TarantellaTarantella Enterprise 3 Enterprise 3

SoftwareSoftware

A Technical OverviewA Technical Overview

A Ta ran te l l a Wh i te Pape rA Ta r an te l l a Wh i te Pape r Augus t 2001Augus t 2001

A b s t r a c tA b s t r a c t

T h i s w h i t e p a p e r p r o v i d e s a t e c h n i c a l o v e r v i e w o f T a r a n t e l l a E n t e r p r i s e 3 , v e r s i o nT h i s w h i t e p a p e r p r o v i d e s a t e c h n i c a l o v e r v i e w o f T a r a n t e l l a E n t e r p r i s e 3 , v e r s i o n3 . 1 1 s o f t w a r e . I t i s i n t e n d e d f o r a t e c h n i c a l a u d i e n c e w h o w i s h t o g a i n a d e e p e r3 . 1 1 s o f t w a r e . I t i s i n t e n d e d f o r a t e c h n i c a l a u d i e n c e w h o w i s h t o g a i n a d e e p e ru n d e r s t a n d i n g o f t h e a r c h i t e c t u r e a n d f e a t u r e s o f t h e T a r a n t e l l a E n t e r p r i s e 3u n d e r s t a n d i n g o f t h e a r c h i t e c t u r e a n d f e a t u r e s o f t h e T a r a n t e l l a E n t e r p r i s e 3s e r v e r . I t i s p u b l i s h e d f o r g u i d a n c e o n l y a n d m a y b e s u b j e c t t o c h a n g e .s e r v e r . I t i s p u b l i s h e d f o r g u i d a n c e o n l y a n d m a y b e s u b j e c t t o c h a n g e .

2Contents

About Ta r an te l l a En te rp r i se 3 So f twa reAbou t Ta r an te l l a En te rp r i se 3 So f twa re . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . 33

The A rch i tec tu reThe A rch i tec tu re . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 55Login process.................................................................................................................................5Launching applications ................................................................................................................5Printing .................................................................................................................................6Tarantella Enterprise 3 Architecture Diagram.........................................................................6

Key Fea tu resKey Fea tu res . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . 88Adaptive Internet Protocol (AIP)................................................................................................8Arrays .................................................................................................................................9Administration and management tools .................................................................................10Application connectivity ............................................................................................................11Authentication..............................................................................................................................12Client connectivity......................................................................................................................12Client drive mapping..................................................................................................................12Datastore ...............................................................................................................................13Display Engine.............................................................................................................................13Firewalls ...............................................................................................................................13Intelligently cached Java classes ...........................................................................................14Licensing ...............................................................................................................................14Load balancing.............................................................................................................................15Logging and billing.....................................................................................................................15Native Client ...............................................................................................................................15Printing ...............................................................................................................................15Processes ...............................................................................................................................16Protocol Engines .........................................................................................................................16Security ...............................................................................................................................17Server lockout .............................................................................................................................17Session resumability..................................................................................................................17Session shadowing.....................................................................................................................18Webtop ...............................................................................................................................18

Suppo r ted Se rve r s , C l i en t Dev i ces and Web B rowse r sSuppo r ted Se rve r s , C l i en t Dev i ces and Web B rowse r s . . . . . . . . . . . . .. . . . . . . . . . . . . 1919

S a l e s O f f i c e sS a l e s O f f i c e s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . 2020

3About Tarantel la Enterpr ise 3 SoftwareAbout Tarantel la Enterpr ise 3 Software

Tarantella Enterprise 3 software leverages existing IT investments, without the cost of re-engineering. It provides a non-intrusive solution that allows IS departments to regain control oftheir IT systems, and cut costs. It provides fast, secure access to Microsoft Windows, web-based,Java, mainframe, AS/400, Linux, and UNIX systems and applications from client devicesanywhere. This proven solution centralizes management, reduces complexity, and scales toaccommodate rapid corporate change, technological advancement, and expanding remote accessneeds.

F i g 1 . T a r a n t e l l a E n t e r p r i s e 3 s o f t w a r e d e l i v e r s a n y a p p l i c a t i o n , t o a n y u s e r , a n y w h e r eF i g 1 . T a r a n t e l l a E n t e r p r i s e 3 s o f t w a r e d e l i v e r s a n y a p p l i c a t i o n , t o a n y u s e r , a n y w h e r e

With Tarantella Enterprise 3 software, users access applications remotely from their client device(anything from a thin client to a top-of-the-range PC). All users need is a web browser (such asMicrosoft Internet Explorer or Netscape Navigator), with Java technology enabled. This approach:

Eliminates the need to install additional software on the client device

Dramatically reduces the time to deliver applications

Extends the reach of the applications

Increases manageability

Centralizes management of users and applications.The Tarantella Native Client is available for embedded devices and users who do not have a webbrowser.

