Oracle® Secure Global Desktop Platform Support and Release Notes for Release 4.
Oracle® Secure Global Desktop: Platform Support and Release Notes for Release 4.7 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc.
Table of Contents Preface .............................................................................................................................................. v 1. Audience ............................................................................................................................... v 2. Document Organization .......................................................................................................... v 3. Documentation Accessibility ..................................
Oracle® Secure Global Desktop 2.4.4. X and Character Applications .................................................................................. 2.4.5. Virtual Desktop Infrastructure .................................................................................. 2.5. Removed Features ............................................................................................................ 2.5.1. Changes in the Next Release of SGD ....................................................................
Preface The Oracle Secure Global Desktop Platform Support and Release Notes for Release 4.7 provide information about the system requirements and support, and the new features and changes, for this version of Oracle Secure Global Desktop (SGD). This document is written for system administrators. 1. Audience This document is intended for new users of SGD. It is assumed that readers are familiar with Web technologies and have a general understanding of Windows and UNIX platforms. 2.
Conventions 5. Conventions The following text conventions are used in this document: Convention Meaning boldface Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary. italic Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values. monospace Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter.
Chapter 1. New Features and Changes This chapter describes the new features and changes in Oracle Secure Global Desktop (SGD) Release 4.70. 1.1. New Features in Release 4.70 This section describes the features that are new in the SGD 4.70 release. 1.1.1. Secure Installation by Default In previous releases of SGD, connections to SGD servers were secured as a post-installation task. In this release, connections to the SGD server can be made secure during installation.
Network Level Authentication Support for Windows Applications See the Enabling SGD Audio Services for more details of how to set up audio recording for Windows applications. 1.1.4. Network Level Authentication Support for Windows Applications This release supports the use of Network Level Authentication (NLA) using CredSSP, for authenticating Windows application users. Using NLA enables users to authenticate themselves before establishing a session on the Windows application server.
Default Connection Method Changes SGD keeps a record of the location of all SGD Clients that you have installed manually. Manual installation is now supported on Mac OS X platforms. Default log file locations have changed. On Windows platforms, output is logged to the user's application data folder. On UNIX, Linux, and Mac OS X platforms, output is now logged to the system log location. 1.2.2.
Changes to Display Attributes for Application Objects 1.2.6. Changes to Display Attributes for Application Objects Due to the new XPE implementation introduced in this release, the following display attributes are no longer supported: • RGB Database (--xpe-rgbdatabase). The XPE now has built-in support for X11 color names. • Euro Character (--euro). The euro character is now supported by default. • Keyboard Map: Locked (--lockkeymap). • Keyboard Map (--xpe-keymap).
Chapter 2. System Requirements and Support This chapter includes details of the system requirements and supported platforms for Oracle Secure Global Desktop (SGD) version 4.70. 2.1. SGD Server Requirements and Support This section describes the supported platforms and requirements for SGD servers. 2.1.1. Hardware Requirements for SGD Use the following hardware requirements as a guide and not as an exact sizing tool. For detailed help with hardware requirements, contact an Oracle sales office.
Supported Installation Platforms for SGD Operating System Supported Versions Oracle Solaris on x86 platforms Solaris 10 8/11 (update 10) Solaris 11 Solaris 108/11 (update 10) Trusted Extensions Solaris 11 Trusted Extensions Oracle Linux (32-bit and 64-bit) 5.7 5.8 6.2 6.3 Oracle products certified on Oracle Linux are also certified and supported on Red Hat Enterprise Linux due to implicit compatibility between both distributions.
Supported Upgrade Paths Edit the /etc/hosts file to remove this mapping, and add a new entry that maps the name of the SGD host to the network IP address of the SGD host. The SGD host name must not be mapped to the local loopback IP address. • When installing on Oracle Linux 6 platforms, choose the Desktop or Software Development Workstation package group. This ensures that the required packages for the default SGD webtop are installed.
Java Technology Version • Oracle Secure Global Desktop Software version 4.62.913 • Oracle Secure Global Desktop Software version 4.61.915 • Oracle Secure Global Desktop Software version 4.60.911 If you want to upgrade from any other version of SGD, contact Oracle Support. 2.1.4. Java Technology Version The following table shows the JDK versions included with SGD. SGD Version JDK Version 4.70 1.6.0_33 4.62 1.6.0_29 4.61 1.6.0_24 4.60 1.6.0_21 2.1.5.
