Secure Global Desktop 4.40 Administration Guide > Getting Started > Configuring and Managing an Array

Configuring and Managing an Array

In SGD, an array is a collection of SGD servers that share configuration information.

Arrays have the following benefits:

• Users and application sessions are load-balanced across the array. To scale to more users, simply add more SGD servers to the array.
• With more than one server, there is no single point of failure. You can decommission a server temporarily with the minimum of disruption to your users.
• Configuration information, including all the objects in your organizational hierarchy, is replicated to all array members. All array members have access to all information.

Users see the same webtop and can resume applications no matter which SGD server they log in to.

This page includes the following topics:

• The Structure of an Array
• Replicating Data Across the Array
• Array Communication
• Adding and Removing SGD Servers From An Array
• Configuring Arrays and Servers

The Structure of an Array

An array contains:

• One primary server - this server is the authoritative source for global SGD information, and maintains the definitive copy of the organizational hierarchy (local repository)
• Any number of secondary servers - the primary server replicates information to these servers

A single, standalone server is considered to be the primary server in an array with no secondary servers.

SGD servers in an array might run different operating systems. However, all the array members must run the same version of SGD.

While you are evaluating SGD you are limited to an array with no more than two members. Once you install a license key, this restriction is removed.

As the SGD servers in an array share information about user sessions and application sessions, it is important to synchronize the clocks on the SGD hosts. Use Network Time Protocol (NTP) software or the rdate command to ensure the clocks on all SGD hosts are synchronized.

Replicating Data Across the Array

When the primary server replicates data to the secondary servers, it replicates the following data:

• The local repository
• Session information
• Configuration information, including global configuration
• Client profiles created by Secure Global Desktop Administrators
• User preferences created by SGD users from the webtop
• The application server password cache
• The token cache
• Resource files, such as application server login scripts

Apart from the resource files, any changes to the above data is replicated immediately. The synchronization of resource files occurs once daily, and only while the servers are running. The resource files that are synchronized are the files in the following directories:

• /opt/tarantella/var/serverresources
• /opt/tarantella/var/docroot/resources

Only add, modify, or delete the files in these directories on the primary server.

The time and effort that it takes to synchronize an array is directly proportional to the size of the array. Resource synchronization can be scheduled to take place at a time of your choosing. In the SGD Administration Console, this is configured with the Daily Resource Synchronization Time attribute on the Performance tab for each SGD server.

Array Communication

In the array, each SGD server has a peer DNS name and one or more external DNS names. SGD servers always use peer DNS names to communicate with each other. You also use peer DNS names when specifying array members in the SGD configuration tools. External DNS names are only used by SGD Clients when connecting to SGD servers. See SGD and DNS Names for more details on DNS names.

Connections between the SGD servers in an array are made on TCP port 5427. Unless explicitly enabled, this connection is not encrypted. The connection between SGD servers in an array can be encrypted by using secure intra-array communication.

Each server in the array has a record of the peer DNS names of all the SGD servers in an array. A server only accepts connections on TCP port 5427 if the following occurs:

• The connection is from an array member, according to its own records.
• A shared secret, known only to array members, is used to authenticate connections between array members. Secret Key Identification (SKID) authentication is used. SKID authentication does not encrypt the data.

Most connections are made from the primary server to a secondary server. These connections replicate data to keep the array synchronized. However, array members must be able to communicate directly with other array members.

Adding and Removing SGD Servers From An Array

You add and remove Secure Global Desktop servers from an array by using the SGD Administration Console or by using the tarantella array command.

It is best to perform all array operations on the primary SGD server in the array.

Adding a Server to an Array

The server joining the array must be a standalone server (it must be in an array on its own).

1. Log in to the SGD Administration Console on the primary SGD server.
2. Click the Secure Global Desktop Servers tab.
3. In the Secure Global Desktop Server List, click the Add button. The Add a Secure Global Desktop Server screen displays.
4. Enter the peer DNS name of an SGD server in the DNS Name field.
5. Enter the user name and password of an Secure Global Desktop Administrator in the User Name and Password fields.
6. Click Add. The Secure Global Desktop Servers tab displays.

   The tab shows messages advising you wait for the server change and synchronization processes to complete.

Alternatively, use the following command:

$ tarantella array join --secondary serv

serv is the peer DNS name of the server to add. You can also use the --primary serv argument instead. This adds the server and makes the primary server in one operation.

Note After making a change to the structure of an array, wait until SGD has copied the changes to all the SGD servers in the array before making any further changes. You can tell when this has happened when the list of SGD servers shown in the SGD Administration Console or by the tarantella status command is the same when you run it on each SGD server in the array.

If the server you add has been load balancing application servers using Advanced Load Management, you must do a warm restart (tarantella restart --warm) of the new server after it has joined the array. If the array to which the new server is joined is using Advanced Load Management, you must do a warm restart of the whole array after the new server has joined.

Removing a Server From an Array

To remove the primary server from an array, first make another server the primary server and then remove the old primary server.

1. Log in to the SGD Administration Console on the primary SGD server.
2. Click the Secure Global Desktop Servers tab.
3. In the Secure Global Desktop Server List, click the Remove button.
4. When prompted, click OK.

   The Secure Global Desktop Servers tab shows messages advising you wait for the server change and synchronization processes to complete.

Alternatively, use the following command:

$ tarantella array detach --secondary serv

serv is the peer DNS name of the server to remove.

When you remove a server from an array, it loses its license keys.

Note After making a change to the structure of an array, wait until SGD has copied the changes to all the SGD servers in the array before making any further changes. You can tell when this has happened when the list of SGD servers shown in the SGD Administration Console or by the tarantella status command is the same when you run it on each SGD server in the array.

Changing the Primary Server in an Array

1. Log in to the SGD Administration Console on the primary SGD server.
2. Click the Secure Global Desktop Servers tab.
3. In the Secure Global Desktop Server List, click the Make Primary button.
4. When prompted, click OK.

   The Secure Global Desktop Servers tab shows messages advising you wait for the server change and synchronization processes to complete.

Alternatively, use the following command:

$ tarantella array make_primary serv

serv is the peer DNS name of the server that is to be the new primary.

The previous primary server becomes a secondary server.

Note After making a change to the structure of an array, wait until SGD has copied the changes to all the SGD servers in the array before making any further changes. You can tell when this has happened when the list of SGD servers shown in the SGD Administration Console or by the tarantella status command is the same when you run it on each SGD server in the array.

Configuring Arrays and Servers

The SGD Administration Console allows you to configure arrays and SGD servers. The attributes on the Global Settings tabs are the settings that apply to the array as a whole, for example how users authenticate to SGD. If you click the name of an SGD server on the Secure Global Desktop Servers tab, you display the attributes that apply only to that server, for example the server's external DNS names.

You can also list and edit global settings or server-specific settings from the command line, using the tarantella config command. The Sun Secure Global Desktop Software Reference Manual has details of all the command-line arguments used for global settings and server-specific settings.

Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.