| Exit Print View | |
Oracle Secure Global Desktop Administration Guide for Version 4.6 |
|
|
|
|
Overview of Networks and Security
Connections Between Client Devices and SGD Servers
Configuring External DNS Names
Changing the Peer DNS Name of an SGD Server
Configuring Client Proxy Settings
Configuring Server-Side Proxy Servers
Firewalls Between Client Devices and SGD Servers
Firewalls Between SGD Servers and Application Servers
Secure Connections to SGD Servers
Enabling Secure Connections (Automatic Configuration)
Enabling Secure Connections (Manual Configuration)
Secure Connections and Security Warnings
Tuning Secure Connections to SGD Servers
Using External SSL Accelerators
Selecting a Cipher Suite for Secure Connections
3. Publishing Applications to Users
7. SGD Servers, Arrays, and Load Balancing
B. Secure Global Desktop Server Settings
When using SGD, client devices never connect directly to application servers. Instead they connect to SGD using Hypertext Transfer Protocol (HTTP) or HTTP over Secure Sockets Layer (HTTPS) and the SGD Adaptive Internet Protocol (AIP). SGD then connects to the application servers on the user’s behalf.
The following are the main network connections involved when using SGD:
Connections between client devices and SGD servers
Connections between SGD servers and application servers
Connections between SGD servers in an array
In a default SGD installation, most network connections are not secure. The following sections describe how you can secure these network connections.
Client devices makes the following connections to SGD servers:
HTTP connections. These are the connections to the SGD web server, used for SGD web services, authentication to SGD, and to display the webtop.
AIP connections. These are the connections between the SGD Client and an SGD server, used for displaying applications.
To secure these connections, configure the SGD web server to be a secure
(HTTPS) web server, and enable SGD security services. See 
Secure Connections to SGD Servers for details.
The SGD Secure Gateway can be used to provide an increased level of security between client devices and SGD servers. When you use the Gateway, client devices do connect directly to SGD. Instructions on how to install, configure, and use the SGD Gateway are included in the Oracle Secure Global Desktop 4.6 Gateway Administration Guide.
The connections between SGD servers and application servers are used to start applications on the application server, and to send and receive data from the application, such as key presses and display updates.
The level of security between SGD and your application servers depends on the types of application server and the protocols they use.
When connecting using the Telnet protocol or the rexec command, all communication and passwords are transmitted unencrypted.
For secure connections to UNIX or Linux system application servers, use Secure Shell
(SSH). SSH encrypts all communications between SGD hosts and encrypts passwords before they are
transmitted. See Using SSH.
By default, SGD secures X displays using X authorization to prevent users from accessing X displays they are not authorized to access.
Windows applications use the Microsoft Remote Desktop (RDP) protocol. This means that all communication is encrypted, and connections to Microsoft Windows application servers are secure.
The level of security depends on the type of web server used to host the web application, as follows:
HTTP web servers – All communication is unencrypted
HTTPS web server – All communication is encrypted
For secure connections to web application servers, use HTTPS web servers.
Connections between SGD servers are used to share static and dynamic data across
the array. See Replicating Data Across the Array for details of the information that is communicated on
these connections. In a standard installation, the data transmitted between the SGD servers in
an array is not encrypted. See Secure Intra-Array Communication for details on how to secure
these connections.
|
|
