Friday Apr 11, 2014

Friday Spotlight: Writing a Broker for Oracle Secure Global Desktop

We talked about the dynamic launch feature in Oracle Secure Global Desktop earlier and pointed out that the code providing the functionality is implemented in a broker.  Here, we'll look at the fundamentals of writing a broker before working through a scenario where a bespoke broker would simplify operations.

Broker Basics

The interfaces and classes you need to write a broker are in the com.tarantella.tta.webservices.vsbim package in the sgd-webservices.jar archive. 

IVirtualServerBroker is the key interface and all Secure Global Desktop brokers must implement it.  These are the methods where a broker writer would typically add logic.

void initialise(Map initParams) This method is called once when the broker is loaded by the Secure Global Desktop workspace.  It gives the broker a map of the key/value pairs configured on the dynamic application server object using the broker.  Typical parameters would be the name and port of a source of real or virtual application servers.
Map getCandidateServers(Map params) Secure Global Desktop calls this method to obtain a list of servers available to a particular user.  The broker receives a map of parameters, including the identity of the user, and the broker returns a list of candidate servers.  The broker writer is free to decide how to populate that list and whether to return one candidate or several.  For example, the broker could contact a database to reserve a single server.  Alternatively, it could use APIs or web services to contact a VM provider and get a list of available virtual machines.
ICandidateServer prepareCandidate(String type, ICandidateServer candidate) This method is called after getCandidateServers returns a single option or the user has selected one from several.  This is the place for any code needed to set-up the chosen server or virtual machine.
void destroy() This is where the broker would tidy-up, freeing any resources it had used, like sessions and connections.

A Sample Broker

Let's look at a scenario where writing a broker could simplify operations.  You are an administrator of a Secure Global Desktop deployment where users periodically need to access a key application.  Only a single instance of the application can run on any one server and you have a limited number of licenses.  When a user requires access to the application, they submit a service request to reserve one.  The traditional, broker-less approach in Secure Global Desktop would be to create an application object, configure it to run on the reserved application server and then assign it to the user who reserved it.  Time-consuming if you have to do this repeatedly and on a regular basis.

However, if we can access the reservation database, we can do it dynamically in a broker.  The operation now becomes:

  • Once only, the administrator assigns the application a dynamic application server configured with a custom broker

Then,

  • User submits a service request and reserves a server
  • User logs into Secure Global Desktop and clicks the link to launch the application
  • The broker queries the database, gets the server that the user has reserved and launches the application on it

For the administrator, there is no need to create, modify or destroy objects in the Secure Global Desktop datastore every time a user submits a service request.

Skipping many details, defensive coding and exception handling, the broker code would look something like this:

package com.mycompany.mypackage;

import com.tarantella.tta.webservices.vsbim.*;
import java.sql.*;
import java.util.*;

public class DbBroker implements IVirtualServerBroker {

    static private final String TYPE = "A Description";
    private Connection dbConn;

    public void initialise(Map<String, String> parameters)
            throws VirtualServerBrokerException {
        // Connect to reservation database.  End-point and credentials are
        // supplied in the parameters from the dynamic application server
        dbConn = DriverManager.getConnection(params.get("URL"), params.get("USER", params.get("PASS"));
    }

    public Map<String, List<ICandidateServer>> getCandidateServers(
            Map<String, String> parameters)
            throws VirtualServerBrokerAuthException,
                   VirtualServerBrokerException {
        Map<String, List<ICandidateServer>> launchCandidates =
                new HashMap<String, List<ICandidateServer>>();

        // Get the user identity
        String identity = parameters.get(SGD_IDENTITY);

        // Lookup the application server for that user from the database
        Statement statement = dbConn.createStatement();
        String query = createQuery(identity);
        ResultSet results = statement.executeQuery(query);
        // Parse results;
        String appServerName = parseResults(results);

        if (appServerName != null) {
            // Create the assigned server.
            CandidateServer lc = new CandidateServer(appServerName);
            lc.setType(TYPE);

