Read this page to find out how to install Sun Secure Global Desktop Software version 4.2 on your system.
This page uses the term "host" to mean the UNIX/Linux system on which you want to install Sun Secure Global Desktop Software.
Version 4.2 is supported on the following operating systems:
| Operating system | Supported versions | ||
|---|---|---|---|
| Solaris™ Operating System (Solaris OS) on SPARC® platforms | 8 | 9 | 10 |
| Solaris OS on x86 platforms | 10 | ||
| Red Hat Enterprise Linux (x86) | 3 | 4 | |
| Fedora Linux (x86) | Core 3 | Core 4 | |
| SUSE Linux Enterprise Server (x86) | 8 | 9 | |
You must make the following operating system modifications to the host before you install Secure Global Desktop. Without these modifications the software may not install properly.
The Secure Global Desktop Administration Guide has details of other operating system
modifications you may need to make after you have installed, see http://server.example.com/tarantella/help/en-us/base/gettingstarted/recommended_os_mods.html.
Secure Global Desktop will not install if the libXp.so.6 library
is not available on the host. This library was deprecated in Fedora Core 3.
However the library is still available in the
xorg-x11-deprecated-libs-6.8.1-12.i386.rpm package.
The Mainframe and AS/400 Connectivity Packs will not install if the
libXm.so.3 library is not available on the host.
This library is available in the openmotif-2.2.3-10.i386-10.i386.rpm
package.
Secure Global Desktop will not install if the libgdbm.so.2 library is not available on the host. SUSE Linux Enterprise Server 9 with Service Pack 2 contains version 3 of the library by default. You must obtain and install version 2 of the library before installing Secure Global Desktop. When you install Secure Global Desktop, use the --nodeps option with the rpm command.
Secure Global Desktop requires the /usr/lib/libsendfile.so library.
If this library is missing, Secure Global Desktop will not install. This library may be included with your
SUNWcsl (Core Solaris Libraries) package or you may have to apply patch 111297-01 (available from the
SunSolve Patch Support Portal
) to get it.
Solaris OS comes in the following distributions: Core, End User, Development and Entire Distribution. You must install at least the End User distribution to get the necessary libraries required by Secure Global Desktop. If you do not, Secure Global Desktop will not install.
You must configure you network for use with Secure Global Desktop:
The Secure Global Desktop Administration Guide has information about:
http://server.example.com/tarantella/help/en-us/base/indepth/ports_used.html
http://server.example.com/tarantella/help/en-us/base/indepth/firewall_configuring.html
A web server is an essential part of a working Secure Global Desktop installation. The Secure Global Desktop Base Component includes the Secure Global Desktop Web Server, which is pre-configured for use with Secure Global Desktop.
When you install Secure Global Desktop Base Component, you will be prompted for the TCP port on which the Secure Global Desktop Web Server listens for HTTP connections. This is usually port 80/tcp, but if another process is listening on that port you will be prompted to choose another.
The Secure Global Desktop Administration Guide has information about:
http://server.example.com/tarantella/help/en-us/base/gettingstarted/tta_webserver_intro.html
http://server.example.com/tarantella/help/en-us/base/gettingstarted/websrv_tta_config.html
There must be a ttaserv and ttasys user on the host before you can
install Secure Global Desktop. There must also be a ttaserv group.
The ttasys user owns all the files and processes used by the Secure Global
Desktop server. The ttaserv user owns all the files and processes used by the Secure
Global Desktop Web Server.
The Secure Global Desktop server does not require the privileges of the UNIX root user to run. The server starts as root and then downgrades to the ttasys user.