4 Tarantella Enterprise 3 software uses an innovative architecture that integrates diverse applicationservers, and diverse client devices, with little or no disruption to the existing IT environment.Applications continue to run untouched on existing servers. Client devices such as MicrosoftWindows PCs, UNIX or Linux workstations, Internet devices, and Network Computers, can all beused.

A wide range of connection types is supported, and the Adaptive Internet Protocol (AIP) ensuresoptimal performance over complex network routes with varying bandwidths. AIP employsheuristics to determine the type of device and network connection in use, and dynamically adaptsto optimize performance.

Tarantella Enterprise 3 software acts as middleware, storing information about users andapplications centrally. To access their applications, users authenticate themselves to the TarantellaEnterprise 3 server. The server checks its datastore of user and application information todetermine which applications each user is allowed to access. This set of applications is thenpresented to them in the form of a webtop. At all times, Tarantella Enterprise 3 softwaremanages connections, user sessions, and security.

Tarantella Enterprise 3 software is designed as a modular, scalable, and flexible solution. It isideally suited for use by data centers of all types, including Application Service Providers (ASPs)and other service providers that need to deploy a mix of applications to large numbers of users,with a range of client devices, and varying connectivity types.

5The ArchitectureThe Architecture

This section describes how Tarantella Enterprise 3 software works under the covers. It describesthe processes of logging in, launching applications, and printing, and includes an overview of thekey features. Further details can be found in the Key Features section and are shown in thearchitecture diagram. Configuration details can be found in the online documentation on yourTarantella Enterprise 3 server or on the Tarantella web site.

Login processLogin process

Elizabeth Blue starts her web browser and types the URL for the Tarantella Enterprise 3 server:http://boston.indigo-insurance.com/tarantella. For additional security, she may use HTTPS tosecure the network traffic to and from the web server. To secure Tarantella traffic, the TarantellaSecurity Pack must be installed, licensed and configured, this optional component also lets usersconnect to the Tarantella Enterprise 3 server through a proxy server and/or firewall.

If this is the first time Elizabeth has accessed this version of Tarantella using this web browser,some Java archive files are automatically downloaded and installed on her client device. Thiscauses a slight delay on first use, but improves access time in the future, since the files are notdownloaded again.

The Java archives contain a number of Java applets, each used for a particular function. The firstapplet used, the framework applet, acts as a bootstrap. It makes the initial connection to theTarantella Enterprise 3 server, and maintains client-related state information throughout a userssession. A proxy applet is also downloaded. This applet determines which server is configured asthe proxy server so the traffic can be routed appropriately.

Once connected to the Tarantella Enterprise 3 server, a web page is displayed that contains theLogin applet. The Login applet presents Username and Password text boxes, into which Elizabethmust type her authentication credentials. When she clicks Log In, these credentials are passed tothe Tarantella Enterprise 3 server, and checked against various authentication services usingconfigurable login authorities. A login authority might check the UNIX password database, forexample, or authenticate against a separate LDAP server or NT Domain.

The login authority also identifies which user in the Tarantella Enterprise 3 servers datastorematches the credentials supplied. The information stored in the datastore for this user determinesthe appearance and content of the users webtop.

Once authenticated, the Login applet page in the web browser is replaced with a new pagecontaining the Webtop applet, which lists the applications Elizabeth may access.

Launching appl icat ionsLaunching appl icat ions

Elizabeth selects an application on her webtop. The webtop applet starts the appropriate DisplayEngine, which sends a request to start the application. The request is passed through theTarantella Proxy Server process (or SSL Daemon, if secure connections are in use) to the JServerand finally to the Protocol Engine Manager, which:

Starts an Execution Protocol Engine. This connects to the application server, logs in as theappropriate user, sets some environment variables as needed, and then executes theapplication. If Elizabeths password for the application server is not stored in the securepassword cache, she is prompted for the information.

6 Starts a Protocol Engine (a native binary that runs on the Tarantella server) appropriate tothe type of application: either an X Protocol Engine (used for all graphical applications,such as X11 or Windows) or a Character Protocol Engine. This sends application displayupdates to the Display Engine on the client device, and returns keystrokes and mouseinput from the Display Engine to the application. All network traffic between DisplayEngines and Protocol Engines uses AIP.

If there is more than one Tarantella Enterprise 3 server in the array, load balancing will be used tospread the Protocol Engines across the array. If multiple application servers can run theapplication, then application instances will be balanced across the application server farm. Manyinstallations also make use of DNS round-robin or third-party hardware to balance the HTTP(S)traffic coming into the Tarantella Enterprise 3 server array.

Pr in t ingP r in t ing

Many applications have the ability to print, and the most common printing requirement is for theprint output to be directed to the local printer. However, for mobile workers and hot-deskers,local changes from day to day. When working from home, for example, workers will not wanttheir applications to print to the printer in the office.

