Wednesday, September 12, 2007

Customizing the SSGD wait screen Look and Feel

The first thing a user sees when he/she accesses the SSGD environment is a web page with a scrolling orange dot ('splash screen'). This screen is presented for a couple of seconds before it changes to the 'log on' screen.

The 'splash screen' is a very simple html-page which contains an animated gif image (the orange dot). This web page can easily be changed by following these steps:

  1. Create your own 'splash screen' page in html with your favorite web page editor
    (It is wise to have some sort of animation in it to give your users the feeling there is still progress in setting up the SSGD connection)
  2. Copy the html code into a text editor (vi,Notepad/Textpad/Ultraedit or alike)
  3. Remove everything except the part between <body> and </body>
  4. Replace all image locations to <%= path %>
    So
    http://servername/image_dir/image.gif
    is changed to
    <%= path %>image.gif
  5. Add the following lines at the top:
    <%@ page errorPage="/resources/jsp/errorpage.jsp" %>
    <%@ page contentType="text/html" %>
    <%@ include file="/attributes.jsp" %>
    <%@ include file="/resources/jsp/utilities.jsp" %>
    <%
    String path = getContextPath(request) + "/resources/images/splash/locale=";
    path = path + getBestSupportedLocale(request) + "/";
    %>
  6. Copy the new html(/jsp)-code to the file splash.jsp:
    /opt/tarantella/webserver/tomcat/5.0.28_axis1.2/
    webapps/sgd/webtops/standard/tcc/splash.jsp

  7. Copy all images used in the page to:
    /opt/tarantella/webserver/tomcat/5.0.28_axis1.2/
    webapps/sgd/resources/images/splash/


To make sure the new 'splash screen' is available clear the browser cache and enjoy your new page :)

Wednesday, September 5, 2007

Secure Internet Access

When looking at almost all information about Sun Secure Global Desktop (SSGD) it seems that SSGD is only used for access to applications from the Internet which are normally only accessible via the intranet (from within the office). But SSGD can do more ...

The common way to use SSGD is to access applications running on different types of application servers (Windows 2000/2003, *nix, mainframe and more) from the Internet (any device, any time, any place).

SSGD is designed to perform the task of bringing office applications in a secure way to the Internet, but SSGD can also bring Internet to the office :)

Sometimes you might come across a company where access to the Internet is not allowed because of multiple reasons, the most common are:

  • Viruses can be installed on the workstation
  • Key-loggers can be installed on the workstation
  • Security leaks in applications (think of a leak in MSN)
  • Installation of insecure applications (for instance: ActiveX components)
There are ways to find solutions for these security issues like installing a proxy, a content/spam/virus filter/scanner, a application firewall (ISO/OSI up to level 7 ) , a messaging gateway. But there is one simple thing which is hard to handle. An employee can simply copy/paste information from a company application to a messenger (MSN/ICQ) or attach documents to a message via an external webmail application.

For all the above issues SSGD can be the solution!


The users can access a browser with access to the internet via SSDG on some sort of 'browser'-host. This 'browser'-host can be a stripped down OS (Windows 2003 or *nix) with only a browser and a couple of readers/plugins (Office readers, PDF viewer, quicktime player, shockwave player, etc). Without Client Drive Mapping and copy/paste to the 'browser'-host turned off, there is no direct way to leak information to the internet.

In this scenario is it impossible for an hacker to get access to the employees workstation. Think for instance about a key-logger. When a key-logger is accidentally downloaded form the internet it can only be installed on the 'browser'-host. The key-logger can 'read' passwords for the web-applications accessed via the 'browser'-host, but it can not 'read' any password on the employees workstation. So no password can be logged for all company applications.

Virtualization can be used to enhance the security of the 'browser'-host. When using for instance VMWare ESX 'reinstalling' the 'browser'-host can be done within minutes, just clone a new virtual machine from a template. This 're-installation' can be done every night or even dynamical when using tools like the VDA-Kit.

Think creative and see the many senario's where SSGD can be a solution and solve issues :)