Secure Global Desktop Administration Guide
> Getting started
> Introducing Object Manager
Introducing Object Manager
Read this topic to... |
- Learn what Object Manager is and what it can do.
|
Use Object Manager to perform these tasks:
- Create and configure objects representing the
people, hosts, applications and documents within your organization.
- Define webtops for all users of
Secure Global Desktop, and see whose webtop any object is on.
- Monitor who's running which applications on
which application servers, and shadow or end those application
sessions.
- Find out who's cached passwords for which
application servers, and delete password cache entries.
You can also use command-line tools for these tasks, if you
prefer. These tools also allow you to automate the tasks.
Only Secure Global Desktop Administrators are
allowed to run Object Manager.
What you see
Object Manager has two panes, which you can resize.
- On the left, the Finder pane lets you search and browse for
objects to work with, and lets you remember commonly accessed
objects in a list of Favorites.
- On the right, the Properties pane lets you work with the
objects you locate, and lets you easily return to objects you've
worked with recently.
You can get help on any part of Object Manager: click the
context help button at the lower right of the Object Manager
window, and then click the part you want help on.
The Finder pane
Tab |
Description
|
Search |
- Use this tab to search all or part of the organizational
hierarchy for objects matching your search criteria.
- Type a search term in the box, and then click Search.
- An object matches if the search term is a substring of the
object's Name, Username or Email Address attribute.
- The Search box remembers your previous searches.
- You can constrain searches using the Look In list, which
restricts the scope of the search, and the Show list, which
restricts the types of object to search for.
- To find out which login profile could be
used by someone, choose All Potential Logins from the Look In list
and set the search term to the username that user would type when
logging in to Secure Global Desktop.
|
Browse |
- Use this tab to browse through the organizational hierarchy for
objects.
- You can restrict the types of object displayed, using the Show
list.
- Create new objects by clicking the organization or
organizational unit object that you want the new object to belong to, and
then clicking New. Alternatively, right-click an organization or
organizational unit object and choose New.
|
Favorites |
- Use this tab to remember the objects you work with often.
- Add an object to your Favorites by dragging and dropping, or by
right-clicking the object and choosing Add To Favorites.
|
The Properties pane
At the top of the Properties pane is a list of the objects you've
viewed properties for since you started Object Manager. You can
return to an object's properties by clicking it in this list.
The main part of the Properties pane shows properties for an
object. Different object types have different properties, including
different tabs.
Tab |
Description
|
Attributes |
- General settings for an object. The attributes available depend
on the type of object.
- Related attributes are grouped. Use the list on the Attributes
tab to move between sets of attributes.
- Click Apply to remember any attribute changes you make.
- To get help on an attribute, click the context help button at
the lower right of the Object Manager window, and then click the
attribute.
|
Links |
- Defines the links that appear on webtops. Person objects,
organizational unit objects and organization objects have Links
tabs.
- Drop objects into the box to add them to the webtop.
- Drop a group into the box to include the members of the group on
a webtop.
- Drop an organizational unit into the box to include the contents
of the OU's Links tab on a webtop.
- Click the buttons at the bottom of the tab to show the Links tab
as a tree or a table. The tree displays the groups and OUs, so you
can see why a particular link appears on a webtop. The table just
shows the links themselves, hiding groups and OUs.
|
Members |
- Defines the members of a group.
- Drop objects into the box to add them to the group.
- As groups are often added to Links tabs to include similar
webtop content on many different webtops, the Members tab lets you
show group members as a tree or a table like a Links tab.
|
Hosts |
- Defines the application servers that can run an application. All
application object types have a Hosts tab.
- The contents of an application object's Hosts tab are used for
application server load balancing.
- Drop host objects into the box to include them in application
server load balancing for the application.
- Drop a group into the box to include the members of the group.
- Click the buttons at the bottom of the tab to show the Hosts tab
as a tree or a table. The tree displays the groups, so you can see
why a particular application server is included. The table just
shows the application servers themselves, hiding groups.
|
Seen By |
- Shows, for an object, all the other objects that refer to
it. You can think of this as the reverse of the Hosts or Links
tab. For example:
- If a person has an application on their webtop, then the
person object will appear on the application object's Seen By tab.
- If an application may run on a particular host, then the
application object appears on the host object's Seen By tab.
- Expand the tree to follow the references further. For example,
if an application is a member of a group, and the group appears on
three people's webtops, then the Seen By tab for the application
object shows the group object, which expands to show the three
person objects.
- You can drop objects on a Seen By tab. For example, if you drop
a person object on an application object's Seen By tab, this has the
effect of adding the application to the person's webtop. The person
object's Links tab shows the application object.
|
Sessions |
- Shows the webtop sessions related to the person, host or
profile objects you're viewing properties for.
- Shows the emulator sessions related to the person, host or
application object you're viewing properties for.
- For webtop sessions, the tab shows information such as the Secure Global Desktop
server the user is logged in to, the type of connection the user has and
the printing status of the client.
- For emulator sessions, the tab shows information such as the application server
running the application, its start time, whether it's suspended or currently running.
- You can use this tab to end an emulator or webtop session.
- You can also "shadow" an emulator session: this allows both you
and the user to interact with the same application.
|
Passwords |
- Shows the password cache entries related to the person or host
object you're viewing properties for.
- The table shows information about each password cache entry,
including the username the person typed to log in to the application
server (which isn't necessarily the same username they typed to log
in to Secure Global Desktop).
- You can delete password cache entries here.
|
Using Object Manager
In this section we'll show what you can do with Object Manager.
Remember that to use Object Manager you'll need to be logged in
to Secure Global Desktop as a Secure Global Desktop Administrator.