            List<ICandidateServer> lcList = new ArrayList<ICandidateServer>();
            lcList.add(lc);
            launchCandidates.put(TYPE, lcList);
        }

        return launchCandidates;
    }

    public ICandidateServer prepareCandidate(String type,
            ICandidateServer candidate)
            throws VirtualServerBrokerException {
        // Nothing to do
        return candidate;
    }


    public void destroy() {
        // Close the connection to the database
        dbConn.close();
    }

    // And the other methods
    public boolean isAuthenticationRequired() {
        // No user authentication needed
        return false;
    }

    public Scope getScope() {
        // Scope at the application level for all users.
        return Scope.APPLICATION;
    }
}

In summary, dynamic launch and custom brokers can simplify an administrator's life when operating in a dynamic environment.  The broker can get its data from any source with a suitable interface: a database, a web server or VM providers with open APIs.  Next time, we'll illustrate that with a broker connecting to Virtual Box.


Friday Apr 04, 2014

Dynamic Launch in Oracle Secure Global Desktop

In an earlier entry, Oracle Secure Global Desktop and Oracle VDI, we mentioned the dynamic launch feature in Secure Global Desktop and described how we used that feature to connect the two products.  Here's a summary of that integration:

SGD and VDI

Now is a good time to dig a bit deeper into dynamic launch.

Dynamic Launch

There are three parts to it:

  • Dynamic Applications
  • Dynamic Application Servers
  • Brokers

Dynamic Applications

A dynamic application is a type of object in Secure Global Desktop that maps to one or more other applications and offers a user a choice between those applications.  Normally, you would map related applications, like a workflow, or alternatives, where you would expect a user to run only one of the applications at any one time.  'My Desktop' is an example of the latter: it is a dynamic application that maps to a Unix desktop and a Windows desktop, the thinking being that most users would run one or the other, but not both simultaneously.

Dynamic Application Servers

A dynamic application server is an object that tells Secure Global Desktop to execute some code to determine where an application should run.  It can be assigned to an application object just like other application servers and the code is executed when the application is launched.  The code is delivered as a broker.

Brokers

A broker is a Java class that implements a simple interface and is a property of a dynamic application server.  Currently, Secure Global Desktop ships with three brokers:

  • SGD Broker: when this is assigned to an application object, it grabs all the other (real) application servers assigned to the application and presents the user with a choice
  • User-defined SGD Broker: an extension of the SGD Broker that adds the option for a user to enter a host name
  • VDI Broker: this is used to provision hosts through VDI

Together, they provide a structured, flexible and extensible system: a single dynamic application in a user's workspace can open up a wealth of choices.  Let's consider a scenario where a user needs to run a range of web applications that require different browser types and versions.  One solution in Secure Global Desktop would be to create separate items for each type of browser and publish them to the workspace.  Alternatively, you could create a dynamic application that maps to the different types of browser and logically group them together.  And this can be taken a step further: by assigning a dynamic application server to an application, that browser could be run on a server dynamically provisioned through VDI or whatever hypervisor the broker has been written to handle.

Dynamic Launch

So, three key components make up dynamic launch.  Two of them, dynamic applications and dynamic application servers, are part of the Secure Global Desktop infrastructure and plumb the feature into the datastore, workspace and launch process.  They belong in the administrator's realm.  The third component, the broker, provides extensibility.  Secure Global Desktop ships with a broker to deliver VMs provisioned through Oracle VDI, but the open interfaces mean it does not have to stop there. To go further, we must enter the developer's world and write a little code.  Next time...


Friday Mar 28, 2014

Oracle Secure Global Desktop and Oracle VDI

What is the relationship between these two products?  One view is that Secure Global Desktop (despite its name!) provides access to remote applications and VDI does the same for remote, virtual desktops (VMs).  A clean distinction, but slightly artificial: to Secure Global Desktop, a remote desktop, virtual or not, is really just a remote application.  There is little to differentiate the products when it comes to connectivity to remote desktops -  Secure Global Desktop has its native and HTML 5 clients, VDI has Sun Ray and OVDC, but both products connect to remote servers in the same way, typically using RDP.

