Numeric
An SGD object that represents a 3270 protocol
application running on a mainframe host. 3270 Application
objects have a cn=
naming attribute.
An SGD object that represents a 5250 protocol
application running on an AS/400 host. 5250 Application
objects have a cn=
naming attribute.
A
Microsoft's implementation of LDAP directory services. Used to store information about the resources, services, and users across a Windows domain.
An SGD object used to represent an
Active Directory structure within the
SGD organizational hierarchy. Active Directory
Container objects have a cn=
naming
attribute.
Load balancing algorithms that measure the true load on application servers, using information provided by the SGD Enhancement Module.
Adaptive Internet Protocol. A proprietary protocol used by SGD software components. AIP optimizes the user experience by choosing the most efficient ways to transfer application display data and user input between client devices and SGD servers.
Advanced Linux Sound Architecture.
The situation where an authentication mechanism has found more than one match for a user and cannot distinguish between them without further information from the user.
An authentication mechanism where users can log in to SGD without supplying a user name or password. Anonymous user authentication is disabled by default.
American National Standards Institute.
Application programming interface.
A software program running in a web browser.
Dialog shown when a user clicks a webtop link to start an application.
The mechanism that determines which application server runs a user's application.
A networked device, such as a Windows 20008 server or Linux server, configured to run applications. Application servers are represented in the SGD datastore by an Application Server object.
An SGD object that represents an application
server used to run applications through SGD.
Application Server objects have a cn=
naming attribute.
A secure store of application server user names and passwords associated with user identities. Maintained so that application server authentication can proceed without prompting the user. Also called the password cache.
An application session begins when a user starts an application, and ends when the application exits. Information about an application session is stored in memory by the SGD server. Each application session is associated with a Protocol Engine.
The mechanism that determines which SGD server in the array manages the application session, and runs the Protocol Engine for a user's application.
A collection of SGD servers that share configuration information. The SGD servers in an array act together to enable users to see the same webtop, and resume their applications, whatever SGD server they log in to. Arrays of SGD servers provide scalability and redundancy.
Configures SOCKS proxy server usage, depending on the IP address of the client device.
A field in the Administration Console that indicates the origin of an object link. Assignment Types can be Direct, Indirect, or Multiple. See also direct assignment, indirect assignment, multiple assignment.
Automatic Terminal Recognition string. A sequence of bytes used to identify a smart card.
A named property of an object. Attributes may have zero or more values, as defined by the schema.
A file that defines how character attributes, such as bold and underline, are displayed in the SGD terminal emulators.
B
The ability to perform more than one SGD related task with a single instance of a tarantella command.
An SGD service that logs user session and application session information for an SGD server or an array of SGD servers.
C
See root certificate .
Client Access License. Used by Microsoft Windows Terminal Services.
Common Desktop Environment. A graphical user interface for UNIX desktops.
See client drive mapping.
A trusted issuer of SSL certificates.
Information supplied to a Certificate Authority, that is used to verify identity and generate an SSL certificate.
Common Gateway Interface. A specification for interfacing external applications with a web server.
An SGD object that represents a VT420, Wyse 60,
or SCO Console application. Character Application objects have
a cn=
naming attribute.
In cryptography, an algorithm for performing encryption and decryption.
A networked device, such as a Windows PC or Linux workstation, used to access an SGD server.
Enables users to access some or all of their client's drives, from an application running on an application server.
Settings for the SGD Client, including server URL, proxy settings, and mode of operation. The client profile is downloaded to the client device when a user connects to an SGD server.
See common name.
SGD terminal emulators support a palette of 16 colors. The color map is a file that defines the RGB values of these colors.
A name used to identify an entry in an LDAP directory. For example, the name of a person.
A serial port, in a Microsoft Windows environment.
A tool for SGD Administrators, useful for quickly adding new objects to an existing hierarchy, rather than creating a new hierarchy.
A short packet of data, used as an identification token. Some cookies are encrypted, to prevent forgery.
Central processing unit.
Common UNIX Printing System.
D
A service process on UNIX platform operating systems that runs in the background, rather than under the direct control of a user.
The process where SGD system data is copied from the primary server in an SGD array to the secondary servers in the SGD array.
