Wednesday Feb 01, 2017

Oracle Secure Global Desktop 5.3 Available

Available Now, Oracle Secure Global Desktop Release 5.3

Oracle Secure Global Desktop (SGD) is a secure remote access solution for cloud-hosted enterprise applications and hosted desktops running on Oracle Linux and other Linux distributions, Oracle Solaris, Microsoft Windows, and mainframe servers.

Why is this release important?

This release features many improvements over the previous release. New features include:

  • Support for Oracle Linux 7 as a client, application server and infrastructure node for Oracle SGD server and gateway. SGD now supports all recent Oracle Linux versions (5, 6, 7) from client, through infrastructure and application servers.
  • IPv6 support for gateways: With IPv6 support on the SGD gateways you can now enable secure access over IPv6 to an entire data center without having to worry about migrating all the resources inside the data center from IPv4.
  • SGD integration with Oracle VM Manager and Oracle VM Virtualization: Two new types of Dynamic Application Servers enable SGD to communicate with Oracle VM Manager and Oracle VM VirtualBox to determine dynamically which systems to offer to a user to connect to. The list of VMs can be filtered by Group, VM name and OS.
  • Cloud readiness: A new command is added to configure Oracle SGD, save as a template and spin-up fully configured servers in minutes. Co-located Gateway and Oracle SGD server templates are also supported
    • Client delivery: Automatic choice between Java applet and Java web start technologies and HTML5.
    • Latest security fixes.

    Supported Upgrade Path

    SGD 5.3 is a straight upgrade from SGD versions 4.63, 4.71, 5.0, 5.1 and 5.2.


    Wednesday Oct 26, 2016

    Patch Set Updates (PSUs) for Oracle Secure Global Desktop

    We've now publicly released an important set of Patch Set Updates (PSU) for Oracle Secure Global Desktop (SGD) in parallel with Oracle's October 2016 Critical Patch Update (CPU).  PSUs are maintenance patch roll-ups, and include strategic security and stability fixes for identified maintenance platforms.

    The following reference documentation has been updated in parallel with this release, and includes detailed information regarding the content of these updates for various platforms, as well as instructions for procuring and installing the patches in existing SGD deployments.
    As always: these changes have been documented within the ever-evolving Patch Matrices of the SGD Release Announcement Reference: a one-stop-shop for the latest publicly available updates for SGD!
    • Oracle Secure Global Desktop, Release Announcement Reference (Doc ID 1597467.1)

    More information on Oracle Critical Patch Update Advisories, including details for Oracle's October 2016 announcement can be found on OTN.

    This blog entry was contributed by Jan Hendrik Mangold, product manager of Oracle Secure Global Desktop.

    Friday Sep 09, 2016

    OOW16: Showcase Partner Spotlight - amitego AG

    In this Friday spotlight we are all about Oracle OpenWorld happening on September 18-22nd at the beautiful city of San Francisco.

    This year we are very excited to have 8 partners showcasing their solutions at the Oracle Linux, Virtualization and OpenStack Showcase at Oracle Openworld.  Our showcase area will feature partner and Oracle pods as well as Mini theatre where partners will present their solutions. We have exciting demos and giveaways which should be an incentive to come by.

    Our showcase partner in this spotlight blog is amitego AG.

    amitego AG’s VISULOX (based on Oracle Secure Global Desktop) offers rule-based control and management of privileged users accessing the data center. It includes device-less two-factor-authentication, software-based recording of user sessions, and controlled data transfer up to the limit of command and script usage, all without any changes to servers and clients. It integrates information from LDAP or Active Directories and supports a variety of application servers and clients.

    amitego AG Sessions:

    Monday, Sep 19, 2:00-2:20pm  - Showcase Mini Theatre

    Controlled Cloud Access with Oracle Secure Global Desktop and VISULOX 

    Wednesday, Sep 21, 3:00 p.m. | Park Central - Concordia 

    [CON7431] Secure Cloud Access with Oracle Secure Global Desktop and VISULOX 

    Please visit amitego AG @kiosk SLX-007 at the Oracle Linux, Virtualization, and OpenStack Showcase (booth 1901) in Moscone South.