Defining webtops
Secure Global Desktop supports many different types of user, but the
principle is the same for all types: an object in the
organizational hierarchy defines the webtop content. Usually
the object is directly associated with the user. For example, the user
Indigo Jones might have a person object with ENS name o=Indigo Insurance/cn=Indigo
Jones
.
In Object Manager, each person object has a Links
tab. To add applications to a user's webtop, you can drag the
application objects and drop them onto the Links tab (you could also
use Copy and Paste).
You can also give users webtop content based on their
position within the organizational hierarchy: each
organizational unit object has a Links tab, too. You can decide, for
each person object, whether the user "inherits" webtop content from
the OU they belong to, just check or clear the Inherit Parent's
Webtop Content box in the person object's attributes.
OU objects can also inherit webtop content from
their own parent in the organizational hierarchy. So a person object
may include webtop content from all its ancestors in the
organizational hierarchy, up to and including the organization object.
Another form of inheritance uses group objects. A group is just a
collection of other objects, from anywhere in the organizational
hierarchy, and an object may appear in many groups. If you
add a group object to a Links tab, the group members appear on the
webtop.
Finally, you can inherit webtop content from any
OU and not just the parent OU. Just add the OU object to a
Links tab.
By inheriting webtop content from parent objects, groups and OUs
you can easily give many different users similar webtops and manage
them efficiently. The Links tab lets you see where each object on a
webtop is inherited from, using a tree. Alternatively you can view the
webtop content as a simple table.
Summary
- Using the Finder pane, locate the person object or OU you want
to define the webtop for.
- Choose Properties for the object, and then click the Links tab.
- Use the Finder pane to locate the application objects, group
objects or OU objects you want to add to the webtop, and drag them
onto the Links tab.
- If you want to inherit webtop content from the parent object in
the organizational hierarchy, click the Attributes tab and make sure
the Inherit Parent's Webtop Content box is checked.
Load balancing application servers
Application server load
balancing lets you spread the load of a heavily used
application across multiple application servers. Secure Global Desktop can choose an application
server to help ensure optimal performance for users and optimal
resource usage.
In Object Manager each application object has a Hosts
tab. To define all the application servers the application
can run on, you add host objects to the Hosts tab by dropping them
on the tab, or using Copy and Paste. The Secure Global Desktop server
performs application server load balancing across all the application
servers defined on the application's Hosts tab.
You can create groups with host objects as
members, and drop the groups onto the Hosts tab as well. Like
the Links tab, the Hosts tab lets you see the hosts as a tree or a
table.
Summary
- Using the Finder pane, locate the application object you want to
load balance across multiple application servers.
- Choose Properties for the object, and then click the Hosts tab.
- Use the Finder pane to locate the host objects or group objects
you want to use for load balancing, and drag them onto the Hosts
tab.
Managing webtop sessions
Person objects, profile objects and
host objects all have a Sessions tab which display the webtop
sessions involving that object. The tab shows information about
the webtop session, such as:
- the name of Secure Global Desktop server the user is logged in to
- the date and time the user logged in;
- the type of connection the user has; and
- the printing status of the client.
You can end webtop sessions by
selecting one or more sessions and clicking Log Out User.
You can also move between Sessions tabs
easily. For example, when viewing the webtop sessions for a
host object, you can right-click one of the sessions and choose
Properties to view the person object's Sessions tab.
Summary
- Using the Finder pane, locate the object you want to view
webtop sessions involving.
- Choose Properties for the object, and then click the Sessions
tab.
- Select a webtop session and choose Log Out User, or
right-click one of the objects involved and choose Properties.
Managing emulator sessions
Each emulator session involves three elements: an
application, the application server that's
running the application, and the person who's running
the application. Consequently application objects, host objects and
person objects all have a Sessions tab displaying the emulator
sessions involving that object.
The Sessions tab shows the other two elements in the emulator
session. For example, the Sessions tab for a person object shows the
applications that person is currently running, and the application
servers they're running on. The tab also shows other information about
each session, including the date and time the session started, and
whether the session is suspended or currently active.
On the Sessions tab you can end a session, by
selecting a session and clicking End Session. You can also
"shadow" a session, which allows both you and the
user to view and interact with the application simultaneously.
Note You can only shadow Windows and X applications.
You can also move between Sessions tabs
easily. For example, when viewing the emulator sessions for a
person object, you can right-click one of the applications involved
and choose Properties to view the application object's Sessions tab --
and see who else is running the same application.
Summary
- Using the Finder pane, locate the object you want to view
emulator sessions involving.
- Choose Properties for the object, and then click the Sessions
tab.
- Select a session and choose End Session or Shadow Session, or
right-click one of the objects involved and choose Properties.
Each password cache entry involves two elements: a
person, and the application server the
password is cached for. Consequently person objects and host objects
both have a Passwords tab displaying the password cache
entries involving that object.
The Passwords tab shows the other element in the password cache
entry. For example, the Passwords tab for a person object shows the
application servers they have cached passwords for. The tab also shows
other information about each entry, including the username on the
application server.
On the Passwords tab you can delete a password cache
entry, by selecting an entry and clicking Remove.
You can also move between Passwords tabs
easily. For example, when viewing the password cache entries
for a person object, you can right-click one of the application
servers involved and choose Properties to view the host object's
Passwords tab -- and see who else has cached passwords on that
application server.
Summary
- Using the Finder pane, locate the object you want to view
password cache entries for.
- Choose Properties for the object, and then click the Passwords
tab.
- Select a password cache entry and choose Remove, or right-click
one of the objects involved and choose Properties.
Copyright © 1997-2006 Sun Microsystems, Inc. All rights reserved.