| Exit Print View | |
Oracle Secure Global Desktop Administration Guide for Version 4.6 |
|
|
|
|
3. Publishing Applications to Users
7. SGD Servers, Arrays, and Load Balancing
B. Secure Global Desktop Server Settings
An SGD object that represents a 3270 protocol application running on a mainframe host. 3270 Application objects have a cn= naming attribute.
An SGD object that represents a 5250 protocol application running on an AS/400 host. 5250 Application objects have a cn= naming attribute.
Microsoft’s implementation of 
LDAP directory services. Used to store information about the resources, services,
and users across a Windows domain.
An SGD object used to represent an Active Directory structure within the SGD organizational
hierarchy. Active Directory Container objects have a cn= naming attribute.
Load balancing algorithms that measure the true load on application servers, using information
provided by the SGD Enhancement Module.
Adaptive Internet Protocol. A proprietary protocol used by SGD software components. AIP optimizes the user experience by choosing the most efficient ways to transfer application display data and user input between client devices and SGD servers.
Advanced Linux Sound Architecture.
The situation where an authentication mechanism has found more than one match for a user and cannot distinguish between them without further information from the user.
An authentication mechanism where users can log in to SGD without supplying a user name or password. Anoymous user authentication is disabled by default.
American National Standards Institute.
Application programming interface.
A software program running in a web browser.
Dialog shown when a user clicks a webtop link to start an application.
The mechanism that determines which application server runs a user’s application.
A networked device, such as a Windows 2000 server or Linux server, configured
to run applications. Application servers are represented in the SGD datastore by an
Application Server object.
An SGD object that represents an application server used to run applications through SGD. Application Server objects have a cn= naming attribute.
A secure store of application server user names and passwords associated with user identities. Maintained so that application server authentication can proceed without prompting the user. Also called the password cache.
An application session begins when a user starts an application, and ends when
the application exits. Information about an application session is stored in memory by
the SGD server. Each application session is associated with a Protocol Engine.
The mechanism that determines which SGD server in the array manages the application
session, and runs the Protocol Engine for a user’s application.
A collection of SGD servers that share configuration information. The SGD servers in
an array act together to enable users to see the same webtop, and
resume their applications, whatever SGD server they log in to. Arrays of SGD
servers provide scalability and redundancy.
Configures SOCKS proxy server usage, depending on the IP address of the client device.
A field in the Administration Console that indicates the origin of an object
link. Assignment Types can be Direct, Indirect, or Multiple. See also direct assignment, indirect assignment,
multiple assignment.
Automatic Terminal Recognition string. A sequence of bytes used to identify a smart card.
A named property of an object. Attributes may have zero or more values, as defined by the schema.
A file that defines how character attributes, such as bold and underline, are
displayed in the SGD terminal emulators.
In Integrated mode operation, identification data submitted from the SGD Client to the SGD
server. Used by the authentication token authentication mechanism.
The ability to perform more than one SGD related task with a single
instance of a tarantella command.
An SGD service that logs user session and application session information for an SGD server or an array of SGD servers.
See root certificate.
Client Access License. Used by Microsoft Windows Terminal Services.
Common Desktop Environment. A graphical user interface for UNIX desktops.
See client drive mapping.
A trusted issuer of SSL certificates.
Information supplied to a Certificate Authority, that is used to verify identity and generate
an SSL certificate.
Common Gateway Interface. A specification for interfacing external applications with a web server.
An SGD object that represents a VT420, Wyse 60, or SCO Console application. Character Application objects have a cn= naming attribute.
In cryptography, an algorithm for performing encryption and decryption.
A networked device, such as a Windows PC or Linux workstation, used to access an SGD server.
Enables users to access some or all of their client’s drives, from an application running on an application server.
Settings for the SGD Client, including server URL, proxy settings, and mode of operation. The client profile is downloaded to the client device when a user connects to an SGD server.
See common name.
SGD terminal emulators support a palette of 16 colors. The color map is a
file that defines the RGB values of these colors.
A name used to identify an entry in an LDAP directory. For example, the name of a person.
A serial port, in a Microsoft Windows environment.
A tool for SGD Administrators, useful for quickly adding new objects to an existing hierarchy, rather than creating a new hierarchy.
A short packet of data, used as an identification token. Some cookies are encrypted, to prevent forgery.