    For more information about amitego AG and VISULOX visit this site

    Thursday Oct 15, 2015

    OOW15: amitego AG Demonstrates VISULOX at Oracle Linux, Oracle VM and OpenStack Showcase

    We are happy to welcome amitego AG to our Oracle Linux, Oracle VM and OpenStack Showcase this year. They will be showcasing their product VISULOX in the showcase area but also provide insight into the product during theatre session listed below at Oracle OpenWorld on Oct 26-28.

    amitego AG
    is not new to Oracle Infrastructure products, nor to Oracle OpenWorld. Its mission is to make IT a safer place, by addressing secure access by privileged users, and this through its Remote Access Control and Management Solution Suite, VISULOX.

    VISULOX is based on the Oracle Secure Global Desktop Software, offering customers a flexible and powerful way to control and document all activities of the privileged users in the IT environment.  If you want to know more about the VISULOX and amitego, come to their theatre session:

    Title: VISULOX—Controlled Privileged Access to Cloud Services [THT11226]

    Speaker: Tillmann A. Basien, CEO, amitego Engineering GmbH

    • Monday, Oct 26, 1:30 p.m. | Oracle Linux, Oracle VM, and OpenStack Showcase Theater, Moscone South
    • Tuesday, Oct 27, 1:00 p.m. | Oracle Linux, Oracle VM, and OpenStack Showcase Theater, Moscone South

    amitego AG will also demonstrate their VISULOX product and show how easy it is to integrate without any modification to server or client, delivering a complete audit trail about who did what and when in the system. Including demos showing the user activities. Visit amitego AG at Oracle Linux, Oracle VM and OpenStack ShowcaseBooth 121, SLMoscone South, Kiosk: SLX-006.

    Friday Jun 05, 2015

    Friday Spotlight: Keep Your Virtualization Infrastructure Up to Date

    It's important to keep all software versions and patches up-to-date, as one of the principles of good security practice. Oracle responds quickly to any potential security threat by incorporating the security fixes into errata updates. See recent security alert to address CVE-2015-3456 ("VENOM") here

    The Oracle VM security architecture, by design, eliminates many security threats. The guidelines for secure deployment of virtualized solutions based on Oracle VM are largely based on network security. As these guidelines are generally applicable, they should always be reviewed for applicability in the context of each implementation and the security requirements and policies of the broader environment in which Oracle VM is deployed. Please review Oracle VM Security Guide to apply to your environment.

    • Oracle VM Server for x86 Security Guide for Release 3.3 HTML
    • Oracle VM Server for x86 Security Guide for Release 3.2 HTML
    • Oracle VM Server for SPARC Security Guide for Release 3.2 HTML

    To be informed about any errata update, including security fixes, you can sign up here to receive notification on software update delivered to ULN for Oracle VM Server for x86, or you can browse the email archive.

    To learn more about Oracle's virtualization solutions, visit  

    Monday Oct 06, 2014

    Secure Oracle VM Deployments

    One of the principles of good security practice is to keep all software versions and patches up-to-date. To keep you and your customers informed about any errata update, please subscribe to you can sign up here to receive notification on software update delivered to ULN for Oracle VM, or you can browse the email archive.

    We've released fixes to address the recent security vulnerabilities. Please review the instructions to apply those fixes.

