Friday Jan 22, 2016

Friday Spotlight: Patch Set Updates (PSUs) for Oracle Secure Global Desktop

Happy Friday, everyone!

Earlier this week we released an important set of Patch Set Updates (PSUs) for Secure Global Desktop (SGD) in parallel with Oracle's January 2016 Critical Patch Update (CPU).  PSUs are maintenance patch roll-ups, and include strategic security and stability fixes for identified maintenance platforms.

For SGD 5.2 release, support for following platforms has been added in this PSU:

  • Clients - Microsoft Windows 10
  • Applications servers - Microsoft Windows 10 and Oracle Linux 7

Patch Set Updates (PSUs) are available for download on My Oracle Support (MOS)

The following reference documentation includes detailed information regarding the content of these updates for various platforms, as well as instructions for procuring and installing the patches in existing SGD deployments:

  • SGD 5.2
  • SGD 4.71
  • SGD 4.63
  • Also announcing the availability of JVM Updates for all maintenance platforms of SGD.  The following reference documentation includes instructions for procuring and installing these updates within existing SGD deployments.

    The following link is SGD Release Announcement Reference: a one-stop-shop for the latest available updates for all versions of SGD!

    • Oracle Secure Global Desktop, Release Announcement Reference (Doc ID 1597467.1)

    Friday Dec 04, 2015

    Friday Spotlight: Patch Set Update (PSU) for Oracle Secure Global Desktop 5.2

    Happy Friday, everyone!

    The end of October during Oracle Open World, saw the release of the latest Patch Set Update (PSU) for Oracle Secure Global Desktop 5.2.  Like previous PSUs, it's a cumulative update containing

    • bug fixes

    • security updates and

    • enhancements

    Unlike other PSUs, it also contains two features

    • Option of delivering SGD client through Java Web Start and

    • Completely new client for Mac OS X

    These two features have been in development for a while and we thought it would be good to get them out to customers now, rather than waiting for the next full release of SGD.

    SGD has always had a zero-install client

    Point your browser to an SGD server and the client is started automatically; not by magic, but by a Java applet. The Java plug-in technology on which this relies has a long history, but a shorter future as it is not supported by many modern browsers (Chrome, Edge) and will be removed from others (Firefox) in the coming year. Java Web Start, on the other hand, does not use the Java plug-in and is unaffected by these browser changes. By offering Java Web Start as an alternative to the plug-in, SGD continues to provide a zero-install client that is always the latest and most secure available without complicated installation or upgrade procedures.  It also means no browser plug-ins are required.

    New client for Mac OS X

    The previous Mac client has its roots in X11 and you need XQuartz installed to use it.  The new client has lost that X11 heritage and instead uses standard Cocoa libraries, giving it a modern user interface and a few nice additions. An application menu to access event logs and connection information, integrated full screen mode, and copy & paste support extended to bitmaps. This new client also integrates well with Safari and Gatekeeper, providing a smooth user experience.

    Together, these are nice evolution to the SGD client.

    Patch Set Update (PSU) is available for download on My Oracle Support (MOS)

    • Patch Set Update for Oracle Secure Global Desktop 5.2 Patch ID 21620479 – Doc ID 2012596.1

    Sunday Oct 25, 2015

    Oracle Open World 2015 - Oracle Secure Global Desktop

    Hello all, 

    We are happy to welcome you all to our Oracle Linux, Oracle VM and OpenStack Showcase this year.  We are showcasing Oracle Secure Global Desktop product in the showcase area and also number of exciting sessions describing Oracle Secure Global Desktop and Oracle technology integration.

