SGD on home server – set up to traverse a firewall.

I guess most employers will have a pretty robust firewall setup. Since by default SGD uses a load of non-standard  ports a corporate firewall will not allow you to run the client at work and access your SGD server at home. There are two options 1) open holes in the firewall or 2) modify the SGD installation to confine all the traffic to a standard port so that it will traverse a corporate firewall.

A nice post on the subject can be found here http://macrae.wordpress.com/2008/07/02/sun-secure-global-desktop-firewall-friendly/ this post gives the background to the problem but in fact these instructions are out of date for SGD version 4.5.

There is a whole section in the manual that now provides the information neede to setup a SGD server to perform firewall traversal http://docs.sun.com/source/820-6689/chapter1.html#Z400003e1312957.

I’ve reproduced the steps here (in case I need to do it again).

1. Create a selfsigned certificate

shs$pfexec /opt/tarantella/bin/tarantella security certrequest --country UK --state war --orgname "Nobody Puts Baby in a corner"
shs$pfexec /opt/tarantella/bin/tarantella security selfsign

2. Enable security on SGD server

shs$ pfexec /opt/tarantella/bin/tarantella security start

3. Edit apache .conf file

shs$ pfexec vi /opt/tarantella/webserver/apache/2.2.10_openssl‑0.9.8i_jk1.2.27/conf/httpd.conf

replace the section
<IfDefine SSL>
443

with

<IfDefine SSL>
127.0.0.1:443

4. Configure the SGD server to use 443 port
shs$ pfexec /opt/tarantella/bin/tarantella config edit --array-port-encrypted 443
shs$ pfexec /opt/tarantella/bin/tarantella config edit --array --security-firewallurl https://127.0.0.1:443

5. Restart the SGD server

I followed these instructions and when I first accessed it it asked to to confirm the use of the temporary certificate. Straight away I can access my (unix) desktop straight out of the box. More work seems to be needed to access a windows desktop using rdesktop or uttsc (the sun ray windows connector) but I guess it must be relatively straight forward (right?).

What the instructions in the manual about enabling firewall traversal don’t do is setup the server to be accessed by https rather than plain old http – I guess this is a security hole but I decided to stop while

90 Comments

  1. Julio Said,

    December 25, 2014 @ 9:44 am

    .

    ñïàñèáî çà èíôó!…

  2. Leroy Said,

    January 17, 2015 @ 12:15 am

    .

    tnx!!…

  3. don Said,

    January 18, 2015 @ 12:33 am

    .

    ñïñ….

  4. brett Said,

    January 18, 2015 @ 5:31 am

    .

    ñýíêñ çà èíôó….

  5. jackie Said,

    January 18, 2015 @ 6:01 am

    .

    ñïñ….

  6. Joe Said,

    January 18, 2015 @ 6:32 am

    .

    thank you!!…

  7. Scott Said,

    January 18, 2015 @ 7:04 am

    .

    áëàãîäàðåí!!…

  8. Eric Said,

    January 18, 2015 @ 7:36 am

    .

    ñïñ çà èíôó!…

  9. craig Said,

    January 18, 2015 @ 8:06 am

    .

    tnx for info….

  10. warren Said,

    January 18, 2015 @ 8:38 am

    .

    tnx!!…

  11. floyd Said,

    January 18, 2015 @ 9:10 am

    .

    ñïàñèáî çà èíôó!…

  12. Antonio Said,

    January 18, 2015 @ 9:41 am

    .

    thanks for information….

  13. adrian Said,

    January 18, 2015 @ 10:12 am

    .

    áëàãîäàðåí….

  14. erik Said,

    January 18, 2015 @ 10:45 am

    .

    ñïñ….

  15. Tim Said,

    January 22, 2015 @ 9:28 pm

    .

    ñïàñèáî çà èíôó….

  16. Raymond Said,

    January 23, 2015 @ 12:06 pm

    .

    tnx!!…

  17. perry Said,

    January 23, 2015 @ 1:21 pm

    .

    ñïàñèáî….

  18. jorge Said,

    January 24, 2015 @ 10:01 am

    .

    áëàãîäàðñòâóþ….

  19. frank Said,

    January 25, 2015 @ 7:57 am

    .

    ñïñ!…

  20. angelo Said,

    January 25, 2015 @ 9:04 pm

    .

    ñïàñèáî!!…

  21. Clayton Said,

    February 1, 2015 @ 7:14 pm

    .

    thank you!…

  22. Michael Said,

    February 2, 2015 @ 1:35 pm

    .

    thanks!!…

  23. ross Said,

    February 2, 2015 @ 4:09 pm

    .

    thanks for information!!…

  24. Miguel Said,

    February 3, 2015 @ 4:50 pm

    .

    áëàãîäàðñòâóþ….

  25. jeremiah Said,

    February 6, 2015 @ 5:35 am

    .

    ñïñ!…

  26. Keith Said,

    February 6, 2015 @ 6:08 am

    .

    ñýíêñ çà èíôó!!…

  27. Joe Said,

    February 6, 2015 @ 6:41 am

    .

    ñïñ!…

  28. Lynn Said,

    February 6, 2015 @ 12:26 pm

    .

    ñïñ!!…

  29. Trevor Said,

    February 9, 2015 @ 12:00 am

    .

    tnx!…

  30. daniel Said,

    February 9, 2015 @ 12:36 am

    .

    thanks for information!…

  31. Felix Said,

    February 9, 2015 @ 1:13 am

    .

    good info….

  32. gilbert Said,

    February 9, 2015 @ 1:48 am

    .

    ñýíêñ çà èíôó!!…

  33. Jimmie Said,

    February 9, 2015 @ 2:23 am

    .

    thank you!…

  34. Ralph Said,

    February 9, 2015 @ 2:58 am

    .

    good….

  35. travis Said,

    February 9, 2015 @ 3:33 am

    .

    tnx….

  36. Julius Said,

    February 9, 2015 @ 4:08 am

    .

    hello….

  37. kelly Said,

    February 9, 2015 @ 4:42 am

    .

    áëàãîäàðþ….

  38. Milton Said,

    February 9, 2015 @ 5:18 am

    .

    thanks….

  39. thomas Said,

    February 9, 2015 @ 5:54 am

    .

    thanks!!…

  40. guy Said,

    February 9, 2015 @ 11:45 pm

    .

    thank you….