Central processing unit.
Common UNIX Printing System.
A service process on UNIX platform operating systems that runs in the background, rather than under the direct control of a user.
The process where SGD system data is copied from the primary server in an
SGD array to the secondary servers in the SGD array.
The sum of all the information used by the various components of SGD, including information about application servers and users on the network, user session and application session information, and organizational information. Organized into namespaces, such as _ens and _dns.
Definite Encoding Rules. A cryptographic format used for storing SSL certificate keys.
Data Encryption Standard. A cryptographic cipher.
Information encrypted with a user’s private key and appended to a message to
ensure the authenticity of the message. The digital signature can be verified using
the user’s public key. See also public key cryptography.
In the Administration Console, a one-to-one object link created using the Editable Assignments
table. See also editable assignment.
A container object in SGD, similar to an Organization object, but does not include SGD-specific attributes or allow you to assign applications. Examples include a Domain Component object and an Active Directory Container object.
Services that store and manage the resources and users on a network. SGD uses the principles of directory services for object storage and management.
The ability to define webtops for users without requiring User Profile objects for those users
in the SGD datastore. Instead, user information is kept in an external LDAP directory. Application
objects in the SGD datastore define which LDAP users can see them on
their webtop.
The process of resolving an ambiguous login.
An SGD software component that runs on a client device. Display Engines display
applications to users and accept user input. They use AIP to communicate with
Protocol Engines on SGD servers.
The name that uniquely identifies an entry in an LDAP directory.
Where print jobs are distributed across the array, avoiding bottlenecks and single points of failure. A user’s print jobs are processed on the SGD server hosting the application session for the application you want to print from.
See distinguished name.
Domain Name System.
A unique name for a computer on a network, for example, server.example.com.
An SGD object that represents a document on the web. Documents can be any URL, including Sun StarOffice documents, or Adobe Acrobat files. A Document object can also refer to a web application. Document objects have a cn= naming attribute.
An SGD object used to replicate a directory structure, usually a Microsoft Active Directory
structure, within the SGD organizational hierarchy. Domain Component objects have a dc= naming attribute.
In the Administration Console, a one-to-one object link that can be edited by
an SGD Administrator. See also direct assignment.
In the Administration Console, a summary of the object links for the current
object. Effective assignments can include both direct assignments and indirect assignments.
An optional SGD software component installed on an application server to provide additional
SGD functionality, such as client drive mapping, audio, and advanced load balancing.
A set of system configuration values that can be accessed by a running program.
Enlightened Sound Daemon. A sound server for UNIX and Linux platforms that enables mixing of several digitized audio streams for playback by a single device.
See ESD.
Execution Protocol Engine.
An extension to the Tcl scripting language, typically used for interactive applications. The
SGD login scripts are written in the Expect language.
The name by which an SGD server is known to a client device. An SGD server can have multiple external DNS names.
A short sequence of bytes used to authenticate or look up a public key.
Federal Information Processing Standards. Standards developed by the United States Federal government for use by non-military government agencies and government contractors.
Running SGD through a single open firewall port between client devices and SGD servers. Also known as firewall forwarding.
A program that makes fonts on a host available on a network.
The full name of a system, containing its host name and its domain name. For example, boston.example.com, where boston is the host name of a server, and example.com is the domain name.
An unambiguous name used to specify an SGD object. For example, .../_ens/o=organization/ou=marketing/cn=Indigo Jones, specifies a User Profile object in SGD.
A role object in the Tarantella System Objects organization, used to assign administrative privileges to users.
A domain controller that contains attributes for every object in the Active Directory.
An SGD object that represents a collection of applications or application servers. Each
application or application server in the group is called a member. Group objects
have a cn= naming attribute.
Hypertext Markup Language. A document format used for web pages.
Hypertext Transfer Protocol.
Hypertext Transfer Protocol over Secure Sockets Layer.
Internet Assigned Numbers Authority. Organization that allocates and manages IP addresses, domain names, and port numbers used by the Internet.
Independent Computing Architecture. A protocol used by Citrix Presentation Server to communicate with client devices.
See input method.
Input method editor. See input method.
In the Administration Console, an object link created by an LDAP search or by inheritance from another object.
The ability to define webtop content implicitly. Content is usually inherited from the parent
object, but other objects can also be used.
