| Exit Print View | |
Oracle Secure Global Desktop Administration Guide for Version 4.6 |
|
|
|
|
3. Publishing Applications to Users
Configuring Windows Application Objects
Creating Windows Application Objects on the Command Line
Configuring Microsoft Windows Terminal Services for Use With SGD
Licensing Microsoft Windows Terminal Services
Microsoft Windows Remote Desktop
Key Handling for Windows Terminal Services
Returning Client Device Information for Windows Terminal Services Sessions
Running Windows Applications on Client Devices
Configuring X Application Objects
Configuring Character Application Objects
Terminal Emulator Keyboard Maps
Terminal Emulator Attribute Maps
Integrating SGD With Oracle VDI
Enabling X11 Forwarding for X Applications
Using SSH and the X Security Extension
Configuring Application Authentication
The Application Server Password Cache
Input Methods and UNIX Platform Applications
Adding Support for System Prompts in Different Languages
Using RSA SecurID for Application Authentication
Tips on Configuring Applications
Starting an Application or Desktop Session Without Displaying a Webtop
Using Multihead Or Dual Head Monitors
Improving the Performance of Windows Applications
Improving the Performance of Java Desktop System Desktop Sessions or Applications
Documents and Web Applications
An Application Exits Immediately After Starting
Applications Fail To Start When X Authorization Is Enabled
Applications Disappear After About Two Minutes
An Application Session Does Not End When the User Exits an Application
Users Can Start Applications With Different User Names and Passwords
Using Windows Terminal Services, Users Are Prompted for User Names and Passwords Too Often
Using Shadowing to Troubleshoot a User's Problem
A Kiosk Application Is Not Appearing Full-Screen
An Application's Animation Appears 'Jumpy'
Font Problems with X Applications
Display Problems With High Color X Applications
Clipped Windows With Client Window Management Applications
Display Update Issues When Shadowing Over a Low Bandwidth Connection
Troubleshooting Mouse Drag Delay Issues
Incorrect Time Zone Name Shown in Windows Applications
7. SGD Servers, Arrays, and Load Balancing
B. Secure Global Desktop Server Settings
This section contains tips on configuring applications and documents for use with SGD. This section includes the following topics:
Starting an Application or Desktop Session Without Displaying a Webtop
Improving the Performance of Java Desktop System Desktop Sessions or Applications
With SGD, you can start a single application or a full-screen desktop session without displaying the webtop. You can do this in any of the following ways:
Use My Desktop – My Desktop enables users to log in and display an application without displaying a webtop. Typically this is used for full-screen desktop applications. See Using My Desktop for details.
Use Integrated mode – Integrated mode adds links for running applications to the desktop Start or Launch menu on the client device. See Integrated Mode for more details.
Use SGD web services – Develop you own application for starting a single application. See Using SGD Web Services for more details.
You can use SGD web services to develop your own application launcher, to start a single application from a URL. You can use this method to start an application from a bookmark or a favorite. SGD provides an example application that shows what is possible using SGD web services.
The URL for using the SGD example application is:
http://server.example.com/sgd/launcher.jsp?o=application&u=username&p=password&e=true|false
where server.example.com is the name of an SGD server.
The URL has the following parameters:
|
Note - All of the parameters are optional.
For example, the following URL starts the Write-o-Win application using the configuration for the application object defined in the Administration Console.
http://server.example.com/sgd/launcher.jsp?o=Write-o-Win&u=indigo&p=purple&e=false
You can use multihead or dual head monitors with SGD. However, if any of your X applications are configured with a Window Type (--displayusing) setting of Client Window Management or Kiosk, you might have to change the application and monitor configuration to be able to use multiple monitors.
See also Configuring X Application Objects.
To configure multiple monitors to work with X applications that have a Window Type setting of Client Window Management or Kiosk, perform the following configuration steps:
Disable shared resources.
Configure the correct desktop size.
Set up the monitors.
SGD enables similar applications to share resources, to reduce memory overhead. This feature must be disabled for any applications that you want to display using multiple monitors.
In the Administration Console, go to the Performance tab for the application that is displayed on multiple monitors and deselect the Share Resources Between Similar Sessions check box.
Alternatively, use the following command:
$ tarantella object edit --name obj --share false
Repeat the configuration for each application that is displayed on multiple monitors.
You must ensure that the SGD server sends the client device enough space to display all the monitors on the desktop.
Note - This increases the amount of memory used on the client device and on the SGD server.
You must configure SGD so that it sends the size of the entire desktop area to the client device, and not just the size of the primary monitor. The size of the entire desktop area is shown by the “virtual screen” in the following diagram.
For example, if the dimensions of Monitor 1 in the diagram are 1200 x 768 and the dimension of Monitor 2 are 800 x 600, then the desktop size that needs to be configured is 2000 x 768.
In the Administration Console, go to the Protocol Engines -> X tab for the SGD server. For Client Window Size, type the dimensions in pixels of the virtual screen in the Maximum Height and Maximum Width fields.