    Monday, Oct 26th

    • Conference Session:
      Private Cloud Appliance Roadmap and Insights from Engineering [CON8762]
      Mon Oct 26th, 12:15pm | Intercontinental - Intercontinental C (5th Floor)
    • Theatre Session:
      Secure Access to cloud-hosted Enterprise Applications and Desktops [THT11480]
      Mon Oct 26th, 04:30pm | Oracle Linux, Oracle VM, and OpenStack Showcase Theatre, Moscone South
    • Conference Session:
      Next-Generation Cloud Application Development with Oracle Linux, Docker, and Virtualization [CON9485]
      Mon Oct 26th, 05:15pm | Park Central - Metropolitan II

    Tuesday, Oct 27th

    • General Session:
      How Oracle Linux and Virtualization Power the Cloud [GEN9486]
      Tue Oct 27, 4:00 p.m. | Park Central—Metropolitan II

      Wednesday, Oct 28th

      • Conference Session:
        Building a Large-scale Cloud Infrastructure with Oracle VM and Oracle Linux [CON9487]
        Wed Oct 28th, 11:00am | Park Central - Metropolitan II

      We look forward to seeing you at OOW15.

      Thursday Oct 15, 2015

      OOW15: amitego AG Demonstrates VISULOX at Oracle Linux, Oracle VM and OpenStack Showcase

      We are happy to welcome amitego AG to our Oracle Linux, Oracle VM and OpenStack Showcase this year. They will be showcasing their product VISULOX in the showcase area but also provide insight into the product during theatre session listed below at Oracle OpenWorld on Oct 26-28.

      amitego AG
      is not new to Oracle Infrastructure products, nor to Oracle OpenWorld. Its mission is to make IT a safer place, by addressing secure access by privileged users, and this through its Remote Access Control and Management Solution Suite, VISULOX.

      VISULOX is based on the Oracle Secure Global Desktop Software, offering customers a flexible and powerful way to control and document all activities of the privileged users in the IT environment.  If you want to know more about the VISULOX and amitego, come to their theatre session:

      Title: VISULOX—Controlled Privileged Access to Cloud Services [THT11226]

      Speaker: Tillmann A. Basien, CEO, amitego Engineering GmbH

      • Monday, Oct 26, 1:30 p.m. | Oracle Linux, Oracle VM, and OpenStack Showcase Theater, Moscone South
      • Tuesday, Oct 27, 1:00 p.m. | Oracle Linux, Oracle VM, and OpenStack Showcase Theater, Moscone South

      amitego AG will also demonstrate their VISULOX product and show how easy it is to integrate without any modification to server or client, delivering a complete audit trail about who did what and when in the system. Including demos showing the user activities. Visit amitego AG at Oracle Linux, Oracle VM and OpenStack ShowcaseBooth 121, SLMoscone South, Kiosk: SLX-006.

      Thursday Apr 30, 2015

      ANNOUNCEMENT: Oracle Secure Global Desktop 5.2 now available!

      We are pleased to announce general availability of Oracle Secure Global Desktop 5.2.

      Oracle Secure Global Desktop (SGD) is a secure remote access solution for any cloud-hosted enterprise applications and desktops running on Microsoft Windows, Linux, Solaris and mainframe servers, from a wide range of popular client devices, including Windows PCs, Macs, Linux PCs, and tablets such as the Apple iPad and Android-based devices.  Oracle Secure Global Desktop gives users the ability to work securely from any device and anywhere, while providing administrators the tools they need to control access to applications and desktop environments resident in the data center.

      What's New in SGD Release 5.2

      • Monitoring with Oracle Enterprise Manager Cloud Control - This release delivers plug-ins to enable centralized monitoring of multi-server SGD deployment in Oracle Enterprise Manager.  These plug-ins monitor and analyze the health and performance of SGD servers and gateway servers.  For SGD servers, the plug-in captures various performance and configuration metrics such as array status, users and applications, data store objects, SGD system process, versions and patches.  For gateway servers, various performance and configuration metrics are captured, including connections being serviced, registered SGD servers, versions and patches.  Plug-in metrics data can be processed by reporting tools such as Oracle Business Intelligence Publisher.

      The image shows a sample SGD array monitoring page (click to view larger image)

      • Single Sign-On (SSO) integration with Oracle Access Manager - Enables instant access to applications, with a user entering credentials only once.  This release integrates Oracle Secure Global Desktop with Oracle Access Manager, enabling the Single Sign-On (SSO) feature of Oracle Access Manager to authenticate users to an SGD server and to remote applications started from the SGD workspace.  Single Sign-On enables SGD users to access multiple applications with a single login and greatly simplifies password management.

