Sun Secure Global Desktop – Firewall Friendly

By default there are 4 ports that used by Sun Secure Global Desktop (SSGD) to communicate with clients.

  • 80 – SSGD web server
  • 443 – SSGD web server with SSL
  • 3144 – SSGD Server to SGD Client Device
  • 5307 – SSGD Server to SGD Client Device encrypted

Most all of firewalls configuration, only allow a few ports, and generally ports number 80 (http) and 443 (https) are usually opened.

We can configure SSGD that can only communicate using those 2 ports (80 and 443).

This blog entry is based on fatbloke’s blog entries.

I just wrap up both entres into single page 🙂

  1. Need an X.509 certificate, you can buy it from Certificate Authority (CA) or using self signed certificate for demo and test purpose
    # /opt/tarantella/bin/tarantella security certrequest \\
      --country US --state CA --orgname "Acme Widgets Ltd"
    # /opt/tarantella/bin/tarantella security selfsign
  2. Start SSGD in security mode:
    # /opt/tarantella/bin/tarantella security start
  3. Edit /opt/tarantella/webserver/apache/*/conf/httpd.conf
    Change this line:

    Listen 443


  4. Set up SSGD to listen to port 443:
    # /opt/tarantella/bin/tarantella config edit \\
      --array-port-encrypted 443
  5. Tell SSGD where to send non-AIP traffic
    # /opt/tarantella/bin/tarantella config edit \\
  6. Restart SSGD webserver in ssl mode
    # /opt/tarantella/bin/tarantella webserver \\
      restart --ssl
  7. Restart SSGD
    # /opt/tarantella/bin/tarantella restart