Thursday Oct 31, 2013

What's New in SGD 5.1?

Oracle announced the latest version of Secure Global Desktop (SGD) this week with 3 major themes:

  • Support for Android devices;
  • Support for Desktop Chrome clients; 
  • Support for Oracle Unified Directory.

I'll talk about the new features in a moment, but a bit of context first:

Oracle SGD - what, how and why? 

Oracle Secure Global Desktop is Oracle's secure remote access product which allows users on almost any device, to access almost any type application which  is hosted in the data center, from almost any location. And it does this by sitting on the edge of the datacenter, between the user and the applications:


This is actually a really smart environment for an increasing number of use cases where:

  1. Users need mobility of location AND device (i.e. work from anywhere);
  2. IT needs to ensure security of applications and data (of course!)
  3. The application requires an end-user environment which can't be guaranteed and IT may not own the client platform (e.g. BYOD, working from home, partners or contractors).

Oracle has a a specific interest in this of course. As the leading supplier of enterprise applications, many of Oracle's customers, and indeed Oracle itself, fit these criteria.

So, as an IT guy rolling out an application to your employees, if one of your apps absolutely needs, say,  IE10 with Java 6 update 32, how can you be sure that the user population has this, especially when they're using their own devices? In the SGD model you, the IT guy, can set up, say, a Windows Server running the exact environment required, and then use SGD to publish this app, without needing to worry any further about the device the end user is using.

What's new? 

So back to SGD 5.1 and what is new there:

Android devices

Since we introduced our support for iPad tablets in SGD 5.0 we've had a big demand from customers to extend this to Android tablets too, and so we're pleased to announce that 5.1 supports Android 4.x tablets such as Nexus 7 and 10, and the Galaxy Tab.

Here's how it works, with screenshots from my Nexus 7: Simply point your browser to the SGD server URL and login;

Login Webtop

The workspace is the list of apps that the admin has deemed ok for you to run. You click on an application to run it (here's Excel and Oracle E-Business Suite):

E Business Suite

There's an extended on-screen keyboard (extended because desktop apps need keys that don't appear on a tablet keyboard such as ctrl, WIndow key, etc) and touch gestures can be mapped to desktop events (such as tap and hold to right click)

All in all a pretty nice implementation for Android tablet users.

Desktop Chrome Browsers

SGD has always been designed around using a browser to access your applications. But traditionally, this has involved using Java to deliver the SGD client component. With HTML5 and Javascript engines becoming so powerful, we thought we'd see how well a pure web client could perform with desktop apps. And the answer was, surprisingly well. So with this release we now offer this additional way of working, which can be enabled by a simple bit of configuration. Here's a Linux desktop running in a tab in Chrome.


And if you resize the browser window, the Linux desktop is resized by SGD too. Very cool!

Oracle Unified Directory

As I mentioned above, a lot of Oracle users already benefit from SGD. And a lot of Oracle customers use Oracle Unified Directory as their Enterprise and Carrier grade user directory. So it makes a lot of sense that SGD now supports this LDAP directory for both Authentication and as a means to determine which users get which applications, e.g. publish the engineering app to the guys in the Development group, but give everyone E-Business Suite to let them do their expenses.


With new devices, and faster 4G networking becoming more prevalent, the pressure for businesses to move to a increasingly mobile enterprise is stronger than ever. SGD is good for users, and even better for IT. By offering the user the ability to work from anywhere, and IT the control and security they need, everyone wins with SGD.

To try this for yourself, download SGD 5.1 (look under Desktop Virtualization Products) from the Oracle Software Delivery Cloud or if you're an existing customer, get it from My Oracle Support.


Monday Sep 23, 2013

Airbus and SGD

In case you missed this Press Release, I loved this story about how Oracle Secure Global Desktop makes the Airbus business fly ;-)

Friday Sep 13, 2013

Controlled Application Deployment with Secure Global Desktop

SGD is great for users because it allows them secure remote access from almost anywhere and any device.

So from my home Mac or PC, I can bring up a browser, login and run the apps that the sysadmin has published to me on my SGD Workspace:


This means I can get access to my business applications that are running in the data center. And when I have to dash off somewhere, I can continue from my iPad or my friends Windows laptop, rejoining the application session exactly where I left off. 

But SGD is great for administrators too, because it delivers complete control over which applications can be accessed by which users. This power works both ways in terms of:

  • Mass deployment of an application to a large group of users;
  • Precision deployment of an application to a specific group of users. 