      • Role-based administration and enhancements - Provide flexible control over administration.  New roles for SGD administrators have been introduced that add different levels of administration privileges and access control to the SGD Administration Console.  New commands introduced in this release simplify the process of installing software updates (patches) for an SGD deployment.  The Administration Console can now be used, in addition to the command line, to join an SGD server to an array that uses secure intra-array communication.

      • PulseAudio integration - Prior to this release, the Unix audio solution worked with applications that used OSS on Linux or SADA on Solaris.  This release allows audio redirection from applications that use PulseAudio, increasing the range of audio applications supported by SGD.  Also, added support for audio input functionality on Unix brings the Unix audio feature set in line with that on Windows and allows applications compatible with OSS, SADA or PulseAudio to use audio input.

      • Enhanced security and performance/emulations improvements - In addition to new features and expanded server, client and browser support, this release also delivers enhance security and performance, and provide a richer user experience over a range of network conditions.
        • A Password Manager has been introduced to allow users control over caching of credentials, up to the level permitted by the administrator.
        • Greater control of autocomplete behavior is available in SGD web applications.  'Sensitive fields' always have autocomplete disabled and autocomplete can be disabled for non-sensitive fields on a per-application basis.
        • Improved security with HTTP proxies.  Proxy server support has been extended to negotiate, digest, and NTLM authentication when connecting to SGD through HTTP proxy servers.  This means that clients configured for Integrated Windows Authentication (IWA) can now be used.
        • Optimizations improve scrolling and responsiveness in X applications, benefiting high latency environments.
        • Improvements in the handling of RDP have reduced both CPU and bandwidth requirements for transferring data and have improved the user experience by increasing responsiveness and reducing tiling and tearing artefacts.

      Oracle Secure Global Desktop 5.2 maintains its 'slot-in' simplicity while integrating more closely with Oracle products, technologies and solutions such as Oracle Managed Cloud Services, Oracle Enterprise Manager Cloud Control, and, Oracle Access Manager.

      For more details refer to Oracle Secure Global Desktop release 5.2 documentation.

      Download and try it out to see how Oracle Secure Global Desktop helps solve your organization's cloud applications and desktops needs.

      Monday Apr 28, 2014

      Announcement: Patch Set Updates (PSUs) for Oracle Secure Global Desktop releases

      Oracle has released some important Patch Set Updates (PSUs) for Oracle Secure Global Desktop.  Oracle Secure Global Desktop team releases regular updates to make the overall user experience smoother and up-to-date.  Patch Set Updates (PSUs) are clusters of recommended stability, security, and/or performance patches that have been certified for an existing maintenance releases.

      Following links points to these PSUs for Oracle Secure Global Desktop releases, PSUs are available for download on My Oracle Support (MOS)

      Friday Mar 28, 2014

      Oracle Secure Global Desktop and Oracle VDI

      What is the relationship between these two products?  One view is that Secure Global Desktop (despite its name!) provides access to remote applications and VDI does the same for remote, virtual desktops (VMs).  A clean distinction, but slightly artificial: to Secure Global Desktop, a remote desktop, virtual or not, is really just a remote application.  There is little to differentiate the products when it comes to connectivity to remote desktops -  Secure Global Desktop has its native and HTML 5 clients, VDI has Sun Ray and OVDC, but both products connect to remote servers in the same way, typically using RDP.

      Where the products differ is in their scope.  Oracle VDI is a comprehensive solution that enables an administrator to create, store, manage and destroy VMs, as well as allowing users to connect to them.  Secure Global Desktop is simpler and restricts itself to connectivity to the VMs.

      So, do the products work together?  A most definite 'yes': use Secure Global Desktop for user connectivity and VDI for management of VMs.  In fact, Secure Global Desktop ships with a component specifically for communicating with VDI.  You can find full details at but we can do a short overview here.