The sum of all the information used by the various components
of SGD, including information about application
servers and users on the network, user session and application
session information, and organizational information. Organized
into namespaces, such as _ens
and
_dns
.
Definite Encoding Rules. A cryptographic format used for storing SSL certificate keys.
Data Encryption Standard. A cryptographic cipher.
Information encrypted with a user's private key and appended to a message to ensure the authenticity of the message. The digital signature can be verified using the user's public key. See also public key cryptography.
In the Administration Console, a one-to-one object link created using the Editable Assignments table. See also editable assignment.
A container object in SGD, similar to an Organization object, but does not include SGD-specific attributes or allow you to assign applications. Examples include a Domain Component object and an Active Directory Container object.
Services that store and manage the resources and users on a network. SGD uses the principles of directory services for object storage and management.
The ability to define webtops for users without requiring User Profile objects for those users in the SGD datastore. Instead, user information is kept in an external LDAP directory. Application objects in the SGD datastore define which LDAP users can see them on their webtop.
The process of resolving an ambiguous login.
An SGD software component that runs on a client device. Display Engines display applications to users and accept user input. They use AIP to communicate with Protocol Engines on SGD servers.
The name that uniquely identifies an entry in an LDAP directory.
Where print jobs are distributed across the array, avoiding bottlenecks and single points of failure. A user's print jobs are processed on the SGD server hosting the application session for the application you want to print from.
See distinguished name.
Domain Name System.
A unique name for a computer on a network, for example,
server.example.com
.
An SGD object that represents a document on the
web. Documents can be any URL, including OpenOffice documents,
or Adobe Acrobat files. A Document object can also refer to a
web application. Document objects have a
cn=
naming attribute.
An SGD object used to replicate a directory
structure, usually a Microsoft
Active Directory structure, within the
SGD organizational hierarchy. Domain Component
objects have a dc=
naming attribute.
E
In the Administration Console, a one-to-one object link that can be edited by an SGD Administrator. See also direct assignment.
In the Administration Console, a summary of the object links for the current object. Effective assignments can include both direct assignments and indirect assignments.
An optional SGD software component installed on an application server to provide additional SGD functionality, such as client drive mapping, audio, and advanced load balancing.
A set of system configuration values that can be accessed by a running program.
Enlightened Sound Daemon. A sound server for UNIX and Linux platforms that enables mixing of several digitized audio streams for playback by a single device.
See ESD.
Execution Protocol Engine.
An extension to the Tcl scripting language, typically used for interactive applications. The SGD login scripts are written in the Expect language.
The name by which an SGD server is known to a client device. An SGD server can have multiple external DNS names.
F
A short sequence of bytes used to authenticate or look up a public key.
Federal Information Processing Standards. Standards developed by the United States Federal government for use by non-military government agencies and government contractors.
Running SGD through a single open firewall port between client devices and SGD servers. Also known as firewall forwarding.
A program that makes fonts on a host available on a network.
The full name of a system, containing its host name and its
domain name. For example,
boston.example.com
, where
boston
is the host name of a server, and
example.com
is the domain name.
An unambiguous name used to specify an SGD
object. For example,
.../_ens/o=organization/ou=marketing/cn=Indigo
Jones
, specifies a User Profile object in
SGD.
G
A role object in the Tarantella System
Objects
organization, used to assign administrative
privileges to users.
A domain controller that contains attributes for every object in the Active Directory.
An SGD object that represents a collection of
applications or application servers. Each application or
application server in the group is called a
member. Group objects have a
cn=
naming attribute.
H
I
Internet Assigned Numbers Authority. Organization that allocates and manages IP addresses, domain names, and port numbers used by the Internet.
Independent Computing Architecture. A protocol used by Citrix Presentation Server to communicate with client devices.
See input method.
Input method editor. See input method.
In the Administration Console, an object link created by an LDAP search or by inheritance from another object.
The ability to define webtop content implicitly. Content is usually inherited from the parent object, but other objects can also be used.
A program that enable users to type in characters or symbols not found on their keyboard. On Microsoft Windows platforms, an IM is called an input method editor (IME).
Input/Output.
Internet Protocol address. A unique 32-bit numeric identifier for a computer on a network.
J
Java Archive.
Java Development Kit.
Java Desktop System.
Java Runtime Environment.
