Sun Secure Global Desktop – Firewall Friendly

By default there are 4 ports that used by Sun Secure Global Desktop (SSGD) to communicate with clients.

  • 80 – SSGD web server
  • 443 – SSGD web server with SSL
  • 3144 – SSGD Server to SGD Client Device
  • 5307 – SSGD Server to SGD Client Device encrypted

Most all of firewalls configuration, only allow a few ports, and generally ports number 80 (http) and 443 (https) are usually opened.

We can configure SSGD that can only communicate using those 2 ports (80 and 443).

This blog entry is based on fatbloke’s blog entries.

I just wrap up both entres into single page 🙂

  1. Need an X.509 certificate, you can buy it from Certificate Authority (CA) or using self signed certificate for demo and test purpose
    # /opt/tarantella/bin/tarantella security certrequest \\
      --country US --state CA --orgname "Acme Widgets Ltd"
    # /opt/tarantella/bin/tarantella security selfsign
  2. Start SSGD in security mode:
    # /opt/tarantella/bin/tarantella security start
  3. Edit /opt/tarantella/webserver/apache/*/conf/httpd.conf
    Change this line:

    Listen 443

    to:

    Listen 127.0.0.1:443
  4. Set up SSGD to listen to port 443:
    # /opt/tarantella/bin/tarantella config edit \\
      --array-port-encrypted 443
  5. Tell SSGD where to send non-AIP traffic
    # /opt/tarantella/bin/tarantella config edit \\
      --security-firewallurl https://127.0.0.1:443
  6. Restart SSGD webserver in ssl mode
    # /opt/tarantella/bin/tarantella webserver \\
      restart --ssl
  7. Restart SSGD
    # /opt/tarantella/bin/tarantella restart
Advertisements

One Response

  1. Cool site, love the info.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: