Secure Global Desktop Administration Guide > Users and authentication > Connections (--conntype)

Connections (--conntype)

Objects with this attribute

Usage

Object Manager	Connections	Create as many connection type specifications as you need, using the New and Delete buttons. Order them using the arrows.
Command line	`--conntype type_spec...`	Replace `type_spec` with a connection type specification of the form `client:server:type`. For example, `192.168.5.::STD`. Separate each `type_spec` with the "pipe" character, "\|".

Description

This attribute defines, for ranges of DNS names or IP addresses, the connections that are allowed between the client device and the Secure Global Desktop server.

When a user logs in to a Secure Global Desktop server, the DNS names and IP addresses of the client device and the Secure Global Desktop server are used to determine the type of connection. First, the Connections attribute for that user's person object is checked. If there's no matching entry, the parent organizational unit's Connections attribute is checked, and so on up the organizational hierarchy to the organization object.

If there's no matching entry for the organization object, the user is given the best available connection.

Any connection may be denied if there is doubt over its validity, for example if a problem with a web browser means the incorrect TCP port is used for the connection.

Processing of connection types is turned off by default, which lets users log in more quickly. You can turn on processing of connection types on the Security panel of Array Manager.

The Connections attribute is an ordered list of connection type specifications. Each specification names:

The DNS name or IP address of a client device. Use the wildcards ? and * to match more than one client device.
The DNS name or IP address of a Secure Global Desktop server. Use the wildcards ? and * to match more than one Secure Global Desktop server.
The connection type.

In all cases, DNS names or IP addresses are considered from the perspective of the Secure Global Desktop server (they are peer DNS names and IP addresses). If your network is configured to use different names on each side of a firewall, you must use the names on the side of the Secure Global Desktop servers for this attribute.

These connection types are available:

Object Manager	Command line	Notes
Standard	`STD`	Always available.
Secure	`SSL`	Gives users a secure, SSL-based connection between their client device and the Secure Global Desktop server. Only available if the Sun Secure Global Desktop Security Pack is installed and running on the Secure Global Desktop server. If not, users configured to receive secure connections are given standard connections instead.
Deny	`DENY`	Denies users access to the Secure Global Desktop server. Always available.

Note If the Sun Secure Global Desktop Security Pack is installed and running on the Secure Global Desktop server, all connections are secure until the user logs in. Once the user is known, the connection may be downgraded or denied.

Examples

--conntype '192.168.5.*:*:SSL|*:*:STD'

For a person object, means the user is given a secure connection to all Secure Global Desktop servers if the client device has an IP address that starts 192.168.5, and a standard connection for all other client devices.

For an organizational unit or an organization object, these connection type specifications would be used only if no match was found for the client device and Secure Global Desktop server in the person object's Connections attribute.

Related topics
Security and Secure Global Desktop What is the Sun Secure Global Desktop Security Pack? Security properties (array-wide) Security properties (server-specific) How do I tell what connection type a user gets?