| Sun Secure Global Desktop 4.5 Gateway Administration Guide | 
   |
| C H A P T E R 1 |
Following a brief introduction to the SGD Gateway, this chapter describes how to install the SGD Gateway software. The chapter also includes details of system requirements for the SGD Gateway.
The SGD Gateway is a proxy server designed to be deployed in front of an SGD array in a demilitarized zone (DMZ). This enables the SGD array to be located on the internal network of an organization. Additionally, all connections can be authenticated in the DMZ before any connections are made to the SGD servers in the array.
Using the SGD Gateway is an alternative to running your SGD servers with firewall traversal, also called firewall forwarding.
The SGD Gateway manages load balancing of Hypertext Transfer
Protocol (HTTP) connections, so you do not need to use the JavaServer Pages
(JSP) technology load balancing page
included with SGD.
The supported installation platforms for the SGD Gateway host are shown in the following table.
| Operating System | Supported Versions |
|---|---|
| Solaris Operating
System (Solaris OS) on SPARC platforms |
10 |
| Solaris OS on x86 platforms | 10 |
| OpenSolaris on x86 platforms | Latest version |
| Red Hat Enterprise Linux (Intel x86 32-bit) | 5 |
| SUSE Linux Enterprise Server (Intel x86 32‐bit) | 10 |
The following requirements apply for the SGD servers used with the SGD Gateway:
Secure mode. The SGD servers used with the SGD Gateway must be running in secure mode. Firewall traversal is not supported, so you cannot use the tarantella security enable command to configure secure mode automatically.
See “Setting Up Secure Client Connections (Manual Configuration)” in Chapter 1 of the Sun Secure Global Desktop 4.5 Administration Guide for details of how to secure an SGD server.
Firewall traversal is covered in “Using Firewall Traversal” in Chapter 1 of the Sun Secure Global Desktop 4.5 Administration Guide.
Integrated mode. SGD Clients must not be configured to access the SGD servers in Integrated mode.
SGD version. The SGD servers must be running version 4.50 of SGD.
Clock synchronization. It is important that the system clocks on the SGD servers and the SGD Gateway are in synchronization. Use Network Time Protocol (NTP) software, or the rdate command, to ensure that the clocks are synchronized.
For more information on SGD server system requirements, see the Sun Secure Global Desktop 4.5 Installation Guide.
On Solaris OS platforms, install the SGD Gateway with the pkgadd command.
On Linux platforms, install the SGD Gateway with the rpm command.
By default, SGD is installed in the /opt/SUNWsgdg directory. You can change the installation directory, as follows:
Solaris OS platforms – The installation program asks you for the installation directory when you install the software
Linux platforms – You can choose a different installation directory, by using the ‐‐prefix option with the rpm command when you install the software
Save the SGD Gateway package to a temporary directory on the host.
If you are installing from the CD-ROM, the package is in the gateway directory.
Alternatively, download the installation program from an SGD web server at http://server.example.com, where server.example.com is the name of an SGD server. When the SGD web server Welcome Page is displayed, click Install the Sun Secure Global Desktop Gateway.
If the package file is compressed, you must expand it before installing.
To install on Solaris OS on x86 platforms:
# pkgadd -d /tempdir/SUNWsgdg-version.sol-x86.pkg |
To install on Solaris OS on SPARC technology platforms:
# pkgadd -d /tempdir/SUNWsgdg-version.sol-sparc.pkg |
Note - On Solaris OS platforms, if the installation fails with a pwd: cannot determine current directory! error message, change to the /tempdir directory and try again. |
To install on Linux platforms:
# rpm -Uvh /tempdir/SUNWsgdg-version.i386.rpm |
Verify that the SGD Gateway package is registered in the package database.
# pkginfo -x SUNWsgdg |
# rpm -qa | grep -i SUNWsgdg |
Run the SGD Gateway setup program.
# /opt/SUNWsgdg/bin/gateway setup |
The SGD Gateway setup program presents the following settings that you can accept or change:
SGD Gateway port settings. The interface and port used by the SGD Gateway for incoming connections. By default, the SGD Gateway listens on port 443 on all interfaces.
Network entry point. The Internet Protocol (IP) address, or Domain Name System (DNS) name, and the port that client devices use to connect to the SGD Gateway. This is not always the same as the address of the SGD Gateway. Depending on the configuration of your network, this can be the address of a load balancer or other external device.
For example, if users connect directly to an SGD Gateway at gateway1.example.com, type gateway1.example.com:443 for the network entry point.
If users connect to the SGD Gateway through a load balancer at lb.example.com, type lb.example.com:443 for the network entry point.
Secure connections. Whether to secure the connections between the SGD Gateway and the SGD servers in the array. By default, the SGD Gateway uses secure connections. To use secure connections, the SGD servers in the array must be running in secure mode.
Note - These settings can be changed later, by using the gateway config create command. See How to Configure the Ports and Connections for the SGD Gateway. |
After installing the software, you must perform additional configuration of the SGD Gateway. See Chapter 2 for details of what you need to do.
| Sun Secure Global Desktop 4.5 Gateway Administration Guide | 820-6691-10 |
|
Copyright © 2009, Sun Microsystems, Inc. All rights reserved.
How To Install the SGD Gateway