      Firstly, a slight digression.  There are two main entry points to Secure Global Desktop.  The common approach is for users to log in through their browser and go to their Workspace (formerly known as their 'Webtop').  The Workspace presents all the applications that an administrator has published to the user as links and an application can be launched by clicking its link.  The second entry point is 'My Desktop'.  Here, a user logs in through the browser but, rather than going to the Workspace, a desktop is launched automatically.  Quite a good fit for delivering virtual desktops and the approach we will use in our example.

      Let us assume it is a clean installation of Secure Global Desktop.  The first task is for the Secure Global Desktop administrator to configure 'My Desktop' to talk to VDI.  The steps are:

      1. 'My Desktop' is a dynamic application object, meaning that it can map to one or more real application objects.  Since all the VM providers accessed through VDI emit RDP, we are interested in 'Windows Desktop' and not 'Unix Desktop'.  We delete the mapping to 'Unix Desktop', leaving a single mapping to 'Windows Desktop'.

      Next, we configure the 'Windows Desktop' application.  Traditionally, this would be done by assigning it an application server object that points to a real Windows server.  Here, we are going to use a dynamic application server.  It is 'dynamic' because it uses code (in this case, the VDI Broker) to define the server or servers, rather than a static setting for DNS name or IP-address.  So, next:

      2. We create the dynamic application server, set its 'Broker Class' to 'VDI Broker' and configure it with the particulars of our installation.  Configuration involves providing the URL for the VDI web services and, if they are secured with a certificate from an untrusted certificate authority, installing the certificate (or chain) into Secure Global Desktop.
      3. We assign this dynamic application server to 'Windows Desktop'

      That is the administrator's job done.  The user scenario is:

      - User clicks the 'My Desktop' link in the browser and authenticates.
      - The VDI broker code runs and gets a list of VMs available to the user.  If there is only one candidate VM, Secure Global Desktop connects the user directly to the virtual desktop.  If there are several, the user is given the option to select one before a connection is made.

      By using the VDI broker included in Secure Global Desktop, you can deliver virtual desktops to users through Secure Global Desktop and manage the desktops with VDI.  For users familiar with Secure Global Desktop, the desktop is just another application and they face no learning curve.  And administrators can continue to manage desktops through VDI, or even add desktops from other providers without changing the user experience.

      There are references to 'dynamic application server objects' and 'dynamic application objects' in this discussion.  These types of objects, along with some open interfaces, form the 'dynamic launch' feature in Secure Global Desktop. This feature is used to extend the product and the VDI Broker is an example of this extensibility - by simply implementing a public interface (see, the VDI Broker plugs into the Secure Global Desktop infrastructure and provides additional functionality. 

      Dynamic launch will be the topic of a later entry.

      Friday Mar 21, 2014

      Friday Spotlight: Oracle Secure Global Desktop 5.1

      Happy Friday, everyone! Our Friday Spotlight this week is a blog entry from the Oracle Secure Global Desktop engineering team, with some info on what they've been up to: 

      Hadn't noticed that this blog has been quiet for a while.  Time to catch-up!

      So, what's been happening with Oracle Secure Global Desktop recently?  The biggest event was the release Oracle Secure Global Desktop version 5.1 in November 2013.  This version builds on the tablet support for iPads introduced in version 5.0 and extends it to Android devices.  It also supports the use of the tablet client, using HTML 5 technology, in Chrome browsers.  The traditional Oracle Secure Global Desktop clients are not being neglected and a Patch Set Update was delivered in February 2014 to support their use in Internet Explorer 11.

      Talking of "Patch Set Updates", that's the other big, recent development.  In early 2014, we released 'tarantella patch' commands that can be retro-fitted to Long Term Support (LTS) maintenance releases of Oracle Secure Global Desktop and Oracle Secure Global Desktop Gateway to patch existing installations.  Using these commands, you can keep current with third-party components, like the JVM, and apply bug fixes to Oracle Secure Global Desktop.  It's not an alternative to upgrading to the latest version to get the latest features, but helps alleviate immediate problems until an upgrade can be scheduled.

