Read this page to find out how to install Sun Secure Global Desktop Software version 4.3 on your system.
If you are upgrading, read the upgrade instructions before installing the software.
This page uses the term "host" to mean the UNIX/Linux system on which you want to install Sun Secure Global Desktop Software.
Part Number: 819-6254
Before installing Sun Secure Global Desktop Software, you should read the Secure Global Desktop Release Notes. The Release Notes contain important information about this version of Secure Global Desktop, including:
When you install Secure Global Desktop, you install the Secure Global Desktop Web Server. The Secure Global Desktop Web Server is an Apache web server that has been pre-configured for use with Secure Global Desktop.
When you install Secure Global Desktop, you will be prompted for the TCP port on which the Secure Global Desktop Web Server listens for HTTP connections. This is usually port 80/tcp, but if another process is listening on that port you will be prompted to choose another.
There must be a ttaserv and ttasys user on the host before you can
install Secure Global Desktop. There must also be a ttaserv group.
The ttasys user owns all the files and processes used by the Secure Global
Desktop server. The ttaserv user owns all the files and processes used by the Secure
Global Desktop Web Server.
The Secure Global Desktop server does not require the privileges of the root user to run. The server starts as root and then downgrades to the ttasys user.
If you try to install the software without these users and group in place, the installation will stop without making any changes to the system and tell you what you need to do. The requirements are:
ttaserv and ttasys.ttaserv.ttaserv as their primary group./bin/sh.passwd -l).One way to create these users is with the useradd and groupadd commands, for example:
groupadd ttaserv useradd -g ttaserv -s /bin/sh ttaserv passwd -l ttaserv
To be able to run an application (including the default webtop applications), Secure Global Desktop needs to be able to connect to an application server and start the application. Typically this is done using telnet or SSH (Secure Shell). One of these services should be enabled before installing the Secure Global Desktop.
If you are using SSH, you must enable X11 forwarding in your SSH configuration. The Secure Global Desktop Administration Guide has details on using SSH with Secure Global Desktop.
Sun Secure Global Desktop Software contains several installable components.
The component installed on hosts provides the main functionality of Secure Global Desktop:
The components installed on application servers, called Enhancement Modules, are used to provide additional functionality for Secure Global Desktop, for example load balancing or client drive mapping:
The components installed on client devices allow users to connect to Secure Global Desktop. Usually these components are installed automatically when users connect to Secure Global Desktop. This requires a web browser with Java™ technology enabled. If your organization prefers not to use Java technology, or you want more control over where the Secure Global Desktop Client is installed, you can install the Sun Secure Global Desktop Client manually:
If you are using the classic webtop, you can use a manually installable Native Client instead of the Java technology client:
On the Solaris™ Operating System (Solaris OS), you install Secure Global Desktop with the pkgadd command.
If the installation file is compressed, you need to expand it before installing.
If you are upgrading, read the upgrade instructions before installing the software.
By default, the software is installed in /opt/tarantella, but the installation program will prompt you for the installation directory when you install the software.
pkgadd -d /full_path/ttaarch.pkg
i3so for Solaris OS on x86 platforms and spso is for Solaris OS on SPARC® platforms.
When you install Secure Global Desktop, Setup:
/etc/rc.d/rc3.d and named *Tarantella and *TarantellaWebServer.crontab to archive the Secure Global Desktop log files weekly.When Setup has finished installing, Secure Global Desktop and the Secure Global Desktop Web Server will be running.
If the installation fails with a pwd: cannot determine current directory! error message, change to the /tmp directory and try again.
After you have installed the software, you should verify that the Secure Global Desktop package has registered in the package database by running the following command:
pkginfo | grep -i tta
On Linux, you install Secure Global Desktop with the rpm command.
If you are upgrading, read the upgrade instructions before installing the software.
