This section describes the supported platforms and requirements for SGD servers.
Use the following hardware requirements as a guide and not as an exact sizing tool. For detailed help with hardware requirements, contact an Oracle sales office.
The requirements for a server hosting SGD can be calculated based on the total of the following:
What is needed to install and run SGD
What is needed for each user that logs in to SGD on the host and runs applications
The following are the requirements for installing and running SGD:
2 GB of free disk space
2 GB of RAM
1 GHz processor
Network interface card
This is in addition to what is required for the operating system itself and assumes the server is used only for SGD.
The following are the requirements to support users who log in to SGD and run applications:
Minimum 50 MB for each user
50 MHz for each user
The actual CPU and memory requirements can vary significantly, depending on the applications used.
The following table lists the supported installation platforms for SGD.
Operating System | Supported Versions |
---|---|
Oracle Solaris on SPARC platforms | Solaris 10 8/11 (update 10) Solaris 11 Solaris 10 8/11 (update 10) Trusted Extensions Solaris 11 Trusted Extensions |
Oracle Solaris on x86 platforms | Solaris 10 8/11 (update 10) Solaris 11 Solaris 108/11 (update 10) Trusted Extensions Solaris 11 Trusted Extensions |
Oracle Linux (32-bit and 64-bit) | 5.7 5.8 6.2 6.3 |
Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions. Oracle does not run any additional testing on Red Hat Enterprise Linux products.
You might have to make some operating system modifications. Without these modifications, SGD might not install properly or operate correctly.
The following operating system modifications might be required for Oracle Solaris platforms:
You must install at least the End User Oracle Solaris distribution to get the libraries required by SGD. If you do not, SGD does not install.
The TCP Fusion feature of Oracle Solaris can cause problems with some local socket connections used by SGD. Disable the TCP Fusion feature before you install SGD, as follows:
Add the following line at the bottom of the
/etc/system
file.
set ip:do_tcp_fusion = 0x0
Reboot the server.
On Oracle Solaris 11 platforms, SGD assigns
administration privileges to the first entry in the
/etc/user_attr
file which has the
roles=root
attribute. Ensure that you
know the credentials for this Oracle Solaris user.
After installation, the SGD Administrator can be configured using the following command:
# tarantella object edit --name "o=Tarantella System Objects/cn=Administrator" \ --useruser-name
--surnamefamily-name
The following operating system modifications might be required for Oracle Linux platforms:
The default /etc/hosts
file for
Oracle Linux contains a single entry, which incorrectly
maps the host name of the SGD host to the
local loopback address, 127.0.0.1
.
Edit the /etc/hosts
file to remove
this mapping, and add a new entry that maps the name of
the SGD host to the network IP address of
the SGD host. The SGD host
name must not be mapped to the local loopback IP
address.
When installing on Oracle Linux 6 platforms, choose the Desktop or Software Development Workstation package group. This ensures that the required packages for the default SGD webtop are installed. Required packages include graphical administration tools, and X clients such as xterm and gnome-terminal.
Alternatively, you can choose another package group during installation and use the Customize Now option to add the required packages from the Desktops category.
The following modifications are required to support 5250 and 3270 applications:
Linux platforms. The
libXm.so.3
library is required.
This library is available in the OpenMotif 2.2 package.
Solaris 11 platforms.
Install the motif
package, as
follows:
# pkg install motif
The supported installation platforms for SGD are supported on a Type 1 (bare metal) hypervisor or a Type 2 (hosted) hypervisor, for example Oracle VM VirtualBox, VMWare, or Oracle VM Server for SPARC (previously called Sun Logical Domains or LDoms).
Installation in zones is supported for Oracle Solaris platforms. SGD can be installed either in the global zone, or in one or more non-global zones. Installation in both the global zone and a non-global zone is not supported.
On Oracle Solaris Trusted Extensions platforms, you must install SGD in a labeled zone. Do not install SGD in the global zone.
The following table shows the SGD installation platforms that have been retired.