JavaServer Page.
A web server component that handles requests for JSP pages. SGD uses the Tomcat JSP container.
Java Secure Socket Extension. An implementation of SSL using Java technology.
Java Virtual Machine.
K
Key Distribution Center. Used by Kerberos authentication as part of the Active Directory authentication mechanism.
K Desktop Environment. An open source graphical user interface for UNIX and Linux platforms.
An authentication system used for Active Directory authentication.
A file that contains mapping information between keys on the user's client keyboard and keys on a terminal. Used with SGD terminal emulators.
A database of cryptographic keys. A keystore can contain both public keys and private keys.
SGD display mode where an application is displayed full-screen.
L
Lightweight Directory Access Protocol.
A set of LDAP objects organized in a logical and hierarchical manner.
An RFC2254-compliant search filter, used to select objects in an LDAP directory.
An RFC1959-compliant URL, used to select objects in an LDAP directory.
Lightweight Directory Access Protocol over SSL. Used for secure connections to an LDAP directory.
The mechanism that delivers the best possible user experience by choosing SGD servers and application servers linked by a fast network where possible.
A set of parameters that defines the user's language, country, and other location-specific preferences.
A store containing information about users, applications,
webtops, and application servers. Stored on the primary
SGD server and replicated to other
SGD servers in the array. Corresponds to the
_ens
namespace in the SGD
datastore. Can be managed using the Administration Console or
the tarantella commands.
A string used to configure error reporting to the SGD log files.
A script that runs on the SGD server when a user starts an application. Connects to the application server, supplies authentication credentials for that server, and starts the application.
Line Printer Daemon. A printing protocol used to provide print server functions to a UNIX or Linux platform system. Also known as LPR.
Line Printer Remote. See also LPD.
M
A constituent of a group or a role. In SGD, Group objects and Role objects contain one or more member objects. These are usually Application objects, User Profile objects, or Application Server objects.
In the Administration Console, an object link that has both direct assignment and indirect assignment sources. See also Assignment Type.
MultiplePlexing Protocol.
A feature of SGD that enables users to log in and display a full-screen desktop, without displaying an SGD webtop.
N
An identifier for a computer running Microsoft Windows. The NetBIOS name can be specified when Windows networking is installed or configured on the computer.
Network File System.
Network Interface Card.
Network Level Authentication. A network authentication protocol for authenticating to a Remote Desktop Session Host. NLA provides enhanced security by authenticating the user before establishing the connection to the host.
Network Time Protocol.
O
A self-contained entity, defined by a number of attributes and values. SGD objects have different types, such as X Application or Character Application. The available attributes for each type are defined by a schema.
An SGD object used to represent the top level of
an organizational hierarchy. Organization objects can contain
OU or User Profile objects. Organization objects have an
o=
naming attribute.
The collection of objects in the SGD datastore, descending from one or more Organization or Domain Component objects. Represents the collection of people, application servers, and applications within an organization.
An SGD object used to distinguish different
departments, sites, or teams in an organizational hierarchy.
Organizational Unit (OU) objects can be contained in an
Organization or Domain Component object. Organizational Unit
objects have an ou=
naming attribute.
Open Sound System. A standard interface for audio recording and reproduction in UNIX platform operating systems
P
Pluggable Authentication Modules.
In SecurID authentication, the combination of the PIN and the tokencode.
Short form of application server password cache.
Printer Command Language.
Pulse Code Modulation.
Personal Computer/Smart Card. A standard for interoperability of PCs, smart card readers, and smart cards.
Portable Document Format.
An SGD feature available for client devices with Adobe Reader software installed. Enables users to print to a PDF printer from their application, which either displays the file or prints using the Adobe Reader program on their client device.
The name by which an SGD server is known to other SGD servers in the same array.
Privacy-Enhanced Mail. Protocol based on public key cryptography.
Code supplied to a SecurID device using a key pad. Combined with a tokencode to form a passcode.
Public Key Cryptography Standards. Specifications produced by RSA Laboratories for public key cryptography.
Public Key Infrastructure. A security infrastructure based on public key cryptography.
The SGD server that acts as the authoritative source for global information, and maintains the definitive copy of the SGD datastore.
A number of print jobs placed in a storage area on disk.