Where the products differ is in their scope.  Oracle VDI is a comprehensive solution that enables an administrator to create, store, manage and destroy VMs, as well as allowing users to connect to them.  Secure Global Desktop is simpler and restricts itself to connectivity to the VMs.

So, do the products work together?  A most definite 'yes': use Secure Global Desktop for user connectivity and VDI for management of VMs.  In fact, Secure Global Desktop ships with a component specifically for communicating with VDI.  You can find full details at http://docs.oracle.com/cd/E41492_01/E41495/html/dynamic-launch.html#broker-vdi-3-3 but we can do a short overview here.

Firstly, a slight digression.  There are two main entry points to Secure Global Desktop.  The common approach is for users to log in through their browser and go to their Workspace (formerly known as their 'Webtop').  The Workspace presents all the applications that an administrator has published to the user as links and an application can be launched by clicking its link.  The second entry point is 'My Desktop'.  Here, a user logs in through the browser but, rather than going to the Workspace, a desktop is launched automatically.  Quite a good fit for delivering virtual desktops and the approach we will use in our example.

Let us assume it is a clean installation of Secure Global Desktop.  The first task is for the Secure Global Desktop administrator to configure 'My Desktop' to talk to VDI.  The steps are:

1. 'My Desktop' is a dynamic application object, meaning that it can map to one or more real application objects.  Since all the VM providers accessed through VDI emit RDP, we are interested in 'Windows Desktop' and not 'Unix Desktop'.  We delete the mapping to 'Unix Desktop', leaving a single mapping to 'Windows Desktop'.

Next, we configure the 'Windows Desktop' application.  Traditionally, this would be done by assigning it an application server object that points to a real Windows server.  Here, we are going to use a dynamic application server.  It is 'dynamic' because it uses code (in this case, the VDI Broker) to define the server or servers, rather than a static setting for DNS name or IP-address.  So, next:

2. We create the dynamic application server, set its 'Broker Class' to 'VDI Broker' and configure it with the particulars of our installation.  Configuration involves providing the URL for the VDI web services and, if they are secured with a certificate from an untrusted certificate authority, installing the certificate (or chain) into Secure Global Desktop.
3. We assign this dynamic application server to 'Windows Desktop'

That is the administrator's job done.  The user scenario is:

- User clicks the 'My Desktop' link in the browser and authenticates.
- The VDI broker code runs and gets a list of VMs available to the user.  If there is only one candidate VM, Secure Global Desktop connects the user directly to the virtual desktop.  If there are several, the user is given the option to select one before a connection is made.

By using the VDI broker included in Secure Global Desktop, you can deliver virtual desktops to users through Secure Global Desktop and manage the desktops with VDI.  For users familiar with Secure Global Desktop, the desktop is just another application and they face no learning curve.  And administrators can continue to manage desktops through VDI, or even add desktops from other providers without changing the user experience.

There are references to 'dynamic application server objects' and 'dynamic application objects' in this discussion.  These types of objects, along with some open interfaces, form the 'dynamic launch' feature in Secure Global Desktop. This feature is used to extend the product and the VDI Broker is an example of this extensibility - by simply implementing a public interface (see http://docs.oracle.com/cd/E41492_01/E41499/html/com/tarantella/tta/webservices/vsbim/IVirtualServerBroker.html), the VDI Broker plugs into the Secure Global Desktop infrastructure and provides additional functionality. 

Dynamic launch will be the topic of a later entry.

Friday Mar 21, 2014

Friday Spotlight: Oracle Secure Global Desktop 5.1

Happy Friday, everyone! Our Friday Spotlight this week is a blog entry from the Oracle Secure Global Desktop engineering team, with some info on what they've been up to: 


Hadn't noticed that this blog has been quiet for a while.  Time to catch-up!