If you try to install the software without these users and group in place, the installation will stop without making any changes to the system and tell you what you need to do. The requirements are:
ttaserv and ttasys.ttaserv.ttaserv as their primary group./bin/sh.passwd -l).One way to create these users is with the useradd and groupadd commands, for example:
groupadd ttaserv useradd -g ttaserv -s /bin/sh ttaserv passwd -l ttaserv
Sun Secure Global Desktop Software contains several installable components. Some components are installed on:
The following table shows the packs that you can install on hosts, their package name and what they provide:
| Pack | Package | Description |
|---|---|---|
| Secure Global Desktop Base Component |
tta
|
|
| Secure Global Desktop Security Pack |
ttasecure
|
|
| AS/400 Connectivity Pack |
tta5250
|
|
| Mainframe Connectivity Pack |
tta3270
|
|
| Additional fonts |
ttafandr (Andrew X fonts)
ttafhang (Hangul X fonts)
ttaficl (ICL X fonts)
ttaforie (Oriental X fonts)
ttafscot (SCO Term X fonts) |
|
On Solaris OS platforms, you install the packs with the pkgadd command.
If the installation files for the packs are compressed, you need to expand them before installing.
If you are upgrading, read the upgrade instructions before installing the software.
By default, the software is installed in /opt/tarantella, but the installation program, Secure Global Desktop Setup, will prompt you for the installation directory when you install the Secure Global Desktop Base Component. All the optional packs are installed in the same directory as the Base Component.
pkgadd -d /full_path/ttaarch.pkg
i3so for Solaris OS on x86 platforms and spso for Solaris OS on SPARC platforms.
When you install the Base Component, Setup:
/etc/rc.d/rc3.d and named *Tarantella and *TarantellaWebServer.crontab to archive the Secure Global Desktop log files weekly.If the installation fails with a pwd: cannot determine current directory! error message, change to the /tmp directory and try again.
When Setup has finished installing the Base Component, the Secure Global Desktop server and the Secure Global Desktop Web Server will be running.
On Linux, you install the packs with the rpm command.
If you are upgrading, read the upgrade instructions before installing the software.
By default, the software is installed in /opt/tarantella, but you can choose a different installation directory by using the --prefix option when you install the secure Global Desktop Base Component. If you install the packs separately, you must use the --prefix each time you install a pack.
rpm -Uvh tta-version.i386.rpm ttasecure-version.i386.rpm ...
If you are creating an array of Secure Global Desktop servers, you must install the same set of optional packs on each server.
/opt/tarantella/bin/tarantella start
When you start the Secure Global server for the first time, the installation program, Secure Global Desktop Setup, automatically starts. Setup:
/etc/rc.d/rc3.d and named *Tarantella and *TarantellaWebServer.crontab to archive the Secure Global Desktop log files weekly.When Setup has finished, the Secure Global Desktop server and the Secure Global Desktop Web Server will be running.
The Sun Secure Global Desktop Enhancement Module for Windows provides a client drive mapping service, an application server load balancing service and support for seamless windows. It is supported on Microsoft Windows 2000 Server and Microsoft Windows Server 2003.
temwin32.exe program to a temporary directory on the Windows 2000/2003 application server.
If you are not installing from the CD, you can download the file from a Secure Global Desktop server from:
http://server.example.com
temwin32.exe to install the Enhancement Module.Note You can select which components of the Enhancement Module to install or install all components.
The Sun Secure Global Desktop Enhancement Module for UNIX provides an application server load balancing service. It is supported on the same versions of Solaris OS as Secure Global Desktop.
You install the Enhancement Module with the pkgadd command.
If the installation file for the Enhancement Module is compressed, you need to expand it before installing.
By default, the Enhancement Module is installed in /opt/tta_tem, but the installation program will prompt you for the installation directory.
If you are not installing from the CD, you can download the file from a Secure Global Desktop server from:
http://server.example.com
pkgadd -d /full_path/temarch.pkg
i3so for Solaris OS on x86 platforms and spso for Solaris OS on SPARC platforms.
The Sun Secure Global Desktop Enhancement Module for Linux provides an application server load balancing service. It is supported on the same versions of Linux as Secure Global Desktop.