Network Requirements # useradd -g ttaserv -s /bin/sh -d /home/ttaserv -m ttaserv # passwd -l ttasys # passwd -l ttaserv To check whether the ttasys and ttaserv user accounts are correctly set up on your system, use the following commands. # su ttasys -c "/usr/bin/id -a" # su ttaserv -c "/usr/bin/id -a" If your system is set up correctly, the command output should be similar to the following examples.
Clock Synchronization makes a secure connection on port 5307. After the connection is established, the connection is downgraded to a standard connection on port 3144. To run applications, SGD must be able to make TCP/IP connections to application servers.
SSL Support • Web server authentication (HTTP/HTTPS Basic Authentication), including public key infrastructure (PKI) client certificates 2.1.9.1. Supported Versions of Active Directory Active Directory authentication and LDAP authentication are supported on the following versions of Active Directory: • Windows Server 2003 • Windows Server 2003 R2 • Windows Server 2008 • Windows Server 2008 R2 2.1.9.2. Supported LDAP Directories SGD supports version 3 of the standard LDAP protocol.
Printing Support certificates that SGD supports. Additional configuration is required to support SSL certificates signed by an unsupported CA. Intermediate CAs are supported, but additional configuration might be required if any of the certificates in the chain are signed by an unsupported CA. SGD supports the use of external hardware SSL accelerators, with additional configuration.
Supported Client Platforms Supported Client Platform Supported Browsers Chrome 17 Microsoft Windows XP Professional SP3 (32-bit) Internet Explorer 7 Internet Explorer 8 Mozilla Firefox 3.6, 10.0.3:ESR, 11 Chrome 17 Oracle Solaris on SPARC platforms Mozilla Firefox 3.6, 10.0.3:ESR, 11 Solaris 10 8/11 (update 10), Solaris 11 Chrome 17 Oracle Solaris on x86 platforms Mozilla Firefox 3.6, 10.0.
Supported Client Platforms Java Plug-in software versions 1.6 and 1.7 are supported as a plug-in for Java technology. Note For details of known issues when using Java Plug-in software version 1.7, see knowledge document ID 1487307.1 on My Oracle Support (MOS). For best results, client devices must be configured for at least thousands of colors.
Supported Proxy Servers SGD Version Platforms No Longer Supported Ubuntu 8 Firefox 2 Internet Explorer 6 Safari 2 Safari 3 Java Plugin tool version 1.5 2.2.2. Supported Proxy Servers To connect to SGD using a proxy server, the proxy server must support tunneling. You can use HTTP, Secure (SSL) or SOCKS version 5 proxy servers. For SOCKS version 5 proxy servers, SGD supports the Basic and No Authentication Required authentication methods. No server-side configuration is required. 2.2.3.
SGD Gateway Requirements and Support 2.3. SGD Gateway Requirements and Support This section describes the supported platforms and requirements for the SGD Gateway. 2.3.1. Supported Installation Platforms for the SGD Gateway The supported installation platforms for the SGD Gateway host are shown in the following table.
SGD Server Requirements for the SGD Gateway SGD Version Platforms No Longer Supported 4.60 OpenSolaris (all versions) Red Hat Enterprise Linux 5.0 to 5.4 Solaris 10 OS up to, and including, 5/09 (update 7) SUSE Linux Enterprise Server 10 2.3.2. SGD Server Requirements for the SGD Gateway The following requirements apply for the SGD servers used with the SGD Gateway: • Secure mode. By default, the SGD Gateway uses secure connections to SGD servers. You must enable secure connections on your SGD servers.
Application Requirements and Support • SSL_RSA_WITH_RC4_128_SHA • TLS_RSA_WITH_AES_128_CBC_SHA • TLS_RSA_WITH_AES_256_CBC_SHA • TLS_DHE_RSA_WITH_AES_128_CBC_SHA • TLS_DHE_RSA_WITH_AES_256_CBC_SHA • TLS_DHE_DSS_WITH_AES_128_CBC_SHA • TLS_DHE_DSS_WITH_AES_256_CBC_SHA • SSL_RSA_WITH_3DES_EDE_CBC_SHA • SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA The following cipher suites are also supported, but must be configured by the user as shown in the Oracle Secure Global Desktop Gateway Admin
Supported Installation Platforms for the SGD Enhancement Module • X11 • HTTP • HTTPS • SSH at least version 2 • Telnet VT, American National Standards Institute (ANSI) • TN3270E • TN5250 2.4.2.