A program that enable users to type in characters or symbols not found on their keyboard. On Microsoft Windows platforms, an IM is called an input method editor (IME).
The mode of operation of SGD where your applications are displayed in the desktop Start or Launch menu.
Input/Output.
Internet Protocol address. A unique 32-bit numeric identifier for a computer on a network.
Java Archive.
Java Development Kit.
Java Desktop System.
Java Runtime Environment.
JavaServer Page.
A web server component that handles requests for JSP pages. SGD uses the
Tomcat JSP container.
Java Secure Socket Extension. An implementation of SSL using Java technology.
Java Virtual Machine.
Key Distribution Center. Used by Kerberos authentication as part of the Active Directory
authentication mechanism.
K Desktop Environment. An open source graphical user interface for UNIX and Linux platforms.
An authentication system used for Active Directory authentication.
A file that contains mapping information between keys on the user’s client keyboard
and keys on a terminal. Used with SGD terminal emulators.
A database of cryptographic keys. A keystore can contain both public keys and private keys.
SGD display mode where an application is displayed full-screen.
Lightweight Directory Access Protocol.
A set of LDAP objects organized in a logical and hierarchical manner.
An RFC2254-compliant search filter, used to select objects in an LDAP directory.
An RFC1959-compliant URL, used to select objects in an LDAP directory.
Lightweight Directory Access Protocol over SSL. Used for secure connections to an LDAP
directory.
The mechanism that delivers the best possible user experience by choosing SGD servers and application servers linked by a fast network where possible.
A set of parameters that defines the user’s language, country, and other location-specific preferences.
A store containing information about users, applications, webtops, and application servers. Stored on the primary SGD server and replicated to other SGD servers in the array. Corresponds to the _ens namespace in the SGD datastore. Can be managed using the Administration Console or the tarantella commands.
A string used to configure error reporting to the SGD log files.
A script that runs on the SGD server when a user starts an application. Connects to the application server, supplies authentication credentials for that server, and starts the application.
Line Printer Daemon. A printing protocol used to provide print server functions to
a UNIX or Linux platform system. Also known as LPR.
Line Printer Remote. See also LPD.
A constituent of a group or a role. In SGD, Group objects and Role objects
contain one or more member objects. These are usually Application objects, User Profile
objects, or Application Server objects.
In the Administration Console, an object link that has both direct assignment and indirect assignment
sources. See also Assignment Type.
MultiplePlexing Protocol.
A feature of SGD that enables users to log in and display a full-screen desktop, without displaying an SGD webtop.
An identifier for a computer running Microsoft Windows. The NetBIOS name can be specified when Windows networking is installed or configured on the computer.
Network File System.
Network Interface Card.
Network Time Protocol.
A self-contained entity, defined by a number of attributes and values. SGD objects have different types, such as X Application or Character Application. The available attributes for each type are defined by a schema.
An SGD object used to represent the top level of an organizational hierarchy. Organization objects can contain OU or User Profile objects. Organization objects have an o= naming attribute.
The collection of objects in the SGD datastore, descending from one or more
Organization or Domain Component objects. Represents the collection of people, application servers, and
applications within an organization.
An SGD object used to distinguish different departments, sites, or teams in an organizational hierarchy. Organizational Unit (OU) objects can be contained in an Organization or Domain Component object. Organizational Unit objects have an ou= naming attribute.
Open Sound System. A standard interface for audio recording and reproduction in UNIX platform operating systems
Pluggable Authentication Modules.
In SecurID authentication, the combination of the PIN and the tokencode.
Short form of application server password cache.
Printer Command Language.
Pulse Code Modulation.
Personal Computer/Smart Card. A standard for interoperability of PCs, smart card readers, and smart cards.
Portable Document Format.
An SGD feature available for client devices with Adobe Reader software installed. Enables
users to print to a PDF printer from their application, which either displays
the file or prints using the Adobe Reader program on their client device.
The name by which an SGD server is known to other SGD servers in the same array.
Privacy-Enhanced Mail. Protocol based on public key cryptography.
Code supplied to a SecurID device using a key pad. Combined with a
tokencode to form a passcode.
Public Key Cryptography Standards. Specifications produced by RSA Laboratories for public key cryptography.
