Secure Global Desktop Administration Guide > Getting started > Introducing Object Manager

Introducing Object Manager

Read this topic to...
Learn what Object Manager is and what it can do.

Use Object Manager to perform these tasks:

Create and configure objects representing the people, hosts, applications and documents within your organization.
Define webtops for all users of Secure Global Desktop, and see whose webtop any object is on.
Monitor who's running which applications on which application servers, and shadow or end those application sessions.
Find out who's cached passwords for which application servers, and delete password cache entries.

You can also use command-line tools for these tasks, if you prefer. These tools also allow you to automate the tasks.

Only Secure Global Desktop Administrators are allowed to run Object Manager.

What you see

Object Manager has two panes, which you can resize.

On the left, the Finder pane lets you search and browse for objects to work with, and lets you remember commonly accessed objects in a list of Favorites.
On the right, the Properties pane lets you work with the objects you locate, and lets you easily return to objects you've worked with recently.

You can get help on any part of Object Manager: click the context help button at the lower right of the Object Manager window, and then click the part you want help on.

The Finder pane

Tab	Description
Search	Use this tab to search all or part of the organizational hierarchy for objects matching your search criteria. Type a search term in the box, and then click Search. An object matches if the search term is a substring of the object's Name, Username or Email Address attribute. The Search box remembers your previous searches. You can constrain searches using the Look In list, which restricts the scope of the search, and the Show list, which restricts the types of object to search for. To find out which login profile could be used by someone, choose All Potential Logins from the Look In list and set the search term to the username that user would type when logging in to Secure Global Desktop.
Browse	Use this tab to browse through the organizational hierarchy for objects. You can restrict the types of object displayed, using the Show list. Create new objects by clicking the organization or organizational unit object that you want the new object to belong to, and then clicking New. Alternatively, right-click an organization or organizational unit object and choose New.
Favorites	Use this tab to remember the objects you work with often. Add an object to your Favorites by dragging and dropping, or by right-clicking the object and choosing Add To Favorites.

The Properties pane

At the top of the Properties pane is a list of the objects you've viewed properties for since you started Object Manager. You can return to an object's properties by clicking it in this list.

The main part of the Properties pane shows properties for an object. Different object types have different properties, including different tabs.

Tab	Description
Attributes	General settings for an object. The attributes available depend on the type of object. Related attributes are grouped. Use the list on the Attributes tab to move between sets of attributes. Click Apply to remember any attribute changes you make. To get help on an attribute, click the context help button at the lower right of the Object Manager window, and then click the attribute.
Links	Defines the links that appear on webtops. Person objects, organizational unit objects and organization objects have Links tabs. Drop objects into the box to add them to the webtop. Drop a group into the box to include the members of the group on a webtop. Drop an organizational unit into the box to include the contents of the OU's Links tab on a webtop. Click the buttons at the bottom of the tab to show the Links tab as a tree or a table. The tree displays the groups and OUs, so you can see why a particular link appears on a webtop. The table just shows the links themselves, hiding groups and OUs.
Members	Defines the members of a group. Drop objects into the box to add them to the group. As groups are often added to Links tabs to include similar webtop content on many different webtops, the Members tab lets you show group members as a tree or a table like a Links tab.
Hosts	Defines the application servers that can run an application. All application object types have a Hosts tab. The contents of an application object's Hosts tab are used for application server load balancing. Drop host objects into the box to include them in application server load balancing for the application. Drop a group into the box to include the members of the group. Click the buttons at the bottom of the tab to show the Hosts tab as a tree or a table. The tree displays the groups, so you can see why a particular application server is included. The table just shows the application servers themselves, hiding groups.
Seen By	Shows, for an object, all the other objects that refer to it. You can think of this as the reverse of the Hosts or Links tab. For example: If a person has an application on their webtop, then the person object will appear on the application object's Seen By tab. If an application may run on a particular host, then the application object appears on the host object's Seen By tab. Expand the tree to follow the references further. For example, if an application is a member of a group, and the group appears on three people's webtops, then the Seen By tab for the application object shows the group object, which expands to show the three person objects. You can drop objects on a Seen By tab. For example, if you drop a person object on an application object's Seen By tab, this has the effect of adding the application to the person's webtop. The person object's Links tab shows the application object.
Sessions	Shows the webtop sessions related to the person, host or profile objects you're viewing properties for. Shows the emulator sessions related to the person, host or application object you're viewing properties for. For webtop sessions, the tab shows information such as the Secure Global Desktop server the user is logged in to, the type of connection the user has and the printing status of the client. For emulator sessions, the tab shows information such as the application server running the application, its start time, whether it's suspended or currently running. You can use this tab to end an emulator or webtop session. You can also "shadow" an emulator session: this allows both you and the user to interact with the same application.
Passwords	Shows the password cache entries related to the person or host object you're viewing properties for. The table shows information about each password cache entry, including the username the person typed to log in to the application server (which isn't necessarily the same username they typed to log in to Secure Global Desktop). You can delete password cache entries here.

Using Object Manager

In this section we'll show what you can do with Object Manager.

Remember that to use Object Manager you'll need to be logged in to Secure Global Desktop as a Secure Global Desktop Administrator.

Defining webtops

Secure Global Desktop supports many different types of user, but the principle is the same for all types: an object in the organizational hierarchy defines the webtop content. Usually the object is directly associated with the user. For example, the user Indigo Jones might have a person object with ENS name o=Indigo Insurance/cn=Indigo Jones.