Alternatively, use the following command:
$ tarantella config edit --array \ --xpe-cwm-maxwidth pixels --xpe-cwm-maxheight pixels
Repeat this configuration for each SGD server in the array.
X applications can be displayed in kiosk mode on a dual head monitor.
You configure kiosk mode display features with the <KioskArea> entry in the <localsettings> section of the client profile, profile.xml on the client device. If the <localsettings> section is not present in the client profile, create a new section.
The <KioskArea> entry defines the screen area used by kiosk mode. The available values are as follows:
virtual – Uses the virtual screen size. Both monitors are used.
0 – Uses the primary monitor only. This is the default value.
1 – Uses the secondary monitor only.
For example, to span the kiosk mode display across both monitors:
<KioskArea>virtual</KioskArea>
Set up the monitors so that all the secondary monitors are to the right of the primary monitor, as shown in the previous diagram.
You have to do this because the X server cannot handle negative screen coordinates.
When using Windows Terminal Services, the performance of Windows applications might be poor. This is caused by using animation effects and other presentation settings in the Windows session. Performance is affected because these features require more screen updates and can greatly increase the bandwidth used. The problem is more severe on slower connections.
The causes of these problems can include the following:
Animated mouse cursors
Mouse cursor shadows
Screensavers
Animated icons in the notification area
Animated images in programs
Animated wallpaper
Images used as wallpaper
Font smoothing
By default, the SGD Remote Desktop Client, ttatsc, enables all of these features except for font smoothing.
You can turn off presentation features by configuring one or more attributes for the Windows application object. The attributes you can configure are listed in the following table.
|
See also The SGD Remote Desktop Client.
This section includes some tips on how to get the best user experience when using SGD with Java Desktop System.
You can improve performance of Java Desktop System desktop sessions and applications in the following ways:
Configure the X application object for Java Desktop System
Disable some default Java Desktop System settings
For a Java Desktop System desktop session or application, ensure that you specify the correct command path for the X application object. Set the Application Command (--app) attribute to /usr/dt/config/Xsession.jds. Using a path of /usr/bin/gnome-session results in some Java Desktop System configuration parameters being lost and gives a poorer user experience.
To improve the display of animated effects, you can configure performance settings for
the X application object. See An Application's Animation Appears 'Jumpy'.
The performance of Java Desktop System desktop sessions and applications can be affected by animation effects and other default desktop settings. Performance is affected because these features require more screen updates and can greatly increase the bandwidth used. The problem is more severe on slower connections.
Performance can often be improved by turning off, or modifying, some of the following Java Desktop System desktop features:
Anti-aliased fonts
Large fonts
Login screen, splash screen, About screen, and Logout screen
Animations
Desktop applets
Showing window contents when dragging
Desktop wallpaper
Themes
A document object can refer to any URL. This can be any document on the web, including StarOffice software documents, or Adobe Acrobat files. A document can also refer to a web application.
As it is the user’s client device that actually fetches the URL, firewalls, or other security measures can prevent a user from accessing a document.
You can use SGD to access web applications. A web application is simply a web page, or any URL, that requires the user to supply a user name and password for access. To give users access to a web application, you create a document object that links to the URL of the web application.
Unlike passwords for application servers, SGD cannot cache the user names and passwords for accessing web applications. However, you can configure web server authentication, so that users can access SGD from a web application without having to log in again. Alternatively, you can authenticate SGD users to the web application.
When accessing web applications, use a secure (HTTPS) web server, so that all communication is encrypted using SSL before transmission.
This section describes how to configure application objects for use in a virtual classroom.
You can use SGD shadowing to create a virtual classroom, where the pupils in the classroom shadow an application being demonstrated by a teacher.
To be able to do this, you have to create a teacher’s application object and a classroom application object.
The teacher must start their application first, then the pupils start their classroom application to shadow the teacher. The classroom can only shadow Windows applications or X applications.
Only one person can use the teacher’s application at any one time. If more than one person starts the teacher’s application, the classroom shadows the application that was started last. For this reason, only give the teacher’s application to one user. If you have several teachers, create separate application objects for each of them.
The classroom application must have a color depth of at least 16-bit. The display size of the classroom application must be at least the size of the teacher’s application. For the best results, use an independent window for the classroom.
When the teacher starts their application, information is stored on the SGD server about which application can be shadowed by the classroom. This information is not copied to the other members of the array. This means that if the classroom application is started on a different SGD server to the teacher’s application, the classroom application fails because the information about which application can be shadowed is not available. You can use load balancing groups to guarantee that the teacher and classroom applications are started on the same SGD server. You must set the load balancing group for the application server and the SGD server. Otherwise, only use classroom shadowing in an SGD array containing a single SGD server.
See also Using Shadowing to Troubleshoot a User's Problem.
In the Administration Console, create a new Windows application object or X application object.
Go to the Launch tab and type one of the following in the Login Script field:
unixclass.exp – If the application is an X application
winclass.exp – If the application is a Windows application
Click Save.
Configure any other settings you want for the teacher’s application.