    Oracle Virtual Compute Appliance Software - My Oracle Support (MOS) note 1930502.1
    Oracle VM 2.2, 3.0, 3.1, 3.2, 3.3  -  MOS note 1929782.1
    • Xen Security Advisory CVE-2014-7188 / XSA-108
    CVE-2014-7188 / XSA-108 Patch Availability Document for Oracle VM - MOS Note 1931331.1
    CVE-2014-7188 / XSA-108 Patch Availability Document for Oracle Virtual Compute Appliance - MOS Note 1931380.1
    The Oracle VM security architecture, by design, eliminates many security threats. The guidelines for secure deployment of virtualized solutions based on Oracle VM are largely based on network security. As these guidelines are generally applicable, they should always be reviewed for applicability in the context of each implementation and the security requirements and policies of the broader environment in which Oracle VM is deployed. Please review Oracle VM Security Guide to apply to your environment.
    • Oracle VM Security Guide for Release 3.3 HTML
    • Oracle VM Security Guide for Release 3.2 HTML

    Friday Oct 03, 2014

    Friday Spotlight: Highlights from Oracle OpenWorld 2014

    At Oracle OpenWorld 2014, Renée J. James, President of Intel Corporation, shared her keynote on, "The Future of the Data Center in a Software-Defined World". She talked about Intel's Next Generation Firewall (NGFW) for Oracle VM.

    During the keynote, Steve Grobman, Intel Fellow and CTO of Intel Security Platforms showed the NGFW demo with Oracle VM Manager:

    Steve articulated the key values of the joint solution from Intel and Oracle:

    • Scalable and fast deployment of the virtual firewall instances powered by Oracle VM Templates
    • Fast and secure VM migration orchestrated by Oracle VM Manager
    • And better datacenter protection.

    You can watch the keynote replay here.

    To learn more about Oracle's virtualization solutions, visit

    Friday Aug 22, 2014

    Friday Spotlight: Oracle Secure Global Desktop and amitego VISULOX

    Happy Friday!

    Our spotlight this week is a screencast about a fantastic solution that takes the security model of Oracle Secure Global Desktop and adds even more features.

    If you work in environments where you need to have a video record of users' interactions with applications, or need to ensure that two users can remotely work on the same session (a worker entering data in a form from one workstation and a manager typing an authorization code from another, for example), amitego VISULOX can do this and a lot more. It's built on top of Oracle Secure Global Desktop, so you get all of the great features there, plus additional unique security related features provided by VISULOX.

    Click the thumbnail below to watch the screencast.

    We'll see you next week!


    Friday Feb 21, 2014

    Friday Spotlight: Amitego's Tools Updated for latest Oracle Secure Global Desktop

    Happy Friday, everyone!

    Our spotlight this week is on a fantastic tool, VISULOX Helpdesk from Amitego. If you’re a user of Oracle Secure Global Desktop, you have probably heard of Amitego. They provide tools that extend the feature set of Oracle Secure Global Desktop.

    Whereas Oracle Secure Global Desktop is primarily designed for secure remote access to applications and desktops for a single user, Amitego provides extra, complementary tools to control and manage secure access for multiple users to the same session. This is really useful in situations such as where a manager needs to approve a transaction, or if two people with trusted information are needed to complete a task, or, perhaps the most common scenario, providing helpdesk services.

    Their new tool, VISULOX Helpdesk, is based on the new VISULOX 3 framework and helps solve this last problem. It allows controlled assisting of a user by another user, without opening up the security risks associated with doing this on your desktop PC. You can do things like assign a group of users that a supervisor can assist with, and then the users can request help from the supervisor, and that supervisor can view their session in tandem. And the user still has control, too -- they can even switch off the cooperation view temporarily to enter a password, for example. And, of course, all of the clients and applications supported by Oracle Secure Global Desktop are supported by VISULOX Helpdesk, so you can even use your tablet device to remotely view and participate in a session.

    If you need to do any sort of tandem work or helpdesk services and you’re using or looking at using Oracle Secure Global Desktop, you should go have a look at Amitego and read about their various offerings. Their tools have recently been updated to work with the latest Oracle Secure Global Desktop 5.1.

    Have a great week!

    Tuesday Feb 19, 2013

    Oracle Solaris Remote Lab Uses Oracle Secure Global Desktop!

