Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Previous Next

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

Arrays

The Structure of an Array

Replicating Data Across the Array

Communication Between Array Members

Secure Intra-Array Communication

Managing Arrays and SGD Servers

Array Resilience

Configuring Arrays

Configuring Array Resilience

Load Balancing

User Session Load Balancing

Application Session Load Balancing

Application Load Balancing

Load Balancing Groups

How Application Load Balancing Works

How Advanced Load Management Works

Tuning Application Load Balancing

Editing Application Load Balancing Properties

SGD Web Server and Administration Console

Introducing the SGD Web Server

Securing the SGD Web Server

Using the Administration Console

Administration Console Configuration Settings

Securing Access to the Administration Console

Monitoring and Logging

The SGD Datastore

User Sessions and Application Sessions

Using Log Filters to Troubleshoot Problems With an SGD Server

Using Log Filters for Auditing

Using Log Filters to Troubleshoot Problems With Protocol Engines

SGD Web Server Logging

SGD Client Logging

SGD Server Certificate Stores

The CA Certificate Truststore

The Client Certificate Store

SGD Installations

About Your SGD Installation

Backing Up and Restoring an SGD Installation

Troubleshooting Arrays and Load Balancing

Troubleshooting Array Resilience

Troubleshooting Clock Synchronization Issues

Troubleshooting Advanced Load Management

SGD Uses Too Much Network Bandwidth

Users Cannot Connect to an SGD Server When It Is In Firewall Traversal Mode

Users Cannot Relocate Their Sessions

A.  Global Settings and Caches

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

SGD Installations

This section describes the files that are included in an SGD installation. Information on backing up and restoring your SGD installation is also included.

This section includes the following topics:

About Your SGD Installation

The standard installation directory for SGD is /opt/tarantella.

During SGD installation, you have the option of specifying a different installation directory.

You can find out your installation directory from the command line, as follows:

The SGD installation directory contains the following subdirectories:

The following sections describe the contents of each of these subdirectories, and what each subdirectory is used for.

See also Backing Up and Restoring an SGD Installation.

bin Directory

The bin directory contains the scripts, binaries, and server-side Java™ technology needed to run SGD.

etc Directory

The etc directory contains configuration files that control the behavior of SGD and applications displayed through SGD. It contains the subdirectories listed in the following table.

Subdirectory
Contents
etc/data
The following configuration files:

  • Character application object configuration files:

    • Attribute maps (attrmap.txt)

    • Color maps (colormap.txt)

  • Printing configuration files:

    • Host name maps (hostnamemap.txt)

    • Printer driver maps (default.printerinfo.txt)

    • Printer driver to printer type mappings (printertypes.txt)

    • Printer to user-friendly name mappings (printernamemap.txt)

  • RGB color names (rgb.txt)

  • Timezone configuration files

  • Supported CA certificates (cacerts.txt)
etc/data/keymaps
Keyboard map files.
etc/fonts
X Window System fonts and additional fonts installed with SGD.
etc/pkg
Information about installed SGD packages, for example version compatibility and dependencies.
etc/templates
A complete copy of the standard files that are installed in the etc/data directory and the var/serverresources directory.
lib Directory

The lib directory contains shared libraries used by the SGD server and shared libraries that you might need when installing the SGD Client on certain platforms.

var Directory

The var directory contains the files that are used by the web server and the files that the SGD server copies to other members of the array. The var directory contains many subdirectories, and the important ones are listed in the following table.

Subdirectory
Contents
var/docroot
The HTML pages used by the SGD web server.
var/tsp
Server SSL certificates, keys, and CA certificates.
var/ens
The local repository, containing the objects in the organizational hierarchy.
var/log
SGD server log files.
var/print
The print queue and First In First Out (FIFO).
var/serverresources/expect
SGD login scripts.
var/spool
Files on their way to the print queue.
webserver Directory

The webserver directory contains the scripts, binaries, and server-side Java technology needed to run the SGD web server, web services, and the webtop. The important subdirectories are listed in the following table.

Subdirectory
Contents
apache
All the files needed to configure and run the SGD web server.
tomcat
All the files needed to configure and run the Tomcat JSP technology and Java Servlet extension servlet container.
tomcat/tomcat-version/webapps/axis
Files needed to run SGD web services. The webtop uses web services.
tomcat/tomcat-version/webapps/sgd
Files needed to run the webtop, including the SGD Client.
tomcat/tomcat-version/shared/lib
tomcat/tomcat-version/shared/classes

Backing Up and Restoring an SGD Installation

This section describes how to back up an SGD installation, so that you can repair SGD in the event that a component or an entire installation becomes damaged.

Before using the procedures on this page, it is helpful if you are familiar with the layout of the SGD installation. See About Your SGD Installation.

This section includes the following topics:

How to Make a Full Backup of an SGD Installation

Before You Begin

To be able to restore an SGD installation or to be able to repair some individual SGD components, you need a full backup.