By default, the software is installed in /opt/tarantella, but you can choose a different installation directory by using the --prefix option when you install the software.
rpm -Uvh tta-version.i386.rpm
/opt/tarantella/bin/tarantella start
When you start the Secure Global Desktop server for the first time, the installation program, Secure Global Desktop Setup, automatically starts. Setup:
/etc/rc.d/rc3.d and named *Tarantella and *TarantellaWebServer.crontab to archive the Secure Global Desktop log files weekly./etc/pam.d/tarantella. This is copied from the existing /etc/pam.d/passwd file. If this file does not exist, the PAM configuration file is not created.
When Setup has finished, the Secure Global Desktop server and the Secure Global Desktop Web Server will be running.
After you have installed the software, you should verify that the Secure Global Desktop package has registered in the package database by running the following command:
rpm -qa | grep -i tta
The Secure Global Desktop Enhancement Module for Microsoft Windows contains modules for client drive mapping, load balancing and seamless windows.
By default, the Enhancement Module is installed in C:\Program Files\Tarantella\Enhancement Module, but the installation program will prompt you for the installation directory.
temwin32.exe) to a temporary directory.
http://server.example.com.temwin32.exe to install the Enhancement Module.The Secure Global Desktop Enhancement Module for UNIX contains modules for client drive mapping and load balancing.
You install the Enhancement Module with the pkgadd command.
If the installation file for the Enhancement Module is compressed, you need to expand it before installing.
By default, the Enhancement Module is installed in /opt/tta_tem, but the installation program will prompt you for the installation directory.
temi3so.pkg for Solaris OS on x86 platforms and temspso.pkg for Solaris OS on SPARC platforms) to a temporary directory on the application server.
http://server.example.com.
pkgadd -d /full_path/temi3so.pkg for Solaris OS on x86 platformspkgadd -d /full_path/temspso.pkg for Solaris OS on SPARC platforms
Note The installation program adds a file to the appropriate system start-up directory to ensure that the load balancing service starts when the system reboots. Assuming you install the software in run level 3, this file will be in /etc/rc.d/rc3.d and named *tem.
The Secure Global Desktop Enhancement Module for Linux contains modules for client drive mapping and load balancing.
You install the Enhancement Module with the rpm command.
By default, the Enhancement Module is installed in /opt/tta_tem, but you can choose a different installation directory by using the --prefix option when you install.
temversion.i386.rpm) to a temporary directory on the application server.
http://server.example.com.
rpm -Uvh temversion.i386.rpm
Note The installation program adds a file to the appropriate system start-up directory to ensure that the load balancing service starts when the system reboots. Assuming you install the software in run level 3, this file will be in /etc/rc.d/rc3.d and named *tem.
The Sun Secure Global Desktop Client is installed automatically when you connect to Secure Global Desktop using a web browser with Java technology enabled. Only follow these instructions if you want to manually install the Client.
By default, the Secure Global Desktop Client is installed in C:\Program Files\Sun\Secure Global Desktop Client, but you can choose a different installation directory when you install the software. When you install, a shortcut for the Client is added to the Windows Start Menu.
sgdcwin-lang.exe) to a temporary directory on your PC.
http://server.example.com
sgdcwin-lang.exe.To log in to Secure Global Desktop, you can launch the Secure Global Desktop Client as part of the installation or click on the Secure Global Desktop Login shortcut in the Start Menu.
The first time you start the Secure Global Desktop you are prompted for the following information:
http://server.example.com/sgd
The Sun Secure Global Desktop Client is installed automatically when you connect to Secure Global Desktop using a web browser with Java technology enabled. Only follow these instructions if you want to manually install the Client.
By default, the Secure Global Desktop Client is installed in $HOME/bin, but you can choose a different installation directory when you install the software.
http://server.example.com
tar xvf sgdci3li.tar on Linux x86 32-bit platformstar xvf sgdci3so.tar on Solaris OS on x86 platformstar xvf sgdcspso.tar on Solaris OS on SPARC platformssh sgdc/install.To log in to Secure Global Desktop, you run the ttatcc command.
