Secure Global Desktop Administration Guide > Security > Using Secure Global Desktop with proxy servers
To use Secure Global Desktop with a proxy server, the proxy server must support tunneling.
For the browser-based webtop, you can use HTTP, Secure (SSL) or SOCKS v5 proxy servers.
For the classic webtop, the Java™ technology clients can use HTTP, Secure (SSL) or SOCKS v5 proxy servers. For the Native Clients, you can only use HTTP and SOCKS v5 proxy servers.
For SOCKS v5 proxy servers, Secure Global Desktop supports the Basic and No authentication required authentication methods. No server-side configuration is required.
To use a proxy server with Secure Global Desktop, clients need to be configured with:
The proxy server settings on client devices can be configured automatically or manually.
You can automatically configure the proxy server settings by using the URL
extension or no file extension. See the Netscape Proxy Auto-Config File Format page for details.
Note Use this format for all web browsers supported by Secure Global Desktop.
For the browser-based webtop, the proxy server settings are used by Secure Global Desktop Client.
The Secure Global Desktop Client on Windows client devices can only use an autoconfig file if:
On UNIX or Linux client devices, the Secure Global Desktop Client uses the user preferences file to store proxy server settings. This file can be automatically configured using a shell script.
For the classic webtop, the URL of the autoconfig file is configured in the options for the web browser hosting the Java technology clients.
For the Native Client on UNIX, Linux or Mac OS X client devices, the user preferences file is used to store proxy server settings. This file can be automatically configured using a shell script.
For the browser-based webtop, the proxy server settings are used by Sun Secure Global Desktop Client.
On Windows client devices, the proxy server settings come either:
On UNIX or Linux client devices, the proxy server settings come from the user preferences file.
For the classic webtop:
An exception list is a semicolon-separated list of DNS host names:
Exception lists may include the * wildcard:
There is no translation between DNS hostnames and IP addresses in exception lists. For example, with an exception list of "*.indigo-insurance.com", connections to "chicago.indigo-insurance.com" and "detroit.indigo-insurance.com" would not use the proxy server, but connections to "192.168.5.20" and "192.168.5.30" (their IP addresses) would.
Note On Netscape browsers, the list is a comma-separated list.
If you are using the Sun Java Plug-in version 1.5.0 with the classic webtop, the Plug-in does not make the browser's proxy server settings available to the client. Currently the only solution is to use an earlier version of the Plug-in.
If only one proxy server has been configured on the client, Secure Global Desktop uses this proxy server for all HTTP, HTTPS and Secure Global Desktop connections.
Note If this is a Secure (SSL) proxy server, the Secure Global Desktop traffic is only encrypted if the user has a secure connection to the Secure Global Desktop server.
If an HTTP and a SOCKS proxy server have been configured on the client, and you are using Secure Global Desktop in firewall forwarding mode, Secure Global Desktop uses the HTTP proxy server for all HTTP, HTTPS and Secure Global Desktop connections.
If an HTTP and a SOCKS proxy server have been configured on the client, and you are not using Secure Global Desktop in firewall forwarding mode, the proxy server Secure Global Desktop uses depends on the client. If the client is:
Proxy servers will drop a connection after a short period of time if there is no activity on the connection. By default, Secure Global Desktop sends keepalive packets every 100 seconds to keep the connection open.
If you find that applications disappear after a short while, you may have to increase the frequency at which keepalive packets are sent.
The classic webtop has a diagnostic application,
proxyinfo, which can
be used to investigate any problems Secure Global Desktop encounters when it
acquires proxy information.
To access the application, users must type the following URL in their web client:
You must always run this application through the
proxyinfo application is only available to web clients.
If Native Client for Windows users experience problems with proxy servers,
they should check their Console Log for more information.
When you run the application, the Proxy server information page displays and processes the proxy server configuration. The results are output on screen.
The information displayed shows what the application has detected about the user's web client settings and what tests the application has carried out.
The key piece of information shown is the name and port numbers of the candidate proxy servers. These are the proxy servers that Secure Global Desktop can connect to.
proxyinfo application is a Secure Global Desktop Java™ applet.
You can configure the level of detail shown by the application by adding a parameter to the applet.
To add the parameter:
/opt/tarantella/var/docroot/resources/info/sco/tta/proxyinfo.htmlfile in an editor.
<param name="LOG_MASK" value="bit mask">
The bit mask values for this parameter are:
|General||The web client settings the |
|Details||The tests the |
|Overrides||The domains which have been manually excluded|
|Registry||Windows registry details|
The default value is
7, which shows General, Details and Overrides, but not Registry.
If you have created a customized webtop theme, it may contain HTML files which are used as "entry points" to Secure Global Desktop. An HTML file counts as an entry point if it is the first HTML page to be loaded which contains Secure Global Desktop applets. In order for Secure Global Desktop to detect and use the proxy server configured in the browser, each applet in an entry-point HTML file must include the ProxyServer and ProxyFrame proxy parameters.
Copyright © 1997-2005 Sun Microsystems, Inc. All rights reserved.