    Oracle Solaris Remote Lab (part of Oracle's Exastack Remote Labs) provides independent software vendors access to Oracle Solaris 11 11/11  environments (SPARC and x86) for validating their applications. The lab provides a simple and straight forward cloud interface for configuring an application test environment. It extensively leverages Oracle technologies, meets Oracle's stringent security requirements and is available to Oracle Partner Network members at the gold level and above. The Oracle Solaris Remote Lab leverages Oracle Secure Global Desktop to address many requirements. 
    • Oracle Secure Global Desktop (coupled with Oracle Secure Global Desktop's Secure Gateway) provides access to Solaris desktops and terminal sessions from a variety of client devices and from anywhere in the world, allowing excellent performance even over high-latency WAN links.
    • Oracle Secure Global Desktop (using the Client Drive Mapping or CDM feature) provides the ability to transfer files from user's local computers to the secure storage assigned to them within the Oracle Solaris Remote Lab
    • Oracle Secure Global Desktop is used to secure each independent software vendor's data and desktop access. The lab implements a separate Oracle Secure Global Desktop server per partner which is isolated on a separate VLAN, allowing for a multi-tenant setup.
    • Oracle Secure Global Desktop's web services API allows for seamless integration of functionality within Oracle Solaris Remote Labs' portal, resulting in a coherent user experience for independent software vendors.
    • Oracle Secure Global Desktop's Secure Gateway allows independent software vendors access to their resources using only a single point of entry into the network.The role of this gateway is to direct each user's network traffic to the correct VLAN and, thus, to the correct VMs.

    Tuesday Feb 05, 2013

    Airbus Deploys Oracle Secure Global Desktop

    Airbus, a world leader in the civil air transport market, employs approximately 52,000 people at sixteen sites in France, Germany, the United Kingdom, and Spain. The company relies on partnerships with major companies around the world and has a network of 1,500 suppliers in 30 countries.

    Airbus uses Oracle Secure Global Desktop to provide a dispersed workforce of aircraft designers, structural engineers, and other essential, ground-based staff with secure, real-time access to test results during flight trials. Technical teams no longer need to travel to the company’s center in Toulouse, and experts have the ability to start to evaluate results immediately. Using Oracle Secure Global Desktop has helped Airbus accelerate compliance with global aviation regulations, complete tests required by potential customers more quickly, and reduce time to market for new aircraft.

    "Oracle Secure Global Desktop enables us to deliver real-time flight test data direct from the cockpit to any number of designers, engineers, component manufacturers, and other authorized users, regardless of location or client device." – Ghislain Banville, IT Architect, Flight Test Data Equipment, Airbus 

    Read more details.

    Thursday May 17, 2012

    New Smart Card Features for Oracle Desktop Virtualization

    Sun Ray Software 5.3 and Oracle Virtual Desktop Infrastructure 3.4 now include a completely new and improved smart card software stack for Sun Ray 3 Series Clients and clients installed with Oracle Virtual Desktop Client 3.1. The new smart card software stack allows end users to quickly and easily login to their virtual desktops and applications, and offers users an even more secure virtual desktop environment by providing the capability of using two-factor authentication - what you have (your smart card) and what you know (your PIN). Some partner products can also add biometric authentication in conjunction with PIN authentication, thus providing three-factor authentication, making Sun Ray Clients one of the most secure virtual desktop thin client solutions in the industry.

    The new smart card software stack allows administrators to easily deploy smart card solutions with Sun Ray 3 Series thin clients or Oracle Virtual Desktop Client on PC, Mac or Linux desktops in their environment.

    The Sun Ray Software and Oracle Virtual Desktop Infrastructure smart card software stack is one of the most versatile solutions, providing enhanced compatibility with more smart cards, and smart card middleware partner products, than ever before. By allowing applications to utilize the full addressing space and data storage capabilities of cards and middleware that use the extended APDU format, and by enhancing compatibility with PC/SC on Microsoft Windows, Oracle provides the fastest and most compatible performing smart card-based solutions for virtual desktops. In laboratory testing, smart card data transfer speeds up to 24 times faster than previous releases have been measured on Sun Ray 3 Series Clients, which means that operations such as PIN login and PKI are faster, and the user gets authenticated access to their desktop much more quickly.