The first time you start the Secure Global Desktop Client you are prompted for the following information:
http://server.example.com/sgd
By default, the Native Client is in installed in C:\Program Files\Tarantella\Sun Secure Global Desktop Native Client, but you can choose a different installation directory when you install the software.
tncwin32.exe) to a temporary directory on your PC.http://server.example.com
tncwin32.exe.By default, the Native Client is installed in $HOME/bin, but you can choose a different installation directory
when you install the software.
http://server.example.com
tnci3li.tar for Linux x86 32-bit platformstncspso.tar for Solaris OS on SPARC platformstnci3so.tar for Solaris OS on x86 platformstar xvf <tar file>
.sh ttwebtop/install.tncppdw.dmg) to a temporary directory on your Macintosh.
http://server.example.com
To upgrade Sun Secure Global Desktop Software you can either uninstall Secure Global Desktop and install the new version or you can perform an "in-place" upgrade. If you perform an "in-place" upgrade, your current configuration is usually preserved when you upgrade. The following instructions apply to "in-place" upgrades.
Note the directory paths listed in this section assume the software is installed in the default /opt/tarantella directory.
Upgrades to or upgrades from EAP releases of Secure Global Desktop software are not supported. EAP releases must always be "clean" installs.
If a Secure Global Desktop server is in evaluation mode or expired evaluation mode, you upgrade by installing the next version of Secure Global Desktop.
A server that was in expired evaluation mode remains in expired evaluation mode after the upgrade. You cannot log in to a Secure Global Desktop server when it is in expired evaluation mode. To license a server when it is in expired evaluation mode, you must either add a valid license key (using the tarantella license add command) or join the server to an array that is already fully licensed.
Upgrades to version 4.3 are only supported from the following versions of Secure Global Desktop:
If you want to upgrade from any other version of Secure Global Desktop, or from Tarantella Enterprise 3 version 3.3 or earlier, contact Support.
You can only upgrade from Secure Global Desktop version 3.42 if both of the following are true:
If you upgrade from version 4.1 or earlier, your license keys will be upgraded when you install version 4.3. Use the tarantella license list command to list your new license keys. Make a note of them and keep them somewhere safe.
Before you upgrade on Solaris OS platforms, create an installation administration file (for example, /tmp/pkgadmin) with the following contents:
conflict=nocheck
When you install Secure Global Desktop, use the -a file
option to specify the administration file, for example:
pkgadd -a /tmp/pkgadmin -d /full_path/ttaarch.pkg
On Linux platforms, if you are upgrading from version 4.2, you must manually uninstall all optional packs before upgrading.
To list all the packs that have been installed, run the following command:
rpm -qa | grep -i tta
To remove all optional packs, run the following command:
rpm -e pack ...
for example rpm -e ttasecure tta3270 removes the Security Pack and the Mainframe Connectivity Pack.
To upgrade a fully licensed array containing a single server:
As Secure Global Desktop servers in an array share configuration information, all servers in an array must run on the same major/patch (4.3x) version of Secure Global Desktop. This means that to upgrade a multiple-server array, you must dismantle the array and upgrade each server independently.
To upgrade a fully licensed array containing multiple servers:
tarantella array detach --secondary server
command to detach the secondary servers.tarantella status command returns the same result when you run it on each array member.tarantella array join --secondary server
command to add the secondary servers.tarantella status command returns the same result when you run it on each array member.When you upgrade, you upgrade the Secure Global Desktop Web Server. If you customized any of the files used by the Secure Global Desktop Web Server, these will be preserved when you upgrade:
/opt/tarantella/var/webserver/apache/<oldversion>./opt/tarantella/var/webserver/tomcat/<oldversion>.You have to manually copy your customizations to the new Apache/Tomcat directories.
To upgrade the Secure Global Desktop Enhancement Module for Windows, you uninstall the previous version and then install the new version.
To upgrade the Secure Global Desktop Enhancement Module for UNIX/Linux, you first stop all services provided by the Enhancement Module and then install the new version.
All web browser users must restart their web browsers before connecting to an upgraded Secure Global Desktop server.
If you are using your own web server instead of the Secure Global Desktop Web Server, you must restart your web server to ensure that users receive upgraded Java archives.
Native Client users should download and install the latest version of the Client from http://server.example.com.