You install the Enhancement Module with the rpm command.
By default, the Enhancement Module is installed in /opt/tta_tem, but you can choose a different the installation directory by using the --prefix option when you install.
If you are not installing from the CD, you can download the file from a Secure Global Desktop server from:
http://server.example.com
rpm -Uvh temversion.i386.rpm
tncwin32.exe, to a temporary directory on your PC.
If you are not installing from the CD, you can download the program from a Secure Global Desktop server from:
http://server.example.com
tncwin32.exe.If you are not installing from the CD, you can download the file from a Secure Global Desktop server from:
http://server.example.com
The file is:
tnci3li.tar for Linux (x86)tncspso.tar for Solaris OS on SPARC platformstnci3so.tar for Solaris OS on x86 platformstar xvf <tar file>
.sh ttwebtop/install.tncppdw.dmg, to a temporary directory on your Macintosh.
If you are not installing from the CD, you can download the file from a Secure Global Desktop server from:
http://server.example.com
If you are upgrading from a previous release of Secure Global Desktop, your current configuration is usually preserved when you upgrade. This section tells you what you need to know about upgrading.
Note the directory paths listed in this section assume the software is installed in the default /opt/tarantella directory.
Upgrades to or upgrades from EAP releases of Secure Global Desktop software are not supported. EAP releases must always be "clean" installs.
If a Secure Global Desktop server is in evaluation mode or expired evaluation mode, you can upgrade it by installing the next version of Secure Global Desktop.
A server that was in expired evaluation mode remains in expired evaluation mode after the upgrade. You cannot log in to a Secure Global Desktop server when it is in expired evaluation mode. To license a server when it is in expired evaluation mode, you must either add a valid Activation license key (using the tarantella license add command) or join the server to an array that is already fully licensed.
You can only upgrade to Secure Global Desktop version 4.2 if:
If you want to upgrade from Enterprise 3 version 3.3 or earlier, contact Support for details of how to upgrade.
A valid maintenance subscription means you have installed sufficient maintenance keys for your product keys before trying to upgrade.
If you have bought the right to upgrade, you must install the Right to upgrade key before trying to upgrade.
Version 4.2 contains the following changes to licensing:
When you upgrade:
After you have upgraded, use the tarantella license list command
to list your new license keys. Make a note of them and keep them somewhere safe.
Before you upgrade on Solaris OS platforms, you are strongly advised to create an installation administration file (for example, /tmp/pkgadmin) with the following contents:
conflict=nocheck
When you install the packs, use the -a admin
option to specify the administration file, for example:
pkgadd -a /tmp/pkgadmin -d /full_path/ttaarch.pkg
This avoids a lot of undesirable user interaction. Consult your system documentation for
pkgadd to see what other administration options are available.
On Linux platforms, if you are upgrading from a previous version of 4.2, you must manually uninstall all optional packs before upgrading.
To list all the packs that have been installed, run the following command:
rpm -qa | grep -i tta
To remove all optional packs, run the following command:
rpm -e pack ...
for example rpm -e ttasecure tta3270 removes the Security Pack and the Mainframe Connectivity Pack.
To upgrade a fully licensed array containing a single server:
tarantella stop.tarantella webserver stop.tarantella license list command to list your new license keys.
Make a note of them and keep them somewhere safe.As Secure Global Desktop servers in an array share configuration information, all servers in an array must run on the same major/patch (4.2x) version of Secure Global Desktop. This means that to upgrade a multiple-server array, you must dismantle the array and upgrade each server independently.
To upgrade a fully licensed array containing multiple servers:
tarantella stop.tarantella webserver stop.tarantella array detach --secondary server
command to detach the secondary servers.tarantella status command returns the same result when you run it on each array member.tarantella array join --secondary server
command to add the secondary servers.tarantella status command returns the same result when you run it on each array member.When upgrade you also upgrade the Secure Global Desktop Web Server. If you customized any of the files in the Apache/Tomcat directories these will be preserved when you upgrade.