If Elizabeth would like to print from the application to her local printer, she simply selects theprint option from the application. Tarantella Enterprise 3 software includes a printing subsystem toprovide follow-me-printing. The Tarantella Enterprise 3 printing subsystem presents itself toapplications as an LPD printer, receives print jobs over the network, and spools them to theTarantella Enterprise 3 server, which routes them to the correct client.

When the client receives the print job, it is printed on that device's default printer. This could bedirectly attached or available over the local network. So printing at home or a remote officebecomes simple and fast, and with the Tarantella Security License installed, it becomes secure aswell.

Ta rante l la Ente rp r i se 3 A rch i tec tu re D iagramTarante l la Ente rp r i se 3 A rch i tec tu re D iagram

The processes involved in logging in, launching applications, and printing are shown on the nextpage.

7F i g 2 . T h e T a r a n t e l l a E n t e r p r i s e 3 a r c h i t e c t u r eF i g 2 . T h e T a r a n t e l l a E n t e r p r i s e 3 a r c h i t e c t u r e

8Key FeaturesKey Features

Adapt ive Inte rnet Protocol (A IP )Adapt ive Inte rnet Protocol (A IP )

To deliver access to multiple types of client devices over a variety of network connections, anadaptive protocol is needed. The Tarantella Adaptive Internet Protocol optimizes theresponsiveness of applications by using heuristic mechanisms to constantly monitor, measure andadapt the ways in which data is transferred between applications and client devices.

Monitors are constantly sending feedback on the performance of the client device and thenetwork latency and bandwidth. This feedback dictates how much processing the Protocol Enginewill perform, and how many operations will be performed by the client device. To do this, theProtocol Engine classifies the level of optimization required and makes adjustments automatically.For example, AIP attempts to differentiate between "interactive" and "streaming" applications andapplies a different set of optimizations to each. For interactive applications, it tries to ensure thatecho and other responses are seen by the user as quickly as possible (which normally meansapplying a much greater amount of optimization on the server side). AIP looks for keyboard andmouse input to indicate that an application is interactive.

For UNIX or Microsoft Windows applications, the following parameters can be set on a per-application basis:

Command compressionThis attribute determines whether the Adaptive Internet Protocol compresses commands fortransmission. With some applications, compression incurs a greater overhead than transmittingcommands uncompressed. You should turn off compression for these applications. The defaultis Adjust Dynamically, which allows the option to be turned on or off, according to thenetwork conditions.

Command executionThis attribute determines whether the Adaptive Internet Protocol always executes commandsin order, or optimizes commands for performance reasons. For some applications, for examplethose that use animation, the order in which commands are executed is critical. The default isto Adjust Dynamically based on network conditions.

Interlaced imagesThis attribute determines whether images are transmitted and displayed in a series ofinterlaced passes, or in one pass from top to bottom. Interlacing is recommended for graphics-intensive applications, particularly over low-bandwidth connections. The default is AdjustDynamically, which allows the option to be to be turned on or off, according to the networkconditions.

Graphics accelerationThis attribute specifies whether acceleration is allowed. Acceleration optimizes graphicsrendering and improves performance, at the expense of smoothness and exactness. Forexample, colors may not always be exact. If your application's display must always be exact,you should disable acceleration.

9 Delayed updatesThis attribute specifies whether delayed updates of the display are allowed. This accumulateschanges and can improve performance. If your application's display must always be exact, youshould disable delayed updates. We recommend you turn off delayed updates for animation.

In addition to these attributes for controlling AIP on a per-application basis, there is anotherattribute that lets you limit the bandwidth used by each person.

Bandwidth limitAIP uses all available bandwidth by default. This attribute specifies, for each user, themaximum bandwidth that user may utilize between the client device and the TarantellaEnterprise 3 server for X and Windows applications. You can choose from a range of bandwidthrestrictions from 2400bps to 10Mbps. Or you can choose None to specify no limit: theperson uses as much of the available bandwidth as possible. This gives the best applicationusability for the speed of the network connection. You don't need to change this unless youhave particular bandwidth restrictions in normal use, we recommend you use None.

Ar raysAr rays

Tarantella Enterprise 3 servers can be combined into an array to improve scalability andavailability while allowing a single point of administration and a single point of entry for users.Array technology allows administrators to construct complex, geographically dispersed arrays thatservice user application sessions intelligently.

A Tarantella Enterprise 3 server array contains a single primary server and up to 20 secondaryservers. Array members can run different Operating Systems and can be connected via LAN orWAN. When connected via WAN, Intelligent Array Routing can be used to route clients to theTarantella Enterprise 3 server that is nearest (in network terms) to the application server theywant to access.

Administrators configure arrays using Array Manager, which enables the construction of arrays andthe configuration of array-wide and per-server settings from a single point. All array membersshare the same information about the users, applications and structure of an organization, whichcan be edited using