      Finally, the other big change is the relationship between Oracle Secure Global Desktop and Oracle VDI, but that's a big topic that needs an entry to itself...

      We'll see you next week with another Friday Spotlight!

      Friday Dec 20, 2013

      Important Patch Set Updates (PSU) for Oracle Secure Global Desktop

      Oracle has released some important Patch Set Updates (PSUs) for Oracle Secure Global Desktop which customers should be aware of.

      These critical patch clusters are available for immediate download and installation, as described in the following version-specific announcements:

      Patch Set Updates are available for all active Long Term Support (LTS) maintenance releases, as enumerated within the Secure Global Desktop Release Announcement Reference (1597467.1).   No other versions of SGD are designated to receive a formal PSU.   Administrators of earlier releases—(i.e. 4.5, 4.60, 4.61, 4.62, or 4.70)—must move to a designated maintenance release in order to apply these comprehensive solutions.

      ACTION REQUIRED:  The Oracle Support team would like to stress the importance of the immediate consideration and installation of the December 2013 PSUs, as planned updates to the Java plug-in will adversely impact the user experience of all unpatched versions of Secure Global Desktop prior to Secure Global Desktop 5.10.

      These changes will require proactive action on behalf of SGD Administrators to prevent service interruption when the forthcoming updates planned for Java do arrive.

      Additional information regarding this particular scenario is described within a dedicated knowledge article:

      • Users Connecting to Secure Global Desktop are Presented with Dialog, "This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute."  (Doc ID 1594506.1)

      Friday Jul 05, 2013

      ANNOUNCEMENT: Oracle Secure Global Desktop 4.71 now available!

      We are pleased to announce the general availability of Oracle Secure Global Desktop version 4.71. This version includes several bug fixes and also updates to components of the Oracle Secure Global Desktop web server. Specifically, the Oracle Secure Global Desktop web server now supports Apache HTTP Server 2.2.24, OpenSSL 1.0.0.k, mod_jk 1.2.37, Tomcat 7.0.37 and JDK 1.6.0_43.

      For information on downloading Oracle Secure Global Desktop version 4.71, please visit here

      Wednesday Jun 12, 2013

      Oracle Secure Global Desktop Survey

      To help us design Oracle Secure Global Desktop better, we would like to collect feedback from our customers about their deployments with Oracle Secure Global Desktop via a short, simple 11 question survey. This survey is for those customers and partners who have deployed Oracle Secure Global Desktop in production environments and can be specific about the product features and/or product dependencies they find important and useful.

      We appreciate a few minutes of your time filling this survey out. Here is the link to the survey.

      Friday May 10, 2013

      Friday Tips #27

      Happy Friday! If you're been following this blog, you saw last week's tip on accessing applications and desktops with Oracle Secure Global Desktop over a cellular connection using just HTML5 on an iPad. This week's question concerns HTML5 in desktop browsers:

      Does Oracle have plans to support HTML5 when using desktop browsers for Oracle Secure Global Desktop?

      Answer by Mohan Prabhala, Product Management Director, Oracle:
      We can't discuss possible future directions. But if you want to get a feel for what it would be like to use Oracle Secure Global Desktop with HTML5 on a desktop browser (specifically the Chrome browser on a Mac, a Windows 7 PC, or a Linux based PC), you can try the following workaround.

      Please note: that the workaround below is provided AS-IS, is NOT a supported configuration, and, at Oracle's sole discretion, may not be supported within Oracle Secure Global Desktop. Accordingly, this workaround must NOT be used for production deployments.

      1) On the SGD server:

      vi /opt/tarantella/webserver/tomcat/7.0.37_axis1.4/webapps/sgd/WEB-INF/web.xml

      2) Inside the web.xml file you should see a parameter


      Change the param-value to “H5C”


      3) Restart the SGD server:

      /opt/tarantella/bin/tarantella restart

      That’s really it. Let us know what you think, either via your Oracle sales rep or via this blog or our Twitter and Facebook social media channels.