If you upgrade from version 4.0 or earlier, the files will be preserved:
If you upgrade from version 4.1 or later, the files will be preserved in their existing directory but renamed with a 4.20.909 suffix. For example, if you made changes to the Apache httpd.conf file, these changes will be preserved in the same directory in a file called httpd.4.20.909.
You have to manually copy your customizations to the new Apache/Tomcat directories.
All web browser users must restart their web browsers before connecting to an upgraded Secure Global Desktop server.
If you are using your own web server instead of the Secure Global Desktop Web Server, you must restart your web server to ensure that users receive upgraded Java archives.
We recommend that Native Client users download and install the latest version of the Client from http://server.example.com
.
Version 4.0/4.1 versions and 4.2 versions of the Native Client for Windows are installed in different locations to previous versions. This means that the 3.x versions and 4.0/4.1 versions are not uninstalled when you upgrade and will remain on the Windows Start menu. You may need to keep the previous versions to connect to Secure Global Desktop servers running older version of the software or they can be manually uninstalled.
A complete copy of your ENS database (this is the storage area for all the objects in your Secure Global Desktop organizational hierarchy) is taken from the var/ens directory and backed up to the var/ens.<oldversionnumber>
directory. The backup is not changed and the existing ENS database is only changed if new objects essential to the running of Secure Global Desktop are needed.
The local/global array configuration stored in the var/serverconfig directory is only changed if there is a need to insert any new properties files and add new attributes to existing properties. This directory is not backed up.
All the server resources files in the var/serverresources directory are replaced. These files are not normally edited as they control how Secure Global Desktop works.
The Secure Global Desktop login scripts contained in the var/serverresources/expect directory is backed up to
var/serverresources/expect.<oldversionnumber>
.
If you have customized Secure Global Desktop by changing the files found in a standard installation (for example, webtop themes) or by adding your own files (for example, Expect scripts), these are not upgraded.
You may have to upgrade these files manually. When you install the new version of Secure Global Desktop, Setup warns you if
there are files which may need to be upgraded manually and displays a list of log files to help you identify them.
See "Upgrading a customized Secure Global Desktop installation" in the Secure Global Desktop Administration Guide (http://server.example.com/tarantella/help/en-us/base/gettingstarted/upgrading_tarantella.html) for advice on how to upgrade these files.
From version 4.0, Secure Global Desktop uses a different emulator for mainframe (3270) applications. 3270 character and 3270 X application objects are no longer available and have been replaced by a single 3270 application object. As the new 3270 application object has several new attributes, it is not possible to upgrade existing 3270 application objects. If you upgrade from version 3.x, your existing 3270 character and 3270 X applications will be deleted when you upgrade and you will need to re-configure them.
From version 4.1, Secure Global Desktop no longer supports the rlogin and rcmd connection methods for starting applications. After upgrading you must change the connection method for any applications that use these methods.
From version 4.1, Secure Global Desktop uses a different attribute for the Maximum simultaneous webtop connections setting (--tuning-maxconnections). After upgrading, the default setting for this attribute will be applied.
To get started with Secure Global Desktop:
http://server.example.com
When you first log in, your webtop will list:
Secure Global Desktop supports several mechanisms for authenticating users. By default, any user with an account on the host can log in to Secure Global Desktop using their UNIX/Linux username and password.