SGD Version | Platforms No Longer Supported |
---|---|
4.70 | Red Hat Enterprise Linux 5.5, 5.6 Oracle Enterprise Linux 5.5, 5.6 Oracle Solaris 10 up to, and including, Solaris 10 9/10 (update 9) |
4.60 | OpenSolaris (all versions) Red Hat Enterprise Linux 5.0 to 5.4 Solaris 10 OS up to, and including, Solaris 10 5/09 (update 7) SUSE Linux Enterprise Server 10 |
Upgrades to version 4.70 of SGD are only supported from the following versions:
Oracle Secure Global Desktop Software version 4.62.913
Oracle Secure Global Desktop Software version 4.61.915
Oracle Secure Global Desktop Software version 4.60.911
If you want to upgrade from any other version of SGD, contact Oracle Support.
The following table shows the JDK versions included with SGD.
SGD Version | JDK Version |
---|---|
4.70 | 1.6.0_33 |
4.62 | 1.6.0_29 |
4.61 | 1.6.0_24 |
4.60 | 1.6.0_21 |
To install SGD, you must have superuser (root) privileges.
The system must have ttaserv
and
ttasys
users and a ttaserv
group before you can install SGD.
The ttasys
user owns all the files and
processes used by the SGD server. The
ttaserv
user owns all the files and processes
used by the SGD web server.
The SGD server does not require superuser (root)
privileges to run. The SGD server starts as the
root user and then downgrades to the ttasys
user.
If you try to install the software without these users and group in place, the installation program stops without making any changes to the system and displays a message telling you what you need to do. The message includes details of an install script that you can run to create the required users and group.
If you need to create the required users and group manually, the following are the requirements:
The user names must be ttaserv
and
ttasys
.
The group name must be ttaserv
.
You can use any user identification number
(UID
) or group ID
(GID
) you want. The
UID
and GID
can be
different.
Both users must have ttaserv
as their
primary group.
Both users must have a valid shell, for example /bin/sh.
Both users must have a writable home directory.
For security, lock these accounts, for example with the
passwd -l
command.
Create these users with the useradd and groupadd commands. For example:
# groupadd ttaserv # useradd -g ttaserv -s /bin/sh -d /home/ttasys -m ttasys # useradd -g ttaserv -s /bin/sh -d /home/ttaserv -m ttaserv # passwd -l ttasys # passwd -l ttaserv
To check whether the ttasys
and
ttaserv
user accounts are correctly set up on
your system, use the following commands.
# su ttasys -c "/usr/bin/id -a" # su ttaserv -c "/usr/bin/id -a"
If your system is set up correctly, the command output should be similar to the following examples.
uid=1002(ttaserv) gid=1000(ttaserv) groups=1000(ttaserv) uid=1003(ttasys) gid=1000(ttaserv) groups=1000(ttaserv)
You must configure your network for use with SGD. The following are the main requirements:
Hosts must have Domain Name System (DNS) entries that can be resolved by all clients.
DNS lookups and reverse lookups for a host must always succeed.
All client devices must use DNS.
When you install SGD, you are asked for the DNS name to use for the SGD server. The DNS name must meet the following requirements:
In a network containing a firewall, use the DNS name that the SGD host is known as inside the firewall.
Always use fully-qualified DNS names for the
SGD host. For example,
boston.example.com
.
The Oracle Secure Global Desktop Administration Guide for Release 4.7 has detailed information about all the ports used by SGD and how to use SGD with firewalls. The following information lists the common ports used.
Client devices must be able to make Transmission Control Protocol/Internet Protocol (TCP/IP) connections to SGD on the following TCP ports:
80 - For HTTP connections between client devices and the SGD web server. The port number can vary depending on the port selected on installation.
443 - For HTTP over Secure Sockets Layer (HTTPS) connections between client devices and the SGD web server.
3144 - For standard (unencrypted) connections between the SGD Client and the SGD server.
5307 - For secure connections between the SGD Client and the SGD server. Secure connections use Secure Sockets Layer (SSL).
For a default installation in secure mode, where you enable SGD security services and use HTTPS, only ports 443 and 5307 must be open in the firewall.
For an installation in standard mode, where connections are not secured, ports 80, 3144, and 5307 must be open in the firewall. This is because the SGD Client initially makes a secure connection on port 5307. After the connection is established, the connection is downgraded to a standard connection on port 3144.
