Sun Secure Global Desktop - Overview

Overview

SGD is considered by industry insiders to be a competitor to Citrix's products for remote application delivery.

A large range of client devices can connect to a Secure Global Desktop Server, including Microsoft Windows PCs, Solaris desktops, Apple Macintoshes, Linux PCs, thin clients such as those from Sun and Wyse, and mobile devices. The client requires only a web browser with a Java Runtime Environment installed.

A client device connects to the Secure Global Desktop Server either via a supported Java-enabled browser or via Native Client software (this "native client" can be downloaded from a SGD installation's login page, i.e. instead of logging in and letting the Java applet handle the connection automatically for you, you could instead do it manually by downloading this "native client" from the SGD main login page, install it locally, and then launch it and connect via this). When you connect via a browser the first time as a client, the SGD client (the client-side of the aforementioned Java component) is downloaded so you can then SSL-encrypt your connection. The system officially supports Mozilla Firefox, Internet Explorer, and Safari, but other browsers might work too for as long as they have access to a working Java-plugin. The latest Java Runtime Environment is recommended but at least version 1.5 is required.

The Desktop Client connects to the Secure Global Desktop Server via the Adaptive Internet Protocol (AIP). AIP is bandwidth- and latency-aware and can adjust compression and performance dynamically on links as diverse as a 56K modem or a 100Mb LAN.

Session Resumability and Mobility is a feature allowing remote access to desktop applications from essentially any Java-enabled browser in the world. This makes it possible to run applications in one's office, then go to another location such as a customer site or one's home and transfer your existing desktop session to a computer there.

Centralisation is an important feature for organizations concerned with secure data being stored on remote devices such as notebook computers, and the associated risk for theft of the device and its data. Applications accessed via SGD run in the centralised server room, meaning that all data is backed up and secured via the normal datacenter practices of the organization. There is a potential for increased performance and effiiciency, since the actual computation is performed on larger systems with more resources; centralisation also makes resources considerably easier to manage.

Applications can be assigned to users or groups of users using the Object Manager which can automatically present new applications to users dynamically without them needing to log out. Profiles can be created to group similar types of users; these profiles control the applications that a logged-in user is allowed to use. When a new application or an upgrade to an existing application is required, an administrator can just push these changes out to the users. This simplifies Desktop SOE migrations.

SGD's password-caching feature, authentication tokens, and ability to integrate with Active Directory and LDAP gives it the ability to easily set up single sign-on to applications: a user logs into SGD once, and then can run applications without having to perform an additional login—even if there are usernames and passwords used for the different back-end applications.

With the same SGD infrastructure one can host an organisation's internal desktop applications, but also be able to access desktop applications remotely without the need for expensive VPN solutions. The Firewall Traversal Feature makes it possible to put an application server in an organisation's DMZ with only port 443 (HTTPS) accessible from the outside world. An SGD server can be accessed via HTTP or HTTPS.

SGD also integrates with the Sun Java System Portal Server making it possible to deliver desktop applications via a Secure Portal using a Portlet, including the ability to mail, calendar and other Portal features.

Sun Java System Identity Manager can also manage all user accounts and passwords via one webform, including integration of LDAP, Active Directory, Oracle or other commercial or home-grown access control repositories.