| Bug reference | Description |
|---|---|
| 606577 | Invalid Terminal Service License error with Windows 2000 client connecting to Windows 2000 Terminal Server. |
| 606669 | Try running from client first feature does not work with Java technology Client. |
| 606918 | Independent windows resume too small and do not resize. |
| 606920 | Datastore corruption. |
| 606933 | Secure Global Desktop Client does not work properly with dual monitor SunRay. |
| 607020 | Can not launch X applications after a SunRay server reboot. |
| 607038 | Installation directory sanity check feedback needs filtering. |
| 607048 | After 4.20 we should stop building SHX files. |
| 607051 | Uninstalling the Secure Global Desktop Enhancement Module using the rpm --e tem command does not stop the load balancing service (ttaloadprobe). |
| 607054 | When installing the Security Pack, the pkgadd command reports that the Base Component is not installed even though it is. |
| 607070 | Printing does not work on a freshly installed Fedora Core 4. |
| 607095 | After upgrading from 3.42.903 to 4.20.907, unable to activate LDAP or Active Directory login authorities. |
| 607096 | Installing with the rpm command leaves the en-us_setup file in /. |
| 607101 | Native Client for Windows-based Terminals issues: SSL is broken. |
| 607101 | Native Client for Windows-based Terminals issues: initial connection box is broken. |
| 607101 | Native Client for Windows-based Terminals issues: can not launch applications in a seamless window. |
| 607104 | Hierarchy.jsp allows user to exceed value set for Max Instances. Launch fails with ugly error message. |
| 607106 | The setTCCConfiguration method is missing from the web services WSDL file. |
| 607122 | Session disconnects after renewing an expired password. |
| 607123 | Changing an Active Directory password on expiry does not work. |
| 607125 | Expired Thawte certificates are not handled properly by some web browsers. |
| 607130 | Java 2 Platform Standard Edition 5.0 Runtime Environment (JRE) crashes on the primary server in the array. |
| 607131 | Application display is clipped when using the Secure Global Desktop Client and a client window management window. |
| 607176 | Password caching broken in 4.2. |
| 607180 | Bandwidth settings are not honored for default login profile objects. |
| 607182 | Authentication fails on the secondary servers in the array. |
| 607205 | When using secure LDAP (LDAPS) connections, the Change Password dialog box is strange. |
| 607208 | UNIX-based login authorities do not detect an updated NIS password. |
| 607218 | Smart card authentication fails with ActivCard - Cyberflex 64k. |
| 607228 | Pasting from a Windows client to an X application accessed through Secure Global Desktop fails. |
| 607229 | UTF-8 text in does not display on the webtop. |
| 607231 | Active Directory fixes. |
| 6368760 | Secure Global Desktop Native Client for UNIX running under a CAM script does not exit under all circumstances. |
| 6376221 | Remote Desktop Protocol (RDP) printer properties (such as paper size) do not appear to be stored between sessions (Note: this is not fixed on Solaris OS on SPARC platforms). |
| 6379737 | Opening a Microsoft Excel file causes a session to terminate. |
| 6387953 | Secure Global Desktop Web Server components fail to start after installation (Solaris OS x86 platforms only). |
| 6391125 | Cadence 5 application performance suffers when displayed through Secure Global Desktop. |
| 6391573 | Secure Global Desktop Native Client crashes when loading the webtop on a WYSE S30 (WinCE5.0) device. |
| 6391590 | Secure Global Desktop Native Client's application server authentication dialog is only partially filled. |
| 6392597 | Classic webtop does not automatically detect proxy configuration with JRE 1.5. |
| 6395531 | When using the xgerman keymap, the ' (shift and then # on a German keyboard) returns the acute symbol. |
| 6396181 | Minor changes for compatibility with WYSE S30 devices. |
| 6400159 | Escaping acute key does not work with locales that use xgerman.txt keymap. |
| 6405415 | Classroom shadowing (teacher) launch fails because the TTABASEDATADIR variable is missing. |
| 6407372 | Version 4.2 array failure. |
| 6408972 | Script to start the Secure Global Desktop Enhancement Module produces errors due to missing postinstall script. |
| 6409117 | Secure Global Desktop Enhancement Module fails on Solaris OS on x86 platforms. |
| 6411734 | Secure Global Desktop Native Clients can not resume applications configured to use independent windows. |