    With the use of a smart card, users can automatically launch their sessions without the need to enter their login credentials multiple times, saving time and increasing productivity. This enhanced smart card solution is extremely cost-effective and easy to implement, and is critical for environments where security and speed are a must - including healthcare, kiosks, and Point of Sale terminals.

    Feature Benefit
    Fast auto-launch of sessions - with or without a PIN Increases end-user productivity
    Automatic identification of both user and card Provides instant identification and security
    User authentication with password, PIN and/or Biometrics Provides additional security using multi-factor authentication
    Manage smart cards at multiple levels - local user, sessions/domain  Gives administrators flexibility to choose a configuration that best suits their needs

    (This blog posted on behalf of Oracle's Michael Bender) 

    Tuesday May 08, 2012

    Oracle Desktop Virtualization Security Solution at DISA Mission Partner Conference 2012

    Oracle desktop virtualization is showcased with the Oracle Cross Domain Security Solution and Oracle Systems at the DISA (Defense Information Systems Agency) Mission Partner Conference 2012.  This annual DISA conference brings together decision-makers and subject-matter experts from the military services, combatant commands, industry, and academia to share information and ideas that are of mutual interest and are critical to helping the U.S. Department of Defense achieve mission success.  The conference also features a list of stellar speakers including Oracle President Mark Hurd as the featured speaker on Wednesday May 8, 2012.

    Oracle Sun Ray Clients and Oracle Solaris with Trusted Extensions are key elements of the accredited Cross Domain Security Solution used by the U.S. Federal Government.  The Oracle Solution for Single Level Security adds the Oracle Virtual Desktop Infrastructure software for the secure access and provisioning of Windows 7 Virtual Desktops.

    This years DISA Conference theme is “The Joint Enterprise: Delivered Through Partnership.”  As described by Lt. General Ronnie Hawkins: "DISA realizes that delivering an enterprise that improves security, enhances effectiveness, achieves efficiency, enables innovation, and reduces the warfighter’s burden can be achieved by working with our mission partners".

    Oracle Sun Ray Clients are featured at the Oracle Booth for the DISA 2012 Mission Assurance Conference. Solaris Trusted Extensions provide the cross domain multi-level security solution shown to the left with green and red window labeling indicating the security level.

    Integrated labeling enforce secure access across security domains and applications including access to Windows desktops hosted on Oracle Virtual Desktop Infrastructure.  The Oracle Cross Domain Security Solution supports the Federal Government Common Access Card and SIPR Token Cards.

    Lt. General Ronnie Hawkins stops by the Oracle Booth to discuss the Oracle Cross Domain Security Solution with Oracle sales consultants at the DISA Mission Partner Conference 2012.

    Wednesday Jan 26, 2011

    Secure Deployment of Oracle VM Server for SPARC

    Oracle VM Server for SPARC is the server virtualization solution for SPARC T-Series server. A typical Oracle VM Server for SPARC installation based on best practices is already well secured against unauthorized use. In many cases this level of security turns out to be sufficient. Nevertheless, there is an attack surface that remains. There are risks, how unlikely they might be. Thus many customers want to learn more to secure their virtualization environment.

    We just published a technical white paper: Secure Deployment of Oracle VM Server for SPARC written by Stefan Hinker, an Oracle solution architect.

    This paper helps you understand the general security concerns in virtualized environments as well as the specific additional threats that arise out of them. It discusses these threats, their relation to Oracle VM Server for SPARC and how to mitigate the risk with a set of appropriate counter measures. Based on these, some general recommendations for secure deployments - both for Oracle VM Server for SPARC and for virtualized systems in general - are given, using a generalized model of security classes as an example.

    For more information about Oracle VM Server for SPARC:
    Visit to learn more about Oracle's virtualization solutions.

    Wednesday Dec 22, 2010

    Leaks on Wikis: "Corporations...You're Next!" Oracle Desktop Virtualization Can Help.