Version 4.0/4.1 versions and 4.2+ versions of the Native Client for Microsoft Windows are installed in different locations to previous versions. This means that previous versions are not uninstalled when you upgrade and will remain on the Windows Start menu. You may need to keep the previous versions to connect to Secure Global Desktop servers running older version of the software or they can be manually uninstalled.
A complete copy of your ENS database (this is the storage area for all the objects in your Secure Global Desktop organizational hierarchy) is taken from the var/ens directory and backed up to the var/ens.<oldversion>
directory. The backup is not changed and the existing ENS database is only changed if new objects essential to the running of Secure Global Desktop are needed.
The local/global array configuration stored in the var/serverconfig directory is only changed if there is a need to insert any new properties files and add new attributes to existing properties. This directory is not backed up.
All the server resources files in the var/serverresources directory are replaced. These files are not normally edited as they control how Secure Global Desktop works.
The Secure Global Desktop login scripts contained in the var/serverresources/expect directory is backed up to
var/serverresources/expect.<oldversion>.
If you have customized Secure Global Desktop by changing the files found in a standard installation (for example, webtop themes) or by adding your own files (for example, Expect scripts), these are not upgraded. You may have to upgrade these files manually. When you install the new version of Secure Global Desktop, Setup warns you if there are files which may need to be upgraded manually and displays a list of log files to help you identify them. See Upgrading a Customized Secure Global Desktop Installation for advice on how to upgrade these files.
When you upgrade your version of Secure Global Desktop, the Setup program will preserve your existing configuration, but it does not upgrade any customized files.
There are two types of customized files that may need attention after you have upgraded:
Note The following information assumes you have installed Secure Global Desktop in its default location, /opt/tarantella.
During installation, Setup creates a backup of all customized files, including login scripts, by moving the standard Secure Global Desktop files in the following directories (and the subdirectories within them):
var/docroot
var/docroot.<oldversion>.
var/serverresources/expect
var/serverresources/expect.<oldversion>.
etc/data
etc/data.<oldversion>.
etc/templates
etc/templates.<oldversion>.This means that immediately after an upgrade, your customizations will not be active. These customizations need to be manually upgraded.
Secure Global Desktop Setup leaves bespoke files in their current location and does not attempt to upgrade them. These files need to be manually upgraded.
During the upgrade, if Setup detects that you have customized and/or bespoke files, you will see a message that says four log files have been produced:
var/log/upgraded.files
var/log/customized.list
var/log/customizedchanged.list
var/log/docrootjava.log
You can use these log files to identify the customized and/or bespoke files that need to be manually upgraded.
The customizedchanged.list log file lists the customized
files that may have to be manually upgraded.
For each file listed in this log file, there will be three versions of the file held on your system:
var/docroot.<oldversion> directory.etc/templates.<oldversion>
directory.etc/templates directory.To upgrade your customized files:
var/docroot.<oldversion> directory.
diff to compare the file in the
etc/templates.<oldversion>
directory with the file
in the etc/templates directory. This will highlight the
changes that have been made between Secure Global Desktop versions.
patch to apply the same changes to
your copy of your customized files.
var/docroot.The docrootjava.log and customized.list
log files list the bespoke files that may have to be manually upgraded.
The only way to upgrade these files is to compare versions of the standard Secure Global Desktop files to identify changes that have taken place and then apply those changes to your bespoke files.
To identify the changes, you need to compare the following files:
etc/templates.<oldversion>
directory.
etc/templates directory.Use a utility such as diff to compare the files in these directories.
This will highlight the changes that have been made between Secure Global Desktop
versions. Apply these changes to your bespoke files, for example by using
a utility such as patch.
http://server.example.com
The Secure Global Desktop Web Server Welcome Page displays.
You may see a Java security message. Click Run to install the Sun Secure Global Desktop Client.
The login page may take a few minutes to display the first time you visit it.
Secure Global Desktop supports several mechanisms for authenticating users. By default, any user with an account on the host can log in to Secure Global Desktop using their UNIX/Linux username and password.