Public Key Infrastructure. A security infrastructure based on public key cryptography.
The SGD server that acts as the authoritative source for global information, and
maintains the definitive copy of the SGD datastore.
A number of print jobs placed in a storage area on disk.
In public key cryptography, a key that is only know by the recipient of a
message. The private key can be used to decrypt messages and to create
digital signatures.
An SGD software component that runs on an SGD server. Protocol Engines emulate
native protocols such as X11 and RDP and communicate with application servers, sending
display data using AIP to Display Engines on client devices. See also application session.
A server that acts as an intermediary between a client device and the Internet. The proxy server can provide access control and web request caching services.
In public key cryptography, a key that can be distributed to anyone. The public key
can be used to encrypt messages and to verify digital signatures.
A cryptographic system using a pair of keys, a public key and a private key.
The public key is used to encrypt messages and the private key is
used to decrypt messages.
Random access memory.
Microsoft Windows software that enables client devices to run applications and access data
on a networked Windows server. From Windows Server 2008 R2, Remote Desktop Services
is the name for Terminal Services.
Remote Desktop Protocol. Protocol that allows a user to connect to a computer
running Windows Terminal Services.
Another name for SGD printing from application servers using Windows Terminal Services.
In an LDAP directory, the part of a distinguished name that uniquely identifies a child
entry for a common parent entry.
Microsoft Windows registry. On Windows client devices, a database of settings for the operating system.
A store containing user information.
The attribute of an application session that controls its lifetime. Defined on a
per-application basis by an SGD Administrator, as either never resumable, resumable during the
user session, or always resumable. See also resume and suspend.
To redisplay an application session that has been suspended. See also suspend.
Defines a color in the RGB color model. The amount of red, green, and blue in the color are indicated by a value from 0 to 255.
A feature of SGD that provides Microsoft Windows users with the same working environment, no matter which Microsoft Windows computer they use.
An object that defines the members and applications associated with a particular role
in SGD. Currently, only one role is available, Global Administrators. This role defines the SGD Administrators.
A self-signed certificate issued by a root level Certificate Authority.
Software that enables a UNIX or Linux platform server to act as a
file server for Windows client devices. Uses a variant of the SMB file
sharing protocol.
Solaris Card Framework.
An SGD window display mode used for Windows applications. Causes an application’s windows
to behave in the same way as an application running on a Microsoft
Windows application server, regardless of the user’s desktop environment. Requires the SGD Enhancement Module.
An array member that is not the primary server. The primary server replicates information
to secondary servers.
A connection between client device and SGD server that uses SSL to protect
AIP traffic from eavesdropping, tampering, and forgery. Not related to HTTPS traffic.
Secure, encrypted, communication between SGD array members. Uses SSL.
An authentication mechanism developed by RSA Security to authenticate a user to a network resource.
AnSSL certificate signed by the person who created it.
A physical interface on a computer through which information is transferred one bit at a time.
Where possible, SGD runs an application on the same application server as the
one used to run the previous application for the user. See also application load balancing.
The situation where a user logs in to an SGD server, but they
already have a user session on another SGD server. The user session is transferred
to the new SGD server and the old session ends.
Oracle Secure Global Desktop software.
An SGD user with permission to configure SGD settings and create and edit
SGD objects, either using the Administration Console or the tarantella commands.
An SGD component that can be installed on client devices. The SGD Client maintains communication with the SGD server and is required to run applications.
A Java applet that downloads the SGD Client.
A collection of SGD software components that together provide SGD functionality.
A pre-built web server installed and configured along with the SGD server Contains
Apache, mod_ssl for HTTPS support, and Tomcat for Java Servlet and JSP support.
A collection of APIs that allow developers to build their own applications to
work with SGD. The APIs can be used to authenticate users, launch applications, and
interact with the SGD datastore.
Secure Hash Algorithm. In cryptography, an algorithm that computes a fixed-length representation of a message, called a message digest.
When an SGD Administrator displays and interacts with a user’s application at the same time as the user.
Secret Key Identification. An authentication protocol where a shared secret is used to authenticate a connection.
A plastic card, about the size of a credit card, with an embedded microchip that can be loaded with data.
Authentication to a Windows application server by means of user data contained on a smart card.
Server Message Block.
Simple Object Access Protocol. A protocol for sending XML messages over computer networks using HTTP.
