60-Second Review: Tarantella Secure Global Desktop 4.0

It's been almost two years since Tarantella acquired New Moon. Soon after the acquisition, Tarantella released Secure Global Desktop Terminal Server Edition which was just New Moon's Canaveral iQ product with a new name.

It's been almost two years since Tarantella acquired New Moon. Soon after the acquisition, Tarantella released Secure Global Desktop Terminal Server Edition which was just New Moon's Canaveral iQ product with a new name. A few weeks ago, Tarantella released version 4 of their Secure Global Desktop product. SDG adds several features to the "base" Terminal Server product, including application publishing, seamless windows, a web interface, load balancing, a DMZ relay server, desktop lockdown control, and client printer sharing (with a Unidriver). All this for a price of $60 per concurrent user!


Secure Global Desktop (SDG) Terminal Server Edition (TSE) needs IIS with Active Server Pages enabled on the Terminal Server for installation. The first server you install needs to be installed manually. The installation routine asks you the standard questions like what kind of users (local or domain) you want to allow. It also asks you whether this server is the first in a new environment or whether it's being added into an existing environment. (Tarantella calls this a "team," much like a "farm" in the Citrix world.) If you specify that this is the first server in the team, you'll need to configure a SQL or MSDE database to hold the team's configuration information. Finally, the installation also asks you to select default administrators and to specify an installation directory.

Once this installation process is complete, any additional administrative tasks are done via a web interface. In fact, even the manual installation process is web-based for future servers. Using the web console on the first server, you can specify the name, address, and installation directory of future servers, and the software will silently push itself out to the additional servers. (Of course you can also do a manual installation if you have to.)


All configuration is done using a web browser. Although I still prefer MMC consoles, this web interface is a simple way to make it possible to administrator your environment from just about any computer on your network. When you logon to the web interface you get a summary of all kinds of information about the team you're administrating. All the options are placed on four tabs: Manage, Monitor, Reports, and Options.

The first step to configuring SDG in your environment is to add users, groups, OUs, and/or domains to the SDG environment. These are then used as security targets for granting access to applications.

After adding the groups you can add applications or publish a Windows desktop. When adding an application, SDG "reads" the Start Menu of the selected server and gives you a list of applications to publish. This is a wonderful option because it fills in a lot of fields with the information specified in the shortcut out of the Start Menu. After you specify the group and some options that affect how the application will be displayed, you add the application to Global Desktop. You can also specify advanced options like limiting the total concurrent sessions or limiting per-server instances of that specific application. Once you complete the wizard a job is started which adds the application to the team servers.

On the connection settings tab you can specify all kinds of Terminal Server-related settings, including settings that you would otherwise have to specify using the Terminal Server MMC snap-in. You can add several connection settings with different settings which can be attached to an application or published desktop. SDG also offers delegation of control which can be specified on the Admin Role tab.

On the server tab you can add servers (for installation), disable servers, and change the role(s) of the server. One of the great options is "diagnose server." Choosing this option causes SDG to check and correct paths of applications, correct paths of printer drivers, current settings and service status.

One of the new features of version 4 of SDG is printer driver management. Those of you familiar with Citrix MetaFrame will see that Tarantella's printer driver management tool (A little app that runs on each server) has the same options as Printer Management in the Citrix Management Console (nstalled Driver, Driver Mapping, and Compatibility list). SDG also allows you to replicate on a driver basis, but it's a pity that you can't select more than one driver or one server with drivers when doing this.

On the Options lets you configure all sorts of things--most importantly the Load Balancer, Database Servers, and Lockdown Policies.

The load balancer can be configured with six (dynamic) metrics, although it's still missing the user load option that's frequently used in other SBC products like Citrix Metaframe and HOBLink.

When configuring the database server, you have the super option of being able to specify a back-up database (server). You can also specify replication intervals between the two servers. When the primary server fails, Secure Global Desktop automatically runs with a read only copy of the database on the second server.

One of the new features of version 4 is lockdown policies. While most of these settings can also be controlled via Group Policy and custom ADM templates, it's nice to have a single point of administration that's easy to use in SDG.


