News, tips, partners, and perspectives for Oracle’s virtualization offerings

Oracle Secure Global Desktop 5.4 Now Available

Jan Hendrik Mangold
SGD Senior Product Manager

We are happy to announce the release of Oracle Secure Global Desktop (Oracle SGD) 5.4. Oracle SGD is a secure remote access solution for cloud-hosted enterprise applications and hosted desktops running on Oracle Linux and other Linux distributions, Oracle Solaris, Microsoft Windows, and mainframe servers.

What's New:

This new release of Oracle SGD comes with many new features, enhancements, and bug fixes. Highlights include:

Java-less client launch

Previous versions of SGD used Java in the browser, or Java WebStart, to install and launch the native client on Mac OS X, Windows, Linux and Oracle Solaris. However, many web browsers have removed support for Java, so we have added a new option to the supported launch methods. Once the client for Oracle SGD 5.4 is installed, either system wide or per user, the web browser uses a registered URL schema to launch the native client. This new approach no longer requires Java and is supported on virtually all browsers.

Improved HTML5 client

In previous versions of Oracle SGD, the HTML5 client had some limitations; you couldn't resume sessions and only a single application session was supported at any given time. With Oracle SGD 5.4 we have removed those restrictions and it functions like a native client. You now can launch, suspend and resume multiple application sessions simultaneously. Regardless of which client you launch an application with, you can resume any suspended session with the native client or the HTML5 client, except for Client Window Management applications, which are not supported with HTML5. Oracle SGD 5.4 also supports character applications with HTML5.

Support for smart card and client certificate authentication

A certificate containing an identity can be installed on the client and registered with the Oracle SGD Gateway. This way, only users with the registered certificates can access the gateway. This works in three different configurations:

  • Certificate required and sufficient for authentication: gateway will require a certificate and Oracle SGD server will trust the certificate

  • Certificate required and insufficient for authentication: gateway will require a certificate, but the user still needs to provide credentials to authenticate

  • Certificate optional and sufficient for authentication: if the gateway is presented a certificate and the Oracle SGD server trusts it, the user is authenticated, otherwise, the user needs to authenticate with username/password

Client IP address propagation

Until the 5.4 release, the Oracle SGD servers only saw the IP address of the Oracle SGD Gateway as the remote end of the connection. In Oracle SGD 5.4, the gateway now passes up to three IP addresses to the Oracle SGD server:

  • Remote end of the incoming connection to the Gateway
  • Any X-Forwarded-For headers added to HTTP traffic (load balancers)
  • The client’s view of its IP address

The following example shows a running gnome terminal session on an Oracle SGD server with a co-located gateway.

[sgdadmin@sgdsrv1 ~]$ sudo /opt/tarantella/bin/tarantella emulatorsession list
User: .../_ens/o=Tarantella System Objects/cn=SGD Administrator
Application: .../_ens/o=applications/cn=gnome-terminal
Application Server: .../_ens/o=appservers/cn=Tarantella server sgdsrv1
Application Server DNS: sgdsrv1.compute-sgdpm.oraclecloud.internal
Application Server User: sgdadmin
Client (forwarded):
Client (tcc):
Protocol Engine ID: 22402
Resumable For: Always
Session ID: sgdsrv2.compute-sgdpm.oraclecloud.internal:1521588707829:-4094901712694853239:Li4uL19lbnMvbz1UYXJhbnRlbGxhIFN5c3RlbSBPYmplY3RzL2NuPVNHRCBBZG1pbmlzdHJhdG9y
Start Time: 2018-03-20 23:31:47.831
Status: Running
[sgdadmin@sgdsrv1 ~]$

Support for SSH key authentication to application servers

In addition to username/password authentication when launching applications on application servers, Oracle SGD 5.4 provides private key authentication to Unix application servers. The SSH private key does not leave a user's system. On both Oracle SGD clients, you can use a private key to connect to application servers.

Installation and upgrade

The aim is to get as many customers as possible to upgrade from older, unsupported versions of Oracle SGD to SGD 5.4.  For this reason, upgrades are allowed from many Oracle SGD releases.

Solaris 10
Solaris 11
4.63 u5, u6, u7 N/A N/A u8 N/A
4.71 u7, u8 u2, u3 N/A u10 u0
5.0 u8, u9 u2, u3, u4 N/A u10, u11 u0, u1
5.1 u8, u9 u2, u3, u4 N/A u10, u11 u0, u1
5.2 u8+ u2+ N/A u10+ u0+
5.3 u8+ u2+ u0+ u10+ u0+
5.4 u8+ u2+ u0+ u10+ u0+

There is an issue that none of the OS platforms supported by Oracle SGD 4.63 are supported in Oracle SGD 5.4.  The recommendation for these upgrades is:

1. Stop the Oracle SGD server (or Gateway).

2. Upgrade the OS to a version supported by Oracle SGD 5.4.

3. Upgrade the Oracle SGD server (or Gateway).


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.