In public key cryptography, a key that is only know by the recipient of a message. The private key can be used to decrypt messages and to create digital signatures.
An SGD software component that runs on an SGD server. Protocol Engines emulate native protocols such as X11 and RDP and communicate with application servers, sending display data using AIP to Display Engines on client devices. See also application session.
A server that acts as an intermediary between a client device and the Internet. The proxy server can provide access control and web request caching services.
In public key cryptography, a key that can be distributed to anyone. The public key can be used to encrypt messages and to verify digital signatures.
A cryptographic system using a pair of keys, a public key and a private key. The public key is used to encrypt messages and the private key is used to decrypt messages.
R
Random access memory.
Resize, Rotate, and Reflect Extension. An X extension used by SGD for multi-monitor support and dynamic resizing of application sessions.
Microsoft Windows software that enables client devices to run applications and access data on a networked Windows server. From Windows Server 2008 R2, Remote Desktop Services is the name for Terminal Services.
Remote Desktop Protocol. Protocol that allows a user to connect to a computer running Windows Terminal Services.
Another name for SGD printing from application servers using Windows Terminal Services.
In an LDAP directory, the part of a distinguished name that uniquely identifies a child entry for a common parent entry.
Microsoft Windows registry. On Windows client devices, a database of settings for the operating system.
A store containing user information.
The attribute of an application session that controls its lifetime. Defined on a per-application basis by an SGD Administrator, as either never resumable, resumable during the user session, or always resumable. See also resume and suspend.
To redisplay an application session that has been suspended. See also suspend.
Defines a color in the RGB color model. The amount of red, green, and blue in the color are indicated by a value from 0 to 255.
A feature of SGD that provides Microsoft Windows users with the same working environment, no matter which Microsoft Windows computer they use.
An object that defines the members and applications associated with a particular role in SGD. Currently, only one role is available, Global Administrators. This role defines the SGD Administrators.
A self-signed certificate issued by a root level Certificate Authority.
S
Software that enables a UNIX or Linux platform server to act as a file server for Windows client devices. Uses a variant of the SMB file sharing protocol.
Solaris Card Framework.
An SGD window display mode used for Windows applications. Causes an application's windows to behave in the same way as an application running on a Microsoft Windows application server, regardless of the user's desktop environment. Requires the SGD Enhancement Module.
An array member that is not the primary server. The primary server replicates information to secondary servers.
A connection between client device and SGD server that uses SSL to protect AIP traffic from eavesdropping, tampering, and forgery. Not related to HTTPS traffic.
Secure, encrypted, communication between SGD array members. Uses SSL.
An authentication mechanism developed by RSA Security to authenticate a user to a network resource.
AnSSL certificate signed by the person who created it.
A physical interface on a computer through which information is transferred one bit at a time.
Where possible, SGD runs an application on the same application server as the one used to run the previous application for the user. See also application load balancing.
The situation where a user logs in to an SGD server, but they already have a user session on another SGD server. The user session is transferred to the new SGD server and the old session ends.
Secure Global Desktop software.
An SGD user with permission to configure SGD settings and create and edit SGD objects, either using the Administration Console or the tarantella commands.
An SGD component that can be installed on client devices. The SGD Client maintains communication with the SGD server and is required to run applications.
A Java applet that downloads the SGD Client.
A collection of SGD software components that together provide SGD functionality.
A pre-built web server installed and configured along with the
SGD server Contains Apache,
mod_ssl
for HTTPS
support, and Tomcat for Java Servlet and
JSP support.
A collection of APIs that allow developers to build their own applications to work with SGD. The APIs can be used to authenticate users, launch applications, and interact with the SGD datastore.
Secure Hash Algorithm. In cryptography, an algorithm that computes a fixed-length representation of a message, called a message digest.
When an SGD Administrator displays and interacts with a user's application at the same time as the user.
Secret Key Identification. An authentication protocol where a shared secret is used to authenticate a connection.
A plastic card, about the size of a credit card, with an embedded microchip that can be loaded with data.
Authentication to a Windows application server by means of user data contained on a smart card.
Server Message Block.
Simple Object Access Protocol. A protocol for sending XML messages over computer networks using HTTP.
A protocol used by proxy servers to handle TCP connection requests from client devices inside a firewall.
