Secure Global Desktop Administration Guide > Getting started > Users and trusted Secure Global Desktop servers

Users and trusted Secure Global Desktop servers

When Secure Global Desktop is first installed, the initial connection between a Secure Global Desktop client and a Secure Global Desktop server is secured with SSL. However, after the user has logged in, the connection is downgraded to a standard connection. To be able to use SSL permanently for connections to Secure Global Desktop, you must enable Secure Global Desktop security services.

In addition to using SSL, Secure Global Desktop also requires users to authorize their connections to Secure Global Desktop so that they only connect to trusted servers. The first time a user connects to a Secure Global Desktop server, they see an Untrusted Initial Connection message advising that they are connecting to a server for the first time.

Note If there is a problem with the server's security certificate, a security warning displays before the Untrusted Initial Connection message.

The message displays the hostname and fingerprint of the security certificate for the server they are connecting to. Users should check these details before clicking Yes. Once a user has agreed to the connection, the hostname and the fingerprint of the certificate are added to the hostsvisited file on the client device. The hostsvisited file is stored in the same location as the user's profile cache.

The user is not prompted again about the connection unless there is a problem. If there is a problem, a Spoofed Connection message displays.

To ensure that users only connect to Secure Global Desktop servers that are trusted, Secure Global Desktop Administrators should:

• Provide users with a list of hostnames and fingerprints for the servers that are trusted. Use the tarantella security fingerprint command on each member of the array to obtain a list of fingerprints.
• Explain to users the security implications of agreeing to connect to server.

Classic webtop

If you are using the classic webtop, the Java™ technology client prompts users every time it connects to a Secure Global Desktop server. The Native Client never prompts users.

Copyright © 1997-2006 Sun Microsystems, Inc. All rights reserved.