| 6416375 | Secure Global Desktop Client core dumps on Solaris OS on SPARC platforms. |
The 4.20.983 release contains all the bug fixes in the 4.20.959 release and the following additional fixes:
| Bug reference | Description |
|---|---|
| 6407372 | Array instability caused by JVM crash (also see 607130). |
| 6422254 | Default RDP printer not set to the same as the client. |
| 6423269 | RDP sessions occasionally end unexpectedly. |
| 6426197 | Scrolling in Microsoft Word document causes RDP session to end. |
| 6427852 | Login delay caused by inaccessible client network printers. |
| 6433229 | Konica Minolta printer driver causes RDP session to end. |
| 6435527 | Segmentation fault in ttaxpe when running Hewlett Packard monitoring tool. |
| 6442142 | Exiting Gnome session causes the ttaxpe to spin and utilize 100% CPU. |
| 6452763 | Maximum application session instance count not decremented on application exit when using Intelligent Array Routing. |
| 6455445 | Invalid SSGD user credentials allow access to the Webtop when logging in with the browser and Native Client simultaneously. |
| 6465337 | Certificates used to sign 4.20 archives expired in August 2006. |
| 6465658 | Updated NIS password not detected by UNIX login authority. |
| 6466059 | /etc/pam.d/tarantella file not created when installing on Linux. |
| 6467099 | SSGD security vulnerability fixes. |
Copyright © 1997-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved.
Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
THIS PRODUCT CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF SUN MICROSYSTEMS, INC. USE, DISCLOSURE OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR EXPRESS WRITTEN PERMISSION OF SUN MICROSYSTEMS, INC.
U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.
Use is subject to license terms.
This distribution may include materials developed by third parties.
Sun, Sun Microsystems, the Sun logo, Java, Solaris and SPARC are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.
All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon architecture developed by Sun Microsystems, Inc.
UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.
Adobe is a registered trademark of Adobe Systems, Incorporated.
This product is covered and controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo or to entities identified on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists is strictly prohibited.
Copyright © 1997-2005 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés.
Sun Microsystems, Inc. détient les droits de propriété intellectuels relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plus des brevets américains listés à l'adresse http://www.sun.com/patents et un ou les brevets supplémentaires ou les applications de brevet en attente aux Etats - Unis et dans les autres pays.
CE PRODUIT CONTIENT DES INFORMATIONS CONFIDENTIELLES ET DES SECRETS COMMERCIAUX DE SUN MICROSYSTEMS, INC. SON UTILISATION, SA DIVULGATION ET SA REPRODUCTION SONT INTERDITES SANS L'AUTORISATION EXPRESSE, ECRITE ET PREALABLE DE SUN MICROSYSTEMS, INC.
L'utilisation est soumise aux termes de la Licence.
Cette distribution peut comprendre des composants développés par des tierces parties.
Sun, Sun Microsystems, le logo Sun, Java, Solaris et SPARC sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays.
Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d'autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc.
UNIX est une marque déposée aux Etats-Unis et dans d'autres pays et licenciée exlusivement par X/Open Company, Ltd.
Adobe est une marque enregistree de Adobe Systems, Incorporated.
Ce produit est soumis à la législation américaine en matière de contrôle des exportations et peut être soumis à la règlementation en vigueur dans d'autres pays dans le domaine des exportations et importations. Les utilisations, ou utilisateurs finaux, pour des armes nucléaires, des missiles, des armes biologiques et chimiques ou du nucléaire maritime, directement ou indirectement, sont strictement interdites. Les exportations ou réexportations vers les pays sous embargo américain, ou vers des entités figurant sur les listes d'exclusion d'exportation américaines, y compris, mais de manière non exhaustive, la liste de personnes qui font objet d'un ordre de ne pas participer, d'une façon directe ou indirecte, aux exportations des produits ou des services qui sont régis par la législation américaine en matière de contrôle des exportations et la liste de ressortissants spécifiquement désignés, sont rigoureusement interdites.