So, what's been happening with Oracle Secure Global Desktop recently?  The biggest event was the release Oracle Secure Global Desktop version 5.1 in November 2013.  This version builds on the tablet support for iPads introduced in version 5.0 and extends it to Android devices.  It also supports the use of the tablet client, using HTML 5 technology, in Chrome browsers.  The traditional Oracle Secure Global Desktop clients are not being neglected and a Patch Set Update was delivered in February 2014 to support their use in Internet Explorer 11.

Talking of "Patch Set Updates", that's the other big, recent development.  In early 2014, we released 'tarantella patch' commands that can be retro-fitted to Long Term Support (LTS) maintenance releases of Oracle Secure Global Desktop and Oracle Secure Global Desktop Gateway to patch existing installations.  Using these commands, you can keep current with third-party components, like the JVM, and apply bug fixes to Oracle Secure Global Desktop.  It's not an alternative to upgrading to the latest version to get the latest features, but helps alleviate immediate problems until an upgrade can be scheduled.

Finally, the other big change is the relationship between Oracle Secure Global Desktop and Oracle VDI, but that's a big topic that needs an entry to itself...


We'll see you next week with another Friday Spotlight!

Tuesday Feb 25, 2014

The February '14 Oracle Virtualization Newsletter is Out!

The February 2014 Oracle Virtualization Newsletter is now available! It includes content on an updated Oracle VM cost calculator (now including Oracle Linux!), 2014 IT Predictions, community demonstration videos, what's new in Oracle Secure Global Desktop, and much more!

Read the February edition online right now, or subscribe to get future issues delivered straight to your inbox.

-Chris 

Friday Feb 21, 2014

Friday Spotlight: Amitego's Tools Updated for latest Oracle Secure Global Desktop

Happy Friday, everyone!

Our spotlight this week is on a fantastic tool, VISULOX Helpdesk from Amitego. If you’re a user of Oracle Secure Global Desktop, you have probably heard of Amitego. They provide tools that extend the feature set of Oracle Secure Global Desktop.

Whereas Oracle Secure Global Desktop is primarily designed for secure remote access to applications and desktops for a single user, Amitego provides extra, complementary tools to control and manage secure access for multiple users to the same session. This is really useful in situations such as where a manager needs to approve a transaction, or if two people with trusted information are needed to complete a task, or, perhaps the most common scenario, providing helpdesk services.

Their new tool, VISULOX Helpdesk, is based on the new VISULOX 3 framework and helps solve this last problem. It allows controlled assisting of a user by another user, without opening up the security risks associated with doing this on your desktop PC. You can do things like assign a group of users that a supervisor can assist with, and then the users can request help from the supervisor, and that supervisor can view their session in tandem. And the user still has control, too -- they can even switch off the cooperation view temporarily to enter a password, for example. And, of course, all of the clients and applications supported by Oracle Secure Global Desktop are supported by VISULOX Helpdesk, so you can even use your tablet device to remotely view and participate in a session.

If you need to do any sort of tandem work or helpdesk services and you’re using or looking at using Oracle Secure Global Desktop, you should go have a look at Amitego and read about their various offerings. Their tools have recently been updated to work with the latest Oracle Secure Global Desktop 5.1.

Have a great week!
-Chris

Friday Dec 20, 2013

Important Patch Set Updates (PSU) for Oracle Secure Global Desktop

Oracle has released some important Patch Set Updates (PSUs) for Oracle Secure Global Desktop which customers should be aware of.

These critical patch clusters are available for immediate download and installation, as described in the following version-specific announcements:


Patch Set Updates are available for all active Long Term Support (LTS) maintenance releases, as enumerated within the Secure Global Desktop Release Announcement Reference (1597467.1).   No other versions of SGD are designated to receive a formal PSU.   Administrators of earlier releases—(i.e. 4.5, 4.60, 4.61, 4.62, or 4.70)—must move to a designated maintenance release in order to apply these comprehensive solutions.