A protocol used by proxy servers to handle TCP connection requests from client devices inside a firewall.
Secure Shell. A secure network protocol for data exchange between two computers.
Secure Sockets Layer. A cryptographic protocol designed for secure Internet communications.
A digital passport that establishes credentials on the web. In SGD, allows client devices to trust the identity of an SGD server.
A connection between a client device and an SGD server that is not secured. This is the default connection mode when using SGD.
Alternative DNS name, other than the hostname, specified for an SGD server on an
SSL certificate.
To pause an application session. A suspended application is not closed down, it
can be resumed. See also resume.
A component of the SGD server that authenticates users against an external authentication service, such as a Windows domain or an LDAP directory, and determines a user’s SGD user identity and user profile.
An SGD administration tool available from the command line. Used to control the SGD server and make configuration changes.
The Organization object in the SGD datastore that contains objects essential for smooth running and maintenance of SGD.
Tool Command Language. A scripting language developed by John Ousterhout. The SGD login scripts
include some Tcl functions.
Transmission Control Protocol.
Transmission Control Protocol/Internet Protocol.
A program that runs on a graphical user interface and emulates a “dumb” video terminal. SGD includes terminal emulators for SCO Console, Wyse 60, and VT420 terminals.
Microsoft Windows software that enables client devices to run applications and access data
on a networked Windows server. From Windows Server 2008 R2, Terminal Service is
renamed Remote Desktop Services.
A component of the SGD server that trusts authentication information supplied by a third party and uses that information to automatically authenticate the user as an SGD user, allocating a user identity and a user profile.
A store for tokens used by the authentication token authentication mechanism.
A random number generated by a SecurID device. Combined with a PIN to
form a passcode.
Users and a group (ttaserv) that must be set up on a system before SGD can be installed. These users and group own some SGD files and processes after installation.
Ultrix Communications Extensions.
User Datagram Protocol.
Universal Naming Convention.
A standard for universal character encoding. Provides the basis for processing, storage, and interchange of text data in any language.
Uniform Resource Locator.
The SGD concept of who a user is. A user identity can belong to one of a number of different namespaces. User identities are allocated by authentication mechanisms. The user identity can be the same as the user profile in some cases.
In Active Directory, the required format for user names. The user principal name is
in email address format, for example, indigojones@indigo.insurance.com.
An SGD object that represents a user in an organization. Can be used to give a user access to applications. User Profile objects can have a cn= (common name), a uid= (user identification), or a mail= (mail address) naming attribute.
Begins when a user logs in to SGD, and ends when the user logs out. Information about a user session is stored in memory by the SGD server.
The mechanism that determines which SGD server in the array a user logs
in to to display their webtop.
Coordinated Universal Time.
Hosting of multiple web servers on the same computer. Each web server has
a different DNS name.
Virtual Memory System. Operating system originally developed for use on the VAX and Alpha family of computers from DEC.
Wide Area Network.
Web Application Archive.
A web page where users can run applications using SGD, view documents, and manage print jobs. Can be accessed using a web browser or the SGD Client.
The collection of applications and documents that appear on a user’s webtop.
The ability to define webtop content implicitly. Content is usually inherited from the parent
object, but other objects can also be used.
A hyperlink on an SGD webtop that the user clicks to starts an
application.
The mode of operation of SGD where you use a browser to display
the SGD webtop.
An SGD object that represents a Microsoft Windows graphical application. Windows Application objects have a cn= naming attribute.
A logical group of computers running the Windows operating system.
A server in a Windows domain that hosts the Active Directory. The domain controller handles authentication
of users and administration tasks.
In SGD, the protocol used to connect to an application server hosting a Microsoft Windows application.
Windows Internet Name Service.
See SSL certificate.
The process of forwarding, or tunneling, the windows of a remotely started X application to a client desktop.
Display protocol used for the X Window System.
An SGD object that represents an X11 graphical application. X Application objects have
a cn= naming attribute. See also X11 protocol.
Access control mechanisms that control whether a client application can connect to an X server.
A distributed window system for UNIX platform operating systems, based on the X11 protocol.
Also called X11, or X Windows.
A feature of Solaris 10 OS that enables multiple virtual operating systems to be deployed on a single Solaris OS server.
|
|