To run applications, SGD must be able to make TCP/IP connections to application servers. The types of applications determine the TCP ports that must be open, for example:
22 – For X and character applications using Secure Shell (SSH)
23 – For Windows, X, and character applications using Telnet
3389 – For Windows applications using Windows Remote Desktop Services
6010 and above – For X applications
In SGD, an array is a collection of SGD servers that share configuration information. As the SGD servers in an array share information about user sessions and application sessions, it is important to synchronize the clocks on the SGD hosts. Use Network Time Protocol (NTP) software or the rdate command to ensure the clocks on all SGD hosts are synchronized.
The SGD web server consists of an Apache web server and a Tomcat JavaServer Pages (JSP) technology container preconfigured for use with SGD.
The SGD web server consists of several components. The following table lists the web server component versions for recent releases of SGD.
Component Name | SGD Version 4.70 | SGD Version 4.62 | SGD Version 4.61 | SGD Version 4.60 |
---|---|---|---|---|
| 2.2.22 | 2.2.21 | 2.2.17 | 2.2.16 |
| 1.0.0.j | 1.0.0.e | 1.0.0.d | 1.0.0a |
| 1.2.37 | 1.2.32 | 1.2.31 | 1.2.27 |
| 7.0.29 | 6.0.33 | 6.0.32 | 6.0.29 |
| 1.4 | 1.4 | 1.4 | 1.4 |
The Apache web server includes all the standard Apache modules as shared objects.
The minimum Java Virtual Machine (JVM) software heap size for the Tomcat JSP technology container is 256 megabytes.
The following are the supported mechanisms for authenticating users to SGD:
Lightweight Directory Access Protocol (LDAP) version 3
Microsoft Active Directory
Network Information Service (NIS)
RSA SecurID
Web server authentication (HTTP/HTTPS Basic Authentication), including public key infrastructure (PKI) client certificates
Active Directory authentication and LDAP authentication are supported on the following versions of Active Directory:
Windows Server 2003
Windows Server 2003 R2
Windows Server 2008
Windows Server 2008 R2
SGD supports version 3 of the standard LDAP protocol. You can use LDAP authentication with any LDAP version 3-compliant directory server. However, SGD only supports the following directory servers:
Oracle Internet Directory 11gR1 (all 11.1.1.x.0 releases)
Oracle Directory Server Enterprise Edition version 11gR1
Microsoft Active Directory, as shown in Section 2.1.9.1, “Supported Versions of Active Directory”
Sun Directory Server 6.3 or later
Other directory servers might work, but are not supported.
Novell eDirectory is no longer supported as an LDAP directory server.
SGD supports TLS version 1.0 and SSL version 3.0.
SGD supports Privacy Enhanced Mail (PEM) Base 64-encoded X.509 certificates. These certificates have the following structure:
-----BEGIN CERTIFICATE-----
...certificate
...
-----END CERTIFICATE-----
SGD supports the Subject Alternative Name
(subjectAltName
) extension for SSL
certificates. SGD also supports the use of the
*
wildcard for the first part of the domain
name, for example *.example.com
.
SGD includes support for a number of Certificate
Authorities (CAs). The
/opt/tarantella/etc/data/cacerts.txt
file
contains the X.500 Distinguished Names (DNs) and MD5 signatures
of all the CA certificates that SGD supports.
Additional configuration is required to support SSL certificates
signed by an unsupported CA. Intermediate CAs are supported, but
additional configuration might be required if any of the
certificates in the chain are signed by an unsupported CA.
SGD supports the use of external hardware SSL accelerators, with additional configuration.
SGD supports the following cipher suites:
RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_3DES_EDE_CBC_SHA
RSA_WITH_RC4_128_SHA
RSA_WITH_RC4_128_MD5
RSA_WITH_DES_CBC_SHA
SGD supports two types of printing: PDF printing and Printer-Direct printing.
For PDF printing, SGD uses
Ghostscript
to convert print jobs into Portable Document Format (PDF) files.
Your Ghostscript distribution must include the
ps2pdf
program. For best results, install
the latest version of Ghostscript on the SGD host.
SGD supports Printer-Direct printing to PostScript,
Printer Command Language (PCL), and text-only printers attached
to the user's client device. The SGD
tta_print_converter
script performs any
conversion needed to format print jobs correctly for the client
printer. The tta_print_converter
script
uses Ghostscript to convert from Postscript to PCL. To support
this conversion, Ghostscript must be installed on the
SGD server. For best results, download and install
the additional fonts.
Ghostscript is not included with the SGD software.