ACTION REQUIRED:  The Oracle Support team would like to stress the importance of the immediate consideration and installation of the December 2013 PSUs, as planned updates to the Java plug-in will adversely impact the user experience of all unpatched versions of Secure Global Desktop prior to Secure Global Desktop 5.10.

These changes will require proactive action on behalf of SGD Administrators to prevent service interruption when the forthcoming updates planned for Java do arrive.


Additional information regarding this particular scenario is described within a dedicated knowledge article:

  • Users Connecting to Secure Global Desktop are Presented with Dialog, "This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute."  (Doc ID 1594506.1)

Friday Nov 01, 2013

Oracle Virtualization Friday Spotlight - November 1, 2013

Welcome to Friday, we hope you had a good week! It was exciting for us here (especially those with Android tablets!) due to the announcement of Oracle Secure Global Desktop 5.1. So, our Friday spotlight is the news release "Oracle Secure Global Desktop Adds Support for Android Tablets".

Have a great week!

-Chris 

Friday Sep 13, 2013

Friday Tips #45

Happy Friday!

Our tip this week is on Oracle Secure Global Desktop, which provides secure remote access to Oracle Applications and other enterprise software. One of the really great things about Secure Global Desktop is that once the administrator has setup an application the first time, providing access to that application to any number of users takes literally seconds.

Check out this great step by step tutorial for publishing an application to an entire group of users in the enterprise directory by the Fat Bloke:

Controlled Application Deployment with Secure Global Desktop


Speaking of Secure Global Desktop, if you're coming to Oracle OpenWorld, don't miss a fantastic session we're doing on the topic of secure application access, featuring Airbus and NHS Lothian. Both of these large organizations use Secure Global Desktop as an access layer for a variety of applications from many different types of devices. It will be a fascinating session and if you're at all interested in remote access, security, application virtualization, or anything similar, you won't want to miss it.

Tuesday, September 24
3:45 PM - 4:45 PM
Westin San Francisco, Concordia

Wednesday Aug 21, 2013

Oracle Virtualization at Oracle OpenWorld 2013, Part 2

If you're attending Oracle OpenWorld 2013 (and we hope you are!), the Schedule Builder tool is now available for you. Schedule Builder lets you register for the sessions you want to attend during the show. If you're interested in Oracle Virtualization, there are a number of sessions, hands on labs, and product demos that will be interesting to you. I covered several of the sessions in part 1 of this series, and in this one I'm going to cover a few more sessions. In the 3rd part of this series, I'll cover the Hands On Labs and demo stations that you can visit.


What's New with Oracle VM Server for x86 and SPARC: A Technical Deep Dive (CON9544)
Oracle VM Server virtualization solutions provide users the best combination of price, performance, certification, and advanced features tailored for ease of deployment and management. Spanning both x86 and SPARC architectures, it's designed to support a diverse set of OS workloads such as Linux, Solaris, and Windows to meet the wide ranging demands of modern IT environments. Join us to get the latest technology updates on Oracle VM Server.

High Availability and Infrastructure Best Practices with Oracle VM (CON11258)
This session will provide practical details and best practices on building and scaling an Oracle VM environment for High Availability for Database and infrastructure best practices. From information gathering and planning to analyzing needs of your environment, you will learn to plan for growth in infrastructure components to accommodate failover, DR, HA and migration. This session will also cover the methods to reduce downtime during events like system upgrades and migration and troubleshooting during system outages.

And in the Develop track:

What's New in Oracle VM VirtualBox (CON9550)
Oracle VM VirtualBox is the world's most popular cross-platform virtualization software, with nearly 100 million downloads. Optimized to run on desktop systems, Oracle VM VirtualBox is an ideal choice for development and testing, and can help ease cross-platform headaches by allowing you to run multiple platforms on your laptop or PC. In this session Oracle experts will cover the latest advancements in Oracle VM VirtualBox, including information on features such as VM Groups, guest automation, resource controls, and more.