Here's how:

Say I have created an application object in SGD which represents my E-Business Suite front-end and I now want to deploy this to all the guys in Sales. In my corporate directory I have a Sales group like this:

AD Users

 Then to assign my E-Business Suite object I use the SGD Administration Console to say that this app is assigned to the Sales Group:


Then next time my Sales team log in they get the E-Business Suite application in the workspace and they can launch it easily:

E-Business Suite

 Now how long did that take? ;-)

- FB 

Thursday Feb 21, 2008

Simple Web Server Authentication and SGD

Seems that a lot of people are interested in using Web Server Authentication.

A new article that concerns Basic HTTP Authentication and SGD has been posted to the SGD Wiki. Even if Basic HTTP authentication is not what you want, this article illustrates the principles around configuring SGD.

There's also a handy debugging tool (environment.jsp) that you can drop into the SGD webapp directory (/opt/tarantella/webserver/tomcat/\*/webapps/sgd) to find out what the web environment looks like.

Another article specifically about Sun Access Manager is also in the works.


Tuesday Dec 11, 2007

SGD 4.4 - Logging in, did something change?

Do you ever get that spooky feeling when you visit a place you've been before, but something is slightly different, and you can't put your finger on what has changed?
That's a bit like the login procedure for SGD 4.4.

In versions leading up to SGD 4.4, simply by hitting the http://servername/sgd URL you were delivered the SGD client in the form of a Java archive. This was before you had logged in.
Now with 4.4, you have to successfully login before you get the client.

If any of you have web applications that talk to SGD using its web services, this subtle change may mean you have to switch around a couple of calls. but this is covered on the SGD wiki

Wednesday Oct 17, 2007

Desktop Virtualization Podcasts

Sun is publishing a series of Desktop Virtualization Podcasts which are basically chat shows with different guests, talking about new developments in the space.

Check 'em out.


Monday Oct 15, 2007

Free SGD licenses for partners

A little known fact is that Partners of Sun that want to set up their own SGD server for demonstrations or internal use, can request free NFR (Not for Resale) license keys to do so.

If this is you, contact your local Sun partner manager to get a license key


Thursday Oct 11, 2007


Most of you may know this already but for those that don't, I thought I'd take a minute to explain a little about SGD and its place in the new VDI market....

Server Based Computing (SBC)

SGD was originally designed to allow people to run local and remote apps side by side in a hybrid desktop model. The remote applications were made to look like local ones (seamless windows), and behave like local ones (printing, filesystem access, audio, etc) but they were actually running on back end server platforms. And most SGD customers use multiple local and remote apps simultaneously, e.g. they'll have several windows open running a mix of Windows, Solaris, Linux, etc. apps

This approach solves issues of data security (lost laptops), manageability (apps live on servers in datacenter) and mobility (use any client from any network location). So administrators can decide which apps should be centrally located and which local on the users PC.

But what if you wanted to deliver not just the apps, but the whole desktop environment too? Well, some SGD users do this today when they publish a full Windows desktop or Gnome-session, say. But traditionally, these have been desktops delivered from Windows Terminal Servers or Solaris/Linux Servers. And the problem with Windows Terminal Server has been that some apps just don't work in a Windows server environment (e.g. they expect a unique IP address or global access to the registry/filesystem, because they were designed to run on a PC).

Virtual Desktop Infrastructure (VDI)

So what is usually meant by VDI is that the desktop environments (usually Windows desktop environments) are not running on servers, but running on Windows \*client\* OSes which are themselves running in individual virtual machines on a server. e.g. Windows XP or Windows Vista instances on, say, VMware ESX Servers.

This is interesting because those misbehaved apps now have a better chance of working because they are running on the platform for which they were designed, a Windows PC.

Now all we have to do is provide secure access to these desktops, and that's what SGD has been doing for years just like this...


So hopefully you can see that SGD is equally applicable for SBC and VDI.

One more thing: if the value you derive from SGD is proportional to the number of apps you access via it, should I pay as much when I use SGD in a VDI environment? After all I'm just delivering a single app - the Windows desktop.

Thankfully, those smart guys in Sun Marketing have delivered a new product for exactly this use case.

When you buy licenses for Sun xVM VDI Software you are allowed to use SGD or Sun Ray Software to deliver a single desktop environment per user.


Tuesday Jun 26, 2007

Real men use the command line

There are some nifty and good-looking admin tools out there for software products nowadays. But many sysadmins prefer the raw, unadulterated power of the good old command line interface.