In Object Manager, each person object has a Links tab. To add applications to a user's webtop, you can drag the application objects and drop them onto the Links tab (you could also use Copy and Paste).

You can also give users webtop content based on their position within the organizational hierarchy: each organizational unit object has a Links tab, too. You can decide, for each person object, whether the user "inherits" webtop content from the OU they belong to, just check or clear the Inherit Parent's Webtop Content box in the person object's attributes.

OU objects can also inherit webtop content from their own parent in the organizational hierarchy. So a person object may include webtop content from all its ancestors in the organizational hierarchy, up to and including the organization object.

Another form of inheritance uses group objects. A group is just a collection of other objects, from anywhere in the organizational hierarchy, and an object may appear in many groups. If you add a group object to a Links tab, the group members appear on the webtop.

Finally, you can inherit webtop content from any OU and not just the parent OU. Just add the OU object to a Links tab.

By inheriting webtop content from parent objects, groups and OUs you can easily give many different users similar webtops and manage them efficiently. The Links tab lets you see where each object on a webtop is inherited from, using a tree. Alternatively you can view the webtop content as a simple table.

Summary

Using the Finder pane, locate the person object or OU you want to define the webtop for.
Choose Properties for the object, and then click the Links tab.
Use the Finder pane to locate the application objects, group objects or OU objects you want to add to the webtop, and drag them onto the Links tab.
If you want to inherit webtop content from the parent object in the organizational hierarchy, click the Attributes tab and make sure the Inherit Parent's Webtop Content box is checked.

Load balancing application servers

Application server load balancing lets you spread the load of a heavily used application across multiple application servers. Secure Global Desktop can choose an application server to help ensure optimal performance for users and optimal resource usage.

In Object Manager each application object has a Hosts tab. To define all the application servers the application can run on, you add host objects to the Hosts tab by dropping them on the tab, or using Copy and Paste. The Secure Global Desktop server performs application server load balancing across all the application servers defined on the application's Hosts tab.

You can create groups with host objects as members, and drop the groups onto the Hosts tab as well. Like the Links tab, the Hosts tab lets you see the hosts as a tree or a table.

Summary

Using the Finder pane, locate the application object you want to load balance across multiple application servers.
Choose Properties for the object, and then click the Hosts tab.
Use the Finder pane to locate the host objects or group objects you want to use for load balancing, and drag them onto the Hosts tab.

Managing webtop sessions

Person objects, profile objects and host objects all have a Sessions tab which display the webtop sessions involving that object. The tab shows information about the webtop session, such as:

the name of Secure Global Desktop server the user is logged in to
the date and time the user logged in;
the type of connection the user has; and
the printing status of the client.

You can end webtop sessions by selecting one or more sessions and clicking Log Out User.

You can also move between Sessions tabs easily. For example, when viewing the webtop sessions for a host object, you can right-click one of the sessions and choose Properties to view the person object's Sessions tab.

Summary

Using the Finder pane, locate the object you want to view webtop sessions involving.
Choose Properties for the object, and then click the Sessions tab.
Select a webtop session and choose Log Out User, or right-click one of the objects involved and choose Properties.

Managing emulator sessions

Each emulator session involves three elements: an application, the application server that's running the application, and the person who's running the application. Consequently application objects, host objects and person objects all have a Sessions tab displaying the emulator sessions involving that object.

The Sessions tab shows the other two elements in the emulator session. For example, the Sessions tab for a person object shows the applications that person is currently running, and the application servers they're running on. The tab also shows other information about each session, including the date and time the session started, and whether the session is suspended or currently active.

On the Sessions tab you can end a session, by selecting a session and clicking End Session. You can also "shadow" a session, which allows both you and the user to view and interact with the application simultaneously.

Note You can only shadow Windows and X applications.

You can also move between Sessions tabs easily. For example, when viewing the emulator sessions for a person object, you can right-click one of the applications involved and choose Properties to view the application object's Sessions tab -- and see who else is running the same application.

Summary

Using the Finder pane, locate the object you want to view emulator sessions involving.
Choose Properties for the object, and then click the Sessions tab.
Select a session and choose End Session or Shadow Session, or right-click one of the objects involved and choose Properties.

Managing passwords

Each password cache entry involves two elements: a person, and the application server the password is cached for. Consequently person objects and host objects both have a Passwords tab displaying the password cache entries involving that object.

The Passwords tab shows the other element in the password cache entry. For example, the Passwords tab for a person object shows the application servers they have cached passwords for. The tab also shows other information about each entry, including the username on the application server.

On the Passwords tab you can delete a password cache entry, by selecting an entry and clicking Remove.

You can also move between Passwords tabs easily. For example, when viewing the password cache entries for a person object, you can right-click one of the application servers involved and choose Properties to view the host object's Passwords tab -- and see who else has cached passwords on that application server.

Summary

Using the Finder pane, locate the object you want to view password cache entries for.
Choose Properties for the object, and then click the Passwords tab.
Select a password cache entry and choose Remove, or right-click one of the objects involved and choose Properties.

Related topics
What is ENS? Objects and the organizational hierarchy Introducing Array Manager The tarantella object command The tarantella webtopsession command The tarantella emulatorsession command The tarantella passcache command