Friday, December 14, 2007

Sun Secure Global Desktop (Tarantella) - Enterprise Remote Desktop

Sun Secure Global Desktop (aka Tarantella) provides secure access (SSL - HTTPS) to centralized UNIX, Windows, Mainframe and Midrange applications from a wide range of popular client devices, including Microsoft Windows PCs, Solaris OS Workstations, thin clients and mobile devices.

Tarantella is a competitor to Terminal Services from Microsoft and Citrix software, but it's much more interesting (It's got Windows and Citrix connectors, Thin Client stuff, etc). It's basically like GNU Screen (you can resume sessions and easily migrate between machines), but for X and via your web browser :-).

If you want to try this baby out, you'll need a Solaris or Linux machine. Download Tarantella from

The fun part is, with Solaris 10 you can simply install Tarantella in a Zone (Solaris Container).

Before you install SSGD you must define (and secure) the users:

  • The user names must be "ttaserv" and "ttasys".
  • Both must have their primary group set to "ttaserv".
  • You can use any UIDs and GID you want.
  • The ttaserv/ttasys users must have a valid shell, for example /bin/sh.
  • We recommend that you lock the ttaserv/ttasys user accounts (passwd -l).
  • The users must have a valid home directory too, so if you're using /export/home (/home is the home of the automounter) make sure you do it right.

One quick way to do that is:

# groupadd ttaserv

# useradd -g ttaserv -s /bin/sh -d /export/home/ttaserv ttaserv
# mkdir /export/home/ttaserv
# chown ttaserv:ttaserv /export/home/ttaserv
# passwd -l ttaserv

# useradd -g ttaserv -s /bin/sh -d /export/home/ttasys ttasys
# mkdir /export/home/ttasys
# chown ttasys:ttaserv /export/home/ttasys
# passwd -l ttasys

Check if the user accounts are setup correctly:
# su ttaserv -c "/usr/bin/id -a"
uid=101(ttaserv) gid=100(ttaserv) groups=100(ttaserv)
# su ttasys -c "/usr/bin/id -a"
uid=102(ttasys) gid=100(ttaserv) groups=100(ttaserv)

Install the SSGD package:

# cp tta-4.40-907.sol-x86.pkg.gz /tmp; cd /tmp; gunzip tta-4.40-907.sol-x86.pkg.gz
# pkgadd -d /tmp/tta-4.40-907.sol-x86.pkg
To complete the installation and select options (port, etc), run /opt/tarantella/bin/tarantella start - configuration may take a while...

Once SSGD is installed (I chose installing it /opt by default) you can use:
# /opt/tarantella/bin/tarantella status
# /opt/tarantella/bin/tarantella start
# /opt/tarantella/bin/tarantella stop
# /opt/tarantella/bin/tarantella security start
The security start requires a valid security license and a SSL certificate (you can create a self signed certificate using OpenSSL then import with SSGD).

To add license keys, type:
/opt/tarantella/bin/tarantella license add
Once SSGD is installed and started, just navigate any Java enabled browser to http://yoursite.yourdomain:selectedport and you're good to go :-). Use "Administrator" and the root password to login. (Use regular system accounts for non-administrative purposes. Oh, and secure SSGD by using Zones).

Be sure to check the documentation on