Secure Shell. A secure network protocol for data exchange between two computers.
Secure Sockets Layer. A cryptographic protocol designed for secure Internet communications.
A digital passport that establishes credentials on the web. In SGD, allows client devices to trust the identity of an SGD server.
A connection between a client device and an SGD server that is not secured. This is the default connection mode when using SGD.
Alternative DNS name, other than the hostname, specified for an SGD server on an SSL certificate.
To pause an application session. A suspended application is not closed down, it can be resumed. See also resume.
A component of the SGD server that authenticates users against an external authentication service, such as a Windows domain or an LDAP directory, and determines a user's SGD user identity and user profile.
T
An SGD administration tool available from the command line. Used to control the SGD server and make configuration changes.
The Organization object in the SGD datastore that contains objects essential for smooth running and maintenance of SGD.
Tool Command Language. A scripting language developed by John Ousterhout. The SGD login scripts include some Tcl functions.
Transmission Control Protocol.
Transmission Control Protocol/Internet Protocol.
A program that runs on a graphical user interface and emulates a “dumb” video terminal. SGD includes terminal emulators for SCO Console, Wyse 60, and VT420 terminals.
Microsoft Windows software that enables client devices to run applications and access data on a networked Windows server. From Windows Server 2008 R2, Terminal Services is renamed Remote Desktop Services.
A component of the SGD server that trusts authentication information supplied by a third party and uses that information to automatically authenticate the user as an SGD user, allocating a user identity and a user profile.
A random number generated by a SecurID device. Combined with a PIN to form a passcode.
Users and a group (ttaserv) that must be set up on a system before SGD can be installed. These users and group own some SGD files and processes after installation.
U
Ultrix Communications Extensions.
User Datagram Protocol.
Universal Naming Convention.
A standard for universal character encoding. Provides the basis for processing, storage, and interchange of text data in any language.
Uniform Resource Locator.
The SGD concept of who a user is. A user identity can belong to one of a number of different namespaces. User identities are allocated by authentication mechanisms. The user identity can be the same as the user profile in some cases.
In Active Directory, the required
format for user names. The user principal name is in email
address format, for example,
indigojones@example.com
.
An SGD object that represents a user in an
organization. Can be used to give a user access to
applications. User Profile objects can have a
cn=
(common name), a
uid=
(user identification), or a
mail=
(mail address) naming attribute.
Begins when a user logs in to SGD, and ends when the user logs out. Information about a user session is stored in memory by the SGD server.
The mechanism that determines which SGD server in the array a user logs in to to display their webtop.
Coordinated Universal Time.
V
Hosting of multiple web servers on the same computer. Each web server has a different DNS name.
Virtual Memory System. Operating system originally developed for use on the VAX and Alpha family of computers from DEC.
Virtual server broker. Software used to obtain a list of application servers that can run an application. A VSB can be used to integrate SGD with Oracle Virtual Desktop Infrastructure.
W
Wide Area Network.
Web Application Archive.
A web page where users can run applications using SGD, view documents, and manage print jobs. Can be accessed using a web browser or the SGD Client.
The collection of applications and documents that appear on a user's webtop.
The ability to define webtop content implicitly. Content is usually inherited from the parent object, but other objects can also be used.
A hyperlink on an SGD webtop that the user clicks to starts an application.
The mode of operation of SGD where you use a browser to display the SGD webtop.
An SGD object that represents a Microsoft Windows
graphical application. Windows Application objects have a
cn=
naming attribute.
A logical group of computers running the Windows operating system.
A server in a Windows domain that hosts the Active Directory. The domain controller handles authentication of users and administration tasks.
In SGD, the protocol used to connect to an application server hosting a Microsoft Windows application.
Windows Internet Name Service.
X
See SSL certificate.
The process of forwarding, or tunneling, the windows of a remotely started X application to a client desktop.
Display protocol used for the X Window System.
An SGD object that represents an X11 graphical
application. X Application objects have a
cn=
naming attribute. See also
X11 protocol.
Access control mechanisms that control whether a client application can connect to an X server.
X Keyboard extension. An X extension used by SGD to provide enhanced keyboard support.
A distributed window system for UNIX platform operating systems, based on the X11 protocol. Also called X11, or X Windows.