One of my favorite features for attendees of Oracle OpenWorld is the "Focus On" documents that group together similar content as kind of a quick reference guide. This year, Focus On documents are done with a cool dynamic web page, so any changes that happen in the next few weeks (for example, when the Hands On Labs signups open up in the next week or so, or if a session gets oversubscribed and is moved to a bigger room), the Focus On page will automatically update. So, please go here to have a look at the most up to date Focus on Virtualization, and then bookmark it for future reference:

Focus on Virtualization

This year's show is shaping up to be a big one! Most of the folks that post on this blog will be there along with a large number of folks from the Oracle virtualization team, and we're very excited to meet you in person!

-Chris 

Monday Aug 12, 2013

The August 2013 Virtualization Newsletter is Here!

  • Find out about the latest Engineered System, being unveiled tomorrow, August 13, at 10am PT.
  • A summary of Oracle Virtualization content you can see at Oracle OpenWorld 2013.
  • Two new white papers: Why Use Oracle VM for Oracle Databases, and Deployment Considerations for Oracle Secure Global Desktop.
  • The new release of Oracle Virtual Assembly Builder 12c.
  • And more!

-Chris

Wednesday Jun 26, 2013

June 2013 Virtualization Newsletter is Here!

The June Edition of the Oracle Virtualization Newsletter is now available! In this issue, you'll learn about:

  • Announcing Oracle Secure Global Desktop 5.0
  • Dell Announces New Infrastructure Offering with Oracle Linux, Oracle VM, and Oracle Enterprise Manager, Optimized to Run on Dell x86 Systems
  • Oracle VM Continues to Expand Partner Ecosystem with Cisco and NetApp 
  • Get Ready for Oracle OpenWorld 2013

And much more!

Head on over and read the newsletter. You can also subscribe and have it automatically appear in your inbox each time a new edition is released!

-Chris 

Friday Jun 14, 2013

Friday Tips #32

Happy Friday! Our tip this week is about Oracle Secure Global Desktop and directory services.

Question:
What versions of Active Directory and LDAP does Oracle Secure Global Desktop support? 

Answer from the Deployment Considerations for Oracle Secure Global Desktop white paper:
Active Directory authentication and LDAP authentication are supported on the following versions of Active Directory:

  • Windows Server 2003
  • Windows Server 2003 R2
  • Windows Server 2008
  • Windows Server 2008 R2
  • Supported LDAP Directories

Oracle Secure Global Desktop supports version 3 of the standard LDAP protocol. You can use LDAP authentication with any LDAP version 3-compliant directory server. However, Oracle Secure Global Desktop only supports the following directory servers:

  • Oracle Directory Server Enterprise Edition version 11gR1
  • Microsoft Active Directory on Windows Server 2003, 2003 R2, 2008, and 2008 R2
  • Oracle Internet Directory 11gR1 (all 11.1.1.x.0 releases)

Other directory servers might work, but are not supported.

For more detail, have a read through the User Authentication section of the documentation

See you next week!

-Chris 

Wednesday Jun 12, 2013

Oracle Secure Global Desktop Survey

To help us design Oracle Secure Global Desktop better, we would like to collect feedback from our customers about their deployments with Oracle Secure Global Desktop via a short, simple 11 question survey. This survey is for those customers and partners who have deployed Oracle Secure Global Desktop in production environments and can be specific about the product features and/or product dependencies they find important and useful.

We appreciate a few minutes of your time filling this survey out. Here is the link to the survey.

Friday May 03, 2013

Friday Tips #26

Happy Friday! With the exciting release of Oracle Secure Global Desktop 5.0 this week, we though we'd do something a little different with our Friday tip.

Since access via iPad with HTML5 is a big part of this release, a question that has come up a few times is what performance is like over cellular connections. So, we recorded some video of an iPad using an iPhone 5 on LTE as a mobile hotspot, connecting back to an Oracle Secure Global Desktop server. You can see the real world cellular performance in the video below:

See you next week!

-Chris 

About

Get the latest scoop on products, strategy, events, news, and more, from Oracle's virtualization experts

Twitter

Facebook

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
5
6
7
8
9
10
12
13
14
15
16
17
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today