While making the backup, do not run any command-line tools or use the Administration Console. It is also best if you shut down the SGD server while making the backup. However, if this is not possible, do it when the server is least loaded.

  1. Log on as superuser (root) on the SGD host.

  2. Back up the SGD log files.

    # tarantella archive

  3. Back up the entire SGD installation directory on each SGD server in the array.

    See About Your SGD Installation for details of the SGD installation directory.

    SGD also uses the following configuration files, which only need to be backed up if you are using them and you have modified them:

    • The /etc/ttaprinter.conf file – This file contains the lpr defaults

    • The /etc/sdace.txt and /var/ace/data files – These files contain RSA SecurID settings

    • Web server password files – If you have created these files for use with the SGD web server, and they are stored outside the SGD installation directory

Restoring a Damaged SGD Component

For the purposes of restoring a damaged installation, SGD can be divided up into the following components:

The following sections describe how to back up each of these components.

Binaries, Scripts, and Template Files

The binaries, scripts, and template files are only modified as part of an installation, patch, or custom engineering work. These files do not change very often.

You can restore these files from a backup or another installation, as follows:

Login Scripts

The Login Scripts control the interaction between SGD and the application servers, for example, by logging a user in.

How you recover login scripts depends on whether or not you are using customized login scripts.

If you are not using customized login scripts, you can restore these files from another installation, a backup, or from the /opt/tarantella/etc/templates directory.

If you are using customized login scripts, you must only restore these files from a backup.

The login scripts are in the /opt/tarantella/var/serverresources/expect directory.

Server Configuration

Server configuration covers all the properties for an SGD server that are not shared with the other SGD servers in the array, such as the server DNS name and server tuning.

As this configuration is unique to a particular SGD host, it must only be restored from a backup taken from that host.

The server-specific configuration is in the /opt/tarantella/var/serverconfig/local directory.

If you are using SGD security services, you must also restore the following:

Global Configuration

Global configuration covers all the properties that are the same for all the SGD servers in the array, for example the names of the other array members.

To restore the global configuration for an SGD server, you must only restore from a backup of the primary SGD server.

The global configuration is in the /opt/tarantella/var/serverconfig/global directory.

The Local Repository

The local repository, formerly called the Enterprise Naming Scheme (ENS) datastore, is shared across all SGD servers in the array. This is the organizational hierarchy that contains all the information about users, applications, and application servers. This information changes very often.

Restore the local repository from the backup of the primary SGD server.

The local repository is in the /opt/tarantella/var/ens directory.

Automatic Log Archives

By default, SGD archives its log files each week at 4 a.m. on Sunday, using a cron job.

If the root user’s crontab becomes corrupt, or the archiving does not take place, use the tarantella setup command to restore the default setting, or to change the time and day that the archiving takes place.

The log files are archived under the /opt/tarantella/var/log directory.

SGD Printing

When you install SGD, it configures an SGD printer queue.

If the printer queue is not present, you can restore it using either of the following methods:

The printer queue is in the /opt/tarantella/var/print directory.

SGD Web Server, Web Services, and the Webtop

The configuration of the SGD web server, SGD web services, and the webtop is unique to a particular SGD host and must only be restored from a backup taken from that host.

The configuration for the SGD web server is in the /opt/tarantella/webserver/apache/apache-version directory. You might also have web server password files, which can be stored in other locations.

The configuration for SGD web services is in the /opt/tarantella/webserver/tomcat/tomcat-version directory.

The files used for the webtop are in the /opt/tarantella/webserver/tomcat/tomcat-version/webapps/sgd directory.

How to Do a Full Restore of an SGD Installation

Before You Begin

If you are unable to restore a damaged SGD component or you are unsure about the extent of the damage to your system, you must do a full restore of your SGD installation.

To do a full restore, you must have a full backup. See How to Make a Full Backup of an SGD Installation for details of how to back up an SGD installation.

Ensure that no users are logged in to the SGD server, and that there are no application sessions, including suspended application sessions, running on the SGD server.

  1. Log on as superuser (root) on the SGD host.

  2. Stop the SGD server.

  3. Uninstall SGD.

    # tarantella uninstall --purge

    Note - If this fails, you might have to manually remove the SGD package. Use the rpm -e tta command on Linux platforms, and the pkgrm tta command on Solaris OS platforms.

  4. Delete the SGD installation directory. 

    # rm -rf /opt/tarantella

  5. Reinstall SGD and any patches, if applicable.

    This installs the printer queue, rc scripts and package database.

  6. Stop the SGD server.

  7. Delete the SGD installation directory.

    # rm -rf /opt/tarantella

  8. Reinstate the SGD installation from the backup.

    Note - Make sure you restore from the server’s backup. Also, check that the DNS name of the host has not changed.

  9. Restart the SGD server.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next