The SGD command line interface is a powerful tool and it all begins with the "tarantella" command located under <install_dir>/bin.
The way it works is that there is a hierarchy of commands available from this top-level command.
At each level you can append "--help" to get a usage of the command at that level.

e.g. The top level command is:

[root@servername ~]# /opt/tarantella/bin/tarantella

Usage: tarantella <command> [<command-specific args>]

  Available commands:

  archive            Archives the server's log files
  array              Creates and manages arrays of Secure Global Desktop servers
  config             Edits array-wide and server-specific configuration
  emulatorsession    Lists and controls emulator sessions
  help               Displays this list of commands
  license            Adds, lists and removes Secure Global Desktop license keys
  object             Manipulates objects in the datastore
  passcache          Manipulates the password cache
  print              Controls Secure Global Desktop printing services
  query              Examines the server's log files
  restart            Restarts Secure Global Desktop services
  role               Configures role occupants and their extra webtop links
  security           Controls security services, manages certificates
  setup              Changes Setup options, restores original objects
  start              Starts Secure Global Desktop services
  status             Shows the current status of Secure Global Desktop array members
  stop               Stops Secure Global Desktop services
  tokencache         Manipulates the token cache
  tscal              Lists, frees and returns Terminal Services CALs
  uninstall          Uninstalls Secure Global Desktop from this host
  version            Displays versions of installed Secure Global Desktop packages
  webserver          Controls the Secure Global Desktop Web Server
  webtopsession      Lists and controls webtop sessions

  Use "tarantella  --help" to get help on a command.

Over the next few blog entries, Fat Bloke will share how he, as a real man, uses the SGD command line.

Friday May 11, 2007

4.31 is released!

A new updated release of SGD is now available!
Version 4.31 contains bug fixes and these new features:
- Support for UNIX audio apps
- Support for Vista as a server (think VDI)
- Support for Ubuntu as a client OS
- Changes to work better with ssh launches (should work out of box without needing ssh_config changes)
- The Mac OS X client is now a universal binary (native Power and Intel exe's)


Tuesday Jan 30, 2007

#5 - Client Drive Mapping for UNIX apps

Out of the box, SGD is pre-configured so that any remote apps you run cannot touch the drives on your client device, e.g. your Windows PC.
Reasons for this may be to protect against "contamination-in", where viruses, malware etc may be uploaded to your protected server-side apps.
Another reason may be to protect against "data leakage-out", where you don't want sensitive data leaking out of the internal network.

But at other times you really, really do want to open or save files to your local drives.
So it was great to see yet another cool feature appearing in the SGD 4.3 release, Client Drive Mapping for UNIX apps.

This means that I can run an app on a Solaris or Linux server, say StarOffice, and have that application "see" my local client's filesystem.

It works like this:

And here's how you set it up on the application server:

  1. Create a mount point:
     mkdir /smb
    chmod 755 /smb

  2. Export it:
    On Solaris you can add a line like this to /etc/dfs/dfstab
     share -F nfs -o rw -d "UNIX Drive Mapping" /smb 

  3. Restart NFS
    On Solaris 10:
    svcadm enable network/nfs/server

  4. Install the SGD Enhancement Module (tem) on the Solaris server:
    download it from http://yourservername/tarantella/cgi-bin/modules.cgi
  5. And start the drive mapping component:
    /opt/tta_tem/bin/tem startcdm 

The Administration Guide tells you how to set up the SGD server and how to control which users can/cannot use client drive mapping.

So the end result allows me to see something like this:

...which is me running StarOffice on Solaris 10 accessing files on my Mac OS X Desktop.
Pretty cool huh?
So it makes it into my Cool List at #5.

Wednesday Jan 03, 2007

#6 - Integrated Client Mode

Resuming my personal countdown of cool features in SGD 4.3.....

I guess the fact that you are reading these ramblings of Fat Bloke means that we share some knowledge of the world of server-based/thin client/virtual display computing. And you already know that by deploying your users' apps on servers it makes for a more secure, more manageable, more agile desktop approach. But what about the end-user experience?

End users can be demanding but on the whole they're a fairly simple bunch. They don't care about architectures, or security of the system, or load balancing, or even the platform of the applications they need to use. They simply want to be able to run their applications as if it were local.

And whilst previous versions of SGD addressed usability demands such as opening/saving docs to local disks, printing to local printers, and displaying windows in a seamless way, just like local apps, the new version takes integration with the client to a new level.

You see, in SGD 4.3, users can choose to have their remote apps appear in the Start Menu alongside their local apps.

And as these Start Menu items are simply links, they can be dragged onto the desktop for quick access too....

So that's why this feature makes it into my Top 10.


Wednesday Dec 06, 2006

Good things come to those who wait?

You can't rush a good pint or a software release, it seems.
At long last those patient SGD engineers have finally unveiled the latest model, Version 4.3.
So now you can not only read about What's New but you can go download it and try it too.

Tuesday Nov 28, 2006

Does size really matter when it comes to URLs?

I wonder...
In the mind of the reader, is there a relationship between the length of a URL and the perceived importance of a page?

For example, would a reader think that info on a page such as: more important to the business than info on:

Just a thought.

BTW Sun Secure Global Desktop now lives at ;-)


Fat Bloke


« June 2016