Microsoft Windows Remote Desktop Services 2.4.2.1. Virtualization Support The supported installation platforms for the SGD Enhancement Module are supported on a Type 1 (bare metal) hypervisor or a Type 2 (hosted) hypervisor, for example Oracle VM VirtualBox, VMWare, or Oracle VM Server for SPARC (previously called Sun Logical Domains or LDoms). Installation in zones is supported for Oracle Solaris platforms. SGD can be installed in the global zone, or in one or more non-global zones.
Microsoft Windows Remote Desktop Services • Windows 7 SP1 • Windows XP Professional SP3 On Windows 7 and Windows XP platforms, only full Windows desktop sessions are supported. Running individual applications is not supported. Seamless windows are also not supported. The features supported by SGD depend on whether you connect using RDP or Oracle VM VirtualBox RDP (VRDP), as shown in the following table. Table 2.1.
X and Character Applications 15-bit color depths are not supported. If this color depth is specified on the Remote Desktop Session Host, SGD automatically adjusts the color depth to 8-bit. 2.4.3.4. Encryption Level You can only use the Low, Client-compatible, or High encryption levels with SGD. SGD does not support the Federal Information Processing Standards (FIPS) encryption level. 2.4.3.5.
X and Character Applications • BLINK • DAMAGE • DEC-XTRAP • DOUBLE-BUFFER • Extended-Visual-Information • GLX • MIT-SCREEN-SAVER • MIT-SHM • MIT-SUNDRY-NONSTANDARD • NATIVE-WND • RDP • RECORD • RENDER • SCO-MISC • SECURITY • SGI-GLX • SHAPE • SYNC • TOG-CUP • X-Resource • XC-APPGROUP • XC-MISC • XFIXES • XFree86-Bigfont • XTEST • XTTDEV • KEYBOARD • RANDR • XINERAMA The following X extension is not supported: 23
Virtual Desktop Infrastructure • XVIDEO 2.4.4.3. Character Applications SGD supports VT420, Wyse 60, or SCO Console character applications 2.4.5. Virtual Desktop Infrastructure SGD uses a type of object called a dynamic application server to represent a virtual server broker (VSB). SGD uses the VSB to obtain a list of application servers that can run an application.
Changes in the Next Release of SGD • Keyboard Map (--keymap). This attribute is now only available using the command line. 2.5.1. Changes in the Next Release of SGD The following SGD features might not be available in the next release of SGD: • Supported client platforms and browsers: Ubuntu Linux10.04 and Mac OS X 10.6 may not be supported as client platforms. Support for Mac OS X 10.8 will be added in the next release. For browsers, Internet Explorer 7 may not be supported.
26
Chapter 3. Known Issues, Bug Fixes, and Documentation Issues This chapter contains information about known issues, bug fixes, and documentation issues for Oracle Secure Global Desktop (SGD). Details on providing feedback and reporting bugs are also included. 3.1. Known Bugs and Issues This section lists the known bugs and issues for the SGD 4.70 release. 3.1.1.
6937146 – Audio Unavailable for X Applications Hosted on 64-Bit Linux Application Servers 3.1.5. 6937146 – Audio Unavailable for X Applications Hosted on 64-Bit Linux Application Servers Problem: Audio might not play in X applications that are hosted on 64-bit Linux application servers. The issue is seen for X applications that are hard-coded to use the /dev/dsp or /dev/audio device, and the Audio Redirection Library (--unixaudiopreload) attribute is enabled. Cause: A known issue.
6962970 – Windows Client Device Uses Multiple CALs Solution: Update to the latest version of PCSC-Lite on the client device. 3.1.8. 6962970 – Windows Client Device Uses Multiple CALs Problem: A Windows client device is allocated multiple client access licences (CALs). A CAL is incorrectly allocated each time a Windows application is started. Cause: A known issue if the HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing key or any of its subkeys are missing from the Windows registry on a client device.
13117149 – Accented Characters in Active Directory User Names 3.1.13. 13117149 – Accented Characters in Active Directory User Names Problem: Active Directory authentication fails for user names that contain accented characters, such as the German umlaut character (ü). The issue has been seen when using Windows Server 2003 R2. The following error is shown in the log output when using the server/login/info log filter: javax.security.auth.login.