Like Citrix, Secure Global Desktop has good monitoring and reporting possibilities. If offers real time monitoring for connections, load-balancing usage, database connections, (DMZ) relay server activity and more. The realtime monitoring is displayed in numeric values--there is no graph-based live monitoring like with Citrix's load monitor.

You can use the Reporting tab to generate reports based on a session, application, user, or server basis back to 90 days. All reports are represented in HTML format within your web-based console, but it's possible to download them in a CSV format that you can dump into Excel to make pretty reports for your boss.

User Experience

Users connect into the Secure Global Desktop via a web browser. After logging in, the applications are presented to the user much like Citrix's Web Interface. Because SDG uses seamless windows the user will experience the application as if it is running locally on their client. When starting a application the user is presented with details of what the status of the launch is. Because SDG also supports client drive mapping, client printer mapping, and reconnection to disconnected sessions, your users will be fairly happy with the product.

Tarantella Secure Global Desktop Terminal Server Edition version 4 is a good competitor in the SBC market. Global Desktop offers the most wanted options at a fantastic price. I really like the way you can add application using a "print screen" of the Start Menu and the possibility to add a second database server for failover purposes. It's a pity that the load balancing can't use a user load metric and now depends on rather dynamically metrics. The new features in Global Desktop 4, although mostly copied from Citrix, are a good additions to Secure Global Desktop Software. These features, complimented by excellent monitoring and reporting, make this a strong product that I like a lot.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

One thing to keep aware of - anything with Hyperthreading on confuses Tarantella, and it will think you have 4 processors even though it is a 2 processor box, and will heavily weigh the connections to that. So my advice, if you load balance an app between hypertheading and non-hyperthreading - don't. Turn hyperthreading off if you want it to load balance properly, or have every server on.

I am concerned about the fact that Tarantella uses the IIS as the front-end user login facility. This is currently the only thing which keeps me from buying Tarantella - what do you thin about it ?
What's the big deal with IIS's security? Especially IIS6? Can you point me to some reason why you think IIS should not be used as the front end? I personally have no problem with it. I use it for my production WI servers and web servers, and almost every client I know uses it for WI.
We are running Tarantella, IIS concerns us a bit. They have what's called an SPR (Single Port Relay) server, which allows you to put on box on the DMZ and funnel all connections through that box. You do not install IIS on that machine, just the Tarrantella peice that handls all connections to the back end servers, (load balancer, web server, app server, etc). You can then configure multiple SPR servers for redundancy.
IIS doesn't have a bad security model. It just so happens to have a lot of bad admins running it.
Errr .. what are you smoking?

I'm a developer who worked on SGD. We rely on nothing IIS based for anything.

The thing is a unix/linux product from the inside out except when handling windows RDP to publish MS apps.

By the way, nothing in Tarantella/SGD is ever referred to as SPR. You don't configure any such thing as multiple SPRs.

Is everyone around here but me smoking the good stuff?

Just read some doc on the product then you'll suffer from less FUD I think.
The documentation for Secure Global Desktop (as of Feb 2006) fails to document simple tasks - e.g. Setup a demo of SGD on Linux machine L1 so that Windows Workstation W1 can run applications on Windows server S1. Instead, the documentation is given in terms of a conceptual model of the program in terms of "arrays" and "objects". You have to pick through all the descriptions of "objects" and figure out how they fit together in order to accomplish a simple task. (In fact, your review is better documentaion for tasks than the SGD administration Guide.) Documentation of the conceptual model used by the program might be useful to an experienced user or someone intending to delve into the SGD source code. But it is not useful for someone trying to setup SGD on short notice. Sun would do themselves a favor if they produced some task oriented documentation with detailed examples. For example, when management notices Citrix wants 25K per year for technical support, they might want a demo of SGD. But if it takes a couple of weeks to get that demo going, the 25K is going to look like a fair price.

send me for represtentatative in indonesia , regardsimansyah talahoo@yahoo.com