Click the Hosting Application Servers tab and select the application servers that can run the application.
On the Assigned User Profiles tab, assign the teacher’s user profile to the application.
In the Administration Console, create a new X application object.
Note - The classroom application is an X application, even if the teacher’s application is a Windows application.
The General tab is displayed.
Go to the Launch tab and configure the application as follows:
In the Application Command field, type /opt/tarantella/bin/bin/ttashadow.
In the Arguments For Command field, type -readonly -silent -pointer $SHADOWDISPLAY.
For the Connection Method, select the telnet option.
Select this option even if telnet is disabled for the SGD server.
In the Login Script field, type pupil.exp.
In the Environment Variables field, configure the MYCLASS variable.
The format is MYCLASS="name_of_teacher’s_application". For example, MYCLASS=".../_ens/o=applications/ou=Finance/cn=XClaim".
Click Save.
Go to the Presentation tab.
For Color Depth, select 16-bit - thousands of colors and click Save.
Configure any other settings you want for the classroom application.
Go to the Hosting Application Servers tab and select the application servers that can run the application.
The ttashadow application is only available on servers where SGD is installed.
Go to the Assigned User Profiles tab, assign the user profiles of all users in the class to the classroom application.
The configuration required for Common Desktop Environment (CDE) applications depends on whether you want to run a desktop session or an individual application.
For CDE desktop sessions configured with a Connection Method of ssh, problems can
occur when a user tries to exit from the CDE session. The CDE
session might hang, making it impossible to log out normally from the system.
See Using CDE and SSH.
To run a CDE desktop session through SGD, create an X application object with the settings shown in the following table.
|
To run a CDE application directly, rather than from the CDE Front Panel, create an X application object with the settings shown in the following table.
|
For CDE desktop sessions configured with a Connection Method of ssh, problems can occur when a CDE desktop user tries to exit from the CDE session. The CDE session might hang, making a proper logout from the system impossible.
The CDE session displays a TT_ERR_NO_MATCH error message.
The workaround for this issue is as follows:
Log in to the CDE host as superuser (root) and type the following commands:
# mkdir /etc/dt # mkdir /etc/dt/config # cp /usr/dt/config/sessionetc /etc/dt/config # cp /usr/dt/config/sessionexit /etc/dt/config # cp /usr/dt/config/sys.dtprofile /etc/dt/config # chgrp bin /etc/dt/config # chmod 555 /etc/dt/config/* # chown bin:bin /etc/dt/config/*
Add the following lines to the /etc/dt/config/sessionetc file:
if [ "$SSH_TTY" != "" ]
then
SSHPTTY=‘echo $SSH_TTY | cut -c6-15‘
ps -ef | grep -v grep | grep $SSHPTTY | grep Xsession | awk ’{print $3}’ >
/var/dt/tmp/$DTUSERSESSION/sshd_pid
fiAdd the following lines to the /etc/dt/config/sessionexit file:
if [ -f /var/dt/tmp/$DTUSERSESSION/sshd_pid ] then /bin/kill -HUP ‘/bin/cat /var/dt/tmp/$DTUSERSESSION/sshd_pid‘ /bin/rm /var/dt/tmp/$DTUSERSESSION/sshd_pid fi
Add the following line to the /etc/dt/config/sys.dtprofile file:
dtstart_session[0]="/usr/local/bin/ssh-agent /usr/dt/bin/dtsession"
You can use SGD to access X applications and character applications on a VMS application server.
To configure SGD to access applications on a VMS server, you have to perform the following configuration steps:
Configure the login script used for the application.
Configure the transport variable in the login script.
Disable X security.
See Disabling X Security.
The login script used for the X application or character application must be configured.
In the Administration Console, go to the Applications -> Launch tab for the application object you want to configure. In the Login Script box, type one of the following:
vms.exp – If telnet or ssh is selected as the Connection Method
vmsrexec.exp – If rexec is selected as the Connection Method
Alternatively, use the following command:
$ tarantella object edit --name obj --login vms.exp | vmsrexec.exp
By default, the vms.exp or vmsrexec.exp login scripts set the transport variable to TCPIP. This setting is correct for Digital Transmission Control Protocol/Internet Protocol (TCP/IP) stacks, including Ultrix Communications Extensions (UCX).
If you need to change this variable, edit the transport variable setting in the login script. The transport variable is set by the following entry in the login script:
set transport "TCPIP"
The login scripts are located in the /opt/tarantella/var/serverresources/expect directory.
To use VMS X applications, you must disable X security in SGD. This is because VMS does not support X authorization.
In the Administration Console, go to the Global Settings -> Security tab and deselect the X Authorization for X Display check box.
Alternatively, use the following command:
$ tarantella config edit --security-xsecurity 0
SGD uses the third-party emulator application, TeemTalk for Unix, for 3270 and 5250 applications. See the TeemTalk for Unix User’s Guides supplied with SGD for details.
The first time a user runs the 3270 or 5250 emulator, the tta3270.nv configuration file is created in the user’s home directory on the SGD server.
|
|