    Between all the press coverage on the unauthorized release of 251,287 diplomatic documents and on previous extensive releases of classified documents on the events in Iraq and Afghanistan, one could be forgiven for thinking massive leaks are really an issue for governments, but it is not: It is an issue for corporations as well.

    In fact, corporations are apparently set to be the next big target for things like Wikileaks. Just the threat of such a release against one corporation recently caused the price of their stock to drop 3% after the leak organization claimed to have 5GB of information from inside the company, with the implication that it might be damaging or embarrassing information.

    At the moment of this blog anyway, we don't know yet if that is true or how they got the information but how did the diplomatic cable leak happen?

    For the diplomatic cables, according to press reports, a private in the military, with some appropriate level of security clearance (that is, he apparently had the correct level of security clearance to be accessing the information...he reportedly didn't "hack" his way through anything to get to the documents which might have raised some red flags...), is accused of accessing the material and copying it onto a writeable CD labeled "Lady Gaga" and walking out the door with it. Upload and... Done.

    In the same article, the accused is quoted as saying "Information should be free. It belongs in the public domain."

    Now think about all the confidential information in your company or non-profit... from credit card information, to phone records, to customer or donor lists, to corporate strategy documents, product cost information, etc, etc.... And then think about that last quote above from what was a very junior level person in the organization...still feeling comfortable with your ability to control all your information?

    So what can you do to guard against these types of breaches where there is no outsider (or even insider) intrusion to detect per se, but rather someone with malicious intent is physically walking out the door with data that they are otherwise allowed to access in their daily work?

    A major first step it to make it physically, logistically much harder to walk away with the information. If the user with malicious intent has no way to copy to removable or moble media (USB sticks, thumb drives, CDs, DVDs, memory cards, or even laptop disk drives) then, as a practical matter it is much more difficult to physically move the information outside the firewall. But how can you control access tightly and reliably and still keep your hundreds or even thousands of users productive in their daily job?

    Oracle Desktop Virtualization products can help.

    Oracle's comprehensive suite of desktop virtualization and access products allow your applications and, most importantly, the related data, to stay in the (highly secured) data center while still allowing secure access from just about anywhere your users need to be to be productive. 

    Users can securely access all the data they need to do their job, whether from work, from home, or on the road and in the field, but fully configurable policies set up centrally by privileged administrators allow you to control whether, for instance, they are allowed to print documents or use USB devices or other removable media.  Centrally set policies can also control not only whether they can download to removable devices, but also whether they can upload information (see StuxNet for why that is important...)

    In fact, by using Sun Ray Client desktop hardware, which does not contain any disk drives, or removable media drives, even theft of the desktop device itself would not make you vulnerable to data loss, unlike a laptop that can be stolen with hundreds of gigabytes of information on its disk drive.  And for extreme security situations, Sun Ray Clients even come standard with the ability to use fibre optic ethernet networking to each client to prevent the possibility of unauthorized monitoring of network traffic.

    But even without Sun Ray Client hardware, users can leverage Oracle's Secure Global Desktop software or the Oracle Virtual Desktop Client to securely access server-resident applications, desktop sessions, or full desktop virtual machines without persisting any application data on the desktop or laptop being used to access the information.  And, again, even in this context, the Oracle products allow you to control what gets uploaded, downloaded, or printed for example.

    Another benefit of Oracle's Desktop Virtualization and access products is the ability to rapidly and easily shut off user access centrally through administrative polices if, for example, an employee changes roles or leaves the company and should no longer have access to the information.

    Oracle's Desktop Virtualization suite of products can help reduce operating expense and increase user productivity, and those are good reasons alone to consider their use.  But the dynamics of today's world dictate that security is one of the top reasons for implementing a virtual desktop architecture in enterprises.

    For more information on these products, view the webpages on and the Oracle Technology Network website.


    Get the latest scoop on products, strategy, events, news, and more, from Oracle's Virtualization Experts



    « February 2017