The webtop lists the applications you can run and documents you can see. When you first log in, your webtop lists:
On the webtop, click Help to display the Secure Global Desktop Administration Guide. This is the on-line documentation for configuring and running Secure Global Desktop. Read all of the "Getting started" section as this covers all the essential information to help you get started with Secure Global Desktop.
You control Secure Global Desktop from the command line using the tarantella command. This is a script installed in /opt/tarantella/bin. As this script is not on the standard PATH, you must use the full pathname each time you run the command, or change to
/opt/tarantella/bin before issuing the command. Alternatively:
/opt/tarantella/bin to the PATH:PATH=$PATH:/opt/tarantella/bin ; export PATH
alias t=/opt/tarantella/bin/tarantella
There are restrictions on which users can use which commands in the family of tarantella commands:
Use the usermod -G command to make a user a member of the ttaserv group.
The ttaserv group does not have to be the user's primary or effective group.
You control the Secure Global Desktop server using a tarantella command as follows:
tarantella start - starts Secure Global Desktop services on a host, including printing services.tarantella stop - stops Secure Global Desktop services on a host, prompting if users are currently connected.tarantella restart - stops and then restarts Secure Global Desktop services on a host.You control the Secure Global Desktop Web Server using the tarantella webserver command as follows:
tarantella webserver start - starts the web server.tarantella webserver stop - stops the web server.tarantella webserver restart - stops and then restarts the web server.When you install the Secure Global Desktop Enhancement Module for Windows, the load balancing service starts immediately. The load balancing service also starts automatically whenever the server is rebooted. You can also manually stop and start the load balancing service, as follows:
When you install the Secure Global Desktop Enhancement Module for UNIX/Linux, you must manually start the services that it provides. The load balancing service also starts automatically whenever the server is rebooted. The client drive mapping service must always be manually started.
You control the Enhancement Module by running the following commands as root:
install_dir/bin/tem start - starts the load balancing service.install_dir/bin/tem stop - stops the load balancing service.install_dir/bin/tem startcdm - starts the client drive mapping service.install_dir/bin/tem stopcdm - stops the client drive mapping service.By default, install_dir is /opt/tta_tem.
The first time you start the load balancing service, you will be asked to confirm the amount of virtual memory the server has.
By default, Secure Global Desktop installs in a 30-day evaluation mode. During this trial period:
After 30 days the Secure Global Desktop server no longer allows users to log in.
To continue using Secure Global Desktop, you must add a license key. You can add license keys:
tarantella license add license_key
command.To remove Secure Global Desktop from your system:
tarantella uninstall --purge.
Note the tarantella uninstall command is the only supported
method for removing Secure Global Desktop. This command stops all Secure Global
Desktop processes before removing the software. Do not use the rpm or
pkgrm commands directly to remove the software.
You uninstall the Secure Global Desktop Enhancement Module for Windows by selecting Add/Remove programs from Microsoft Windows Control Panel.
You must have Administrator privileges to do this.
Note You can also uninstall individual modules.
To uninstall the Secure Global Desktop Enhancement Module on UNIX/Linux platforms:
rpm -e tem on Linux platformspkgrm tem on Solaris platformsCopyright © 1997-2006 Sun Microsystems, Inc. All rights reserved.
Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.
This distribution may include materials developed by third parties.Sun, Sun Microsystems, the Sun logo, Java and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries.
UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.
Copyright © 1997-2006 Sun Microsystems, Inc. Tous droits réservés.
Sun Microsystems, Inc. détient les droits de propriété intellectuels relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plus des brevets américains listés à l'adresse http://www.sun.com/patents et un ou les brevets supplémentaires ou les applications de brevet en attente aux Etats - Unis et dans les autres pays.
L'utilisation est soumise aux termes du contrat de licence.
Cette distribution peut comprendre des composants développés par des tierces parties.
Sun, Sun Microsystems, le logo Sun, Java et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays.
Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d'autres pays.
UNIX est une marque déposée aux Etats-Unis et dans d'autres pays et licenciée exlusivement par X/Open Company, Ltd.