Secure Global Desktop 4.31 Administration Guide > Security > How do I tell what connection type a user gets?

How do I tell what connection type a user gets?

There are three possible connection types:

Type	Description
Standard connection	Connections between the client device and Secure Global Desktop server are not encrypted.
Secure (SSL) connection	Connections between the client device and Secure Global Desktop server are encrypted. This connection type is only available when Secure Global Desktop security services are enabled.
Denied	The user is denied a connection.

A user's connection type depends on these factors:

The address of the user's client device.
The Secure Global Desktop server the user logs in to (the Secure Global Desktop security services may not be enabled, which means that secure connections are not available).
The username and password the user types to log in (which, in conjunction with the login authorities available, determines the login profile associated with the user).
The Connections setting for the person object and for its ancestors in the organizational hierarchy (as long as processing of Connections settings is enabled).

Example

User Mulan Rouge logs in to Secure Global Desktop from her usual client device, fez.indigo-insurance.com. She logs in to a server. Processing of Connections settings is enabled.

Mulan types her usual username and password, which correspond to the person object with TFN name .../_ens/o=Indigo Insurance/ou=Finance/cn=Mulan Rouge.

To determine her connection type, Secure Global Desktop checks the person object's Connections attribute. In this example, assume this has two values:

Client device	Secure Global Desktop server	Connection
*.indigo-insurance.com	*	Standard
*	*	Secure

The order of these values is significant: the first match found determines the connection type. In this case the first entry matches, so Mulan receives a standard connection.

If Mulan instead connects from a client device that's not part of indigo-insurance.com, the first entry doesn't match -- but the second one does. In this case Mulan would receive a secure connection.

If Mulan's Connections attribute had no values, the connection type would be determined by the Connections attribute of the parent in the organizational hierarchy: in this case, the organizational unit Finance.

If necessary, Secure Global Desktop continues to check parent OUs, and finally the top-level organization, until a match is found.

If there's no matching entry for the organization object, the user is given the best available connection.

Any connection may be denied if there is doubt over its validity, for example if a problem with a web browser means the incorrect TCP port is used for the connection.

Related topics
Login authorities The Secure Global Desktop datastore and Tarantella Federated Naming Connections (--conntype) Security properties (array-wide)