      Thank Mohan!

      We'll see you next time with another tip. Have a great week!


      Friday May 03, 2013

      Friday Tips #26

      Happy Friday! With the exciting release of Oracle Secure Global Desktop 5.0 this week, we though we'd do something a little different with our Friday tip.

      Since access via iPad with HTML5 is a big part of this release, a question that has come up a few times is what performance is like over cellular connections. So, we recorded some video of an iPad using an iPhone 5 on LTE as a mobile hotspot, connecting back to an Oracle Secure Global Desktop server. You can see the real world cellular performance in the video below:

      See you next week!


      Thursday May 02, 2013

      Oracle Secure Global Desktop 5.0 Certified with E-Business Suite 12!

      We are please to announce that Oracle Secure Global Desktop 5.0 is now certified for use with Microsoft Windows Server 2003 and 2008 virtual environments acting as desktop clients connecting to Oracle E-Business Suite Release 12 environments.  32-bit and 64-bit versions of Microsoft Windows Server are certified. These combinations may also be used in conjunction with Oracle VM, if required.

      Oracle E-Business Suite customers and partners may now use Oracle Secure Global Desktop as an access layer for Oracle Applications, knowing that Oracle certifies this particular scenario.  For more details, please refer to this Oracle E-Business Suite technology blog or My Oracle Support (Note 1491211.1)

      Tuesday Apr 30, 2013

      ANNOUNCEMENT: Oracle Secure Global Desktop 5.0 Supports iPad Using HTML5!

      Today, we are pleased to announce support for what has been one of Oracle Secure Global Desktop's most widely anticipated features - support for iPad via Oracle Secure Global Desktop version 5.0! Oracle Secure Global Desktop 5.0 provides anywhere access to cloud-hosted and on-premise enterprise applications and desktops (workspaces) from Apple iPad and iPad mini tablets, without the need for a VPN client. In addition, since we leverage HTML5 to provide browser-based access inside Apple iPad and iPad mini tablets, users need not download, maintain, configure and update specific client applications from the App Store.

      This new release delivers significant enhancements which provide simple mobile access, enhanced security, full user productivity, security enhancements, session mobility, improved performance and expanded server, client and browser support.

      • Simple Mobile Access: Users can login to the Oracle Secure Global Desktop 5.0 sessions and access all of their applications and data using the built-in mobile Safari web browser on iPad and iPad mini, without the need to establish a cumbersome VPN connection. Support for HTML5 enables a rich, browser-based user interface that provides simple, intuitive gestures and navigation, as well as extended keyboard capabilities, without the need for downloading or maintaining separate client applications. 
      • Full user productivity: For maximum productivity, copy and paste to and from applications, printing, and automatic session resizing (of the specific application or desktop running in the cloud), when rotating the iPad is supported. 
      • Security enhancements: Oracle Secure Global Desktop Gateway uses multi-factor authentication methods to access applications, increasing security when accessing cloud-hosted applications, regardless of location. With the included Oracle Secure Global Desktop Gateway, users can securely access their workspaces from PCs, laptops, or tablets both inside and outside the corporate firewall. 
      • Extended session mobility: Extends the session pause and resume feature to the iPad, allowing users to pick up their workspace right where they left off, even when moving from one client device to another. 
      • Improved performance: Delivers reliable performance and responsiveness for cloud-based applications and desktop sessions, even at cellular network speeds. 
      • Expanded server, client, and browser support: Oracle Secure Global Desktop 5.0 adds support for servers running Oracle Solaris 11.1 and Oracle Linux 6.4, and clients running Windows 8 (desktop mode) and Mac OS X Mountain Lion. Browsers supported now include Internet Explorer 10, Chrome, and Firefox ESR.  

      Oracle's press announcement regarding this release can be found here.

      For more information, you can also view the videos below (click to go to the video page and play):


      Get the latest scoop on products, strategy, events, news, and more, from Oracle's virtualization experts




      « February 2016