13971245 – Package Removal Issues on Oracle Solaris 11 Cause: A known issue with how SGD caches user credentials for certain configurations of Oracle VDI. Solution: On the SGD server, edit the application launch script at /opt/tarantella/webserver/ tomcat/tomcat-version/webapps/sgd/applicationLaunch/appLaunch.jsp. Locate the following statement, at line 484 in appLaunch.jsp: if (chosenCandidate.getUsername() == null) Edit the statement, to read as follows: if (chosenCandidate.
14021467 – Webtop Language Selection Issue • Import the web services SSL certificate for each Oracle VDI host into the certificate truststore on each SGD server. Depending on your configuration, the truststore is either the CA certificate truststore or a dedicated truststore. • Reconfigure the VDI broker to use the host names that appear in the web services SSL certificates. Change the preferredhosts and failoverhosts settings to use the new host names. 3.1.18.
14147506 – Array Resilience Fails if the Primary Server is Changed $ tarantella object edit --name obj --ntdomain east.example.com 3.1.20. 14147506 – Array Resilience Fails if the Primary Server is Changed Problem: Array resilience may fail if you change the primary server while the array is in a repaired state. The array is in a repaired state when the failover stage has completed.
14287730 – X Error Messages When Shadowing From the Command Line 3.1.24. 14287730 – X Error Messages When Shadowing From the Command Line Problem: Error messages similar to the following might be seen when shadowing an application session from the command line, using the tarantella emulatorsession shadow command. X Error: BadImplementation Request Major code 152 (RANDR) Request Minor code 8 () Error Serial #209 Current Serial #209 Shadowing works as expected, despite the error messages.
Bug Fixes in Version 4.70 Cause: The issue is caused by a change in system startup architecture introduced in Oracle Linux 6. This means that the required symbolic links are not created automatically when you install SGD. Solution: Add a symbolic link as follows: # ln -s /etc/init.d/sun.com-sgd-base /etc/rc3.d/S90sun.com-sgd-base 3.2. Bug Fixes in Version 4.70 The following table lists the significant bugs that are fixed in the 4.70 release. Table 3.1. Bugs Fixed in the 4.
Bug Fixes in Version 4.
Bug Fixes in Version 4.
Bug Fixes in Version 4.
Bug Fixes in Version 4.70 Reference Description 13596303 ESC: SGD TTATSC (VDI) SESSION APPEARS TO CRASH WHEN USING PIVOT TABLE IN MICROSOFT EXCEL 13583751 KEYSTORE GEN SCRIPT TEST FAILS ON SERVERRENAME OF EXISTING NODE 13582025 SGD BROKER LISTS APPLICATION SERVERS WHICH ARE DISABLED AS LAUNCH CANDIDATES 13525046 ENSURE ALL WINDOWS 2008 R2 AUDIO AND SESSION DIRECTORY CHANGES ARE IN 4.62 13524320 PORT 13422037 TO 4.7 (AGED PASSWORD HANDLER FAILS IN 4.
Bug Fixes in Version 4.70 Reference Description 13341364 DO NOT GET LOCKED OUT ERROR AFTER EXHAUSTING FAILED LOGIN ATTEMPTS 13257432 NO SGD CLIENT PANEL CONTROL IN UNITY DESKTOP ON UBUNTU 11.
Bug Fixes in Version 4.
Bug Fixes in Version 4.70 Reference Description 12307455 SUNBT7016266 DOC: PATH TO SGD WEBSERVICES.
Documentation Issues in Release 4.
Incorrect Windows Registry Key Path for Enhancement Module "When you install in secure mode, the installation program uses the tarantella security enable command to configure and enable secure connections automatically. Firewall forwarding is disabled, so the SGD server can be used with the SGD Gateway. See the Oracle Secure Global Desktop Administration Guide for Release 4.
Contacting Oracle Specialist Support • A brief description of the problem you would like assistance with. If your CSI is unknown, find the correct Service Center for your country (http://www.oracle.com/us/support/ contact-068555.html), then contact Oracle Services to open a non-technical service request (SR) to get your CSI sorted. Once you have your CSI, you can proceed to open your case through My Oracle Support.
46
