Section 3.2.1.1, “How to Assign Application Servers to Applications”.
Ensure that only the VDI dynamic application server is assigned to the application. Remove any conventional application server assignments.
Assign the VDI Windows application object to users.
(Optional) Configure the client override to enable the caching of passwords.
By default, SGD prompts users for credentials every time they connect to a VDI desktop using the VDI broker. See Section 4.5.7, “Client Overrides”.
Ensure that no users are logged in to the SGD server and that there are no running application sessions, including suspended application sessions.
Repeat the following procedure on each SGD server in the array.
Log in as superuser (root) on the SGD server.
Import the web services CA certificates from each VDI server into a dedicated truststore on the SGD server.
The truststore for web services certificates on an VDI
server is the
/etc/opt/SUNWvda/webserver/keystore
file. The web services CA certificate is stored in the
truststore using an alias of
tomcat
.
Configure the path to the truststore on the
SGD server for VDI web services certificates.
Use the truststore
property of the
oracle-vdi-vsb.properties
broker
properties file. For example:
truststore=/usr/share/certs/vdi
The truststore must have global read permissions, such as
644
.
Use the keytool application to import certificates into the truststore on the SGD server, as shown in the following example:
# /opt/tarantella/bin/jre/bin/keytool -importcert \ -filecertificate-path
\ -keystoretruststore-path
\ -storepasspasswd
\ -aliasalias
The alias
uniquely identifies
the certificate and passwd
is
the truststore password. The location of the truststore is
given by truststore-path
.
Restart the SGD server.
# tarantella restart
You must restart the SGD server for the CA certificate to become effective.
In the Administration Console, go to the Application Servers tab.
Create a dynamic application server object for the VDI broker.
Select an object in the organizational hierarchy.
Use the navigation tree to select a directory object to contain the dynamic application server.
In the content area, click New.
The Create a New Object window displays.
In the Name field, type the name of the dynamic application server.
For example, VDI Broker
.
Ensure the Dynamic Application Server option is selected and click Create.
The Create a New Object window closes and the content area is updated with the new object.
Configure the dynamic application server object.
Click the View New Object link.
The General tab for the dynamic application server object is displayed.
In the Virtual Server Broker Class list, select VDI broker.
In the Virtual Server Broker Parameters field, enter broker parameters. For example:
preferredhosts="https://vdihost1.com:1802/client,https://vdihost2.com:1802/client, https://vdihost3.com:1802/client" failoverhosts="https://vdihost4.com:1802/client,https://vdihost5.com:1802/client"
You can also use a properties file to configure broker parameters. See Section 4.5.4, “ Server-Specific Settings for the VDI Broker ”.
See Section 4.5.4, “VDI Broker” for details of the supported parameters for the VDI broker.
Click Save.
Restart the SGD server.
# tarantella restart
Integrating SGD with Oracle VDI using the VDI broker involves the following configuration steps:
Create a Windows application object for use with VDI.
SGD connects to VDI using RDP and so you must use a Windows application object.
You could create an application object specifically for VDI integration, or you could adapt the My Desktop application. See Section 4.5.8, “Using My Desktop”.
Create a dynamic application server for the Legacy VDI broker.
See Section 4.5.11.1, “How to Create a Dynamic Application Server for the Legacy VDI Broker”.
For information about dynamic application servers and the Legacy VDI broker, see Section 4.5.1, “Dynamic Application Servers”.
Assign the VDI dynamic application server to the VDI Windows application.
Dynamic application servers are assigned to applications in the same way as conventional application servers, as described in Section 3.2.1.1, “How to Assign Application Servers to Applications”.
Ensure that only the VDI dynamic application server is assigned to the application. Remove any conventional application server assignments.
Assign the VDI Windows application object to users.
(Optional) Configure the client override to enable the caching of passwords.
By default, SGD prompts users for credentials every time they connect to a VDI desktop using the Legacy VDI broker. See Section 4.5.7, “Client Overrides”.
In the Administration Console, go to the Application Servers tab.
Create a dynamic application server object for the VDI broker.
Select an object in the organizational hierarchy.
Use the navigation tree to select a directory object to contain the dynamic application server.
In the content area, click New.
The Create a New Object window displays.
In the Name field, type the name of the dynamic application server.
For example, Legacy VDI Broker
.
Ensure the Dynamic Application Server option is selected and click Create.
The Create a New Object window closes and the content area is updated with the new object.
Configure the dynamic application server object.
Click the View New Object link.
The General tab for the dynamic application server object is displayed.
In the Virtual Server Broker Class list, select Legacy VDI Broker.
In the Virtual Server Broker Parameters field, type localhost.
The Legacy VDI broker can only be used if SGD and Oracle VDI are installed on the same host.
Click Save.
Use this method if it is not possible to use either of the VDI brokers supplied with SGD.
Create a Windows application object for use with VDI.
SGD connects to VDI using RDP and so you must use a Windows application object.
You could create an application object specifically for VDI integration, or you could adapt the Windows Desktop application.
(Optional) Configure an application server object for the Oracle VDI host.
If the SGD server and Oracle VDI are on the same host, this step is not required.
For the Address field for the application server object, enter the address of the Oracle VDI host.
Assign the application server to the VDI Windows application object.
This is described in Section 3.2.1.1, “How to Assign Application Servers to Applications”.
Assign the VDI Windows application object to users.
(Optional) When you connect to Oracle VDI using this method, a chooser page is not shown. The default desktop for the user is displayed.
To access a specific desktop or pool, add the pool name and the optional desktop ID to your user name when you log in to Oracle VDI.
Use Shift-Click to display the authentication dialog, and enter your user name in the following format:
username
::pool=poolname
[,desktop=desktopId
]
For example, to connect to your default desktop in a pool called win-xp:
username
::pool=win-xp
For example, to connect to a specific desktop in a pool called win-xp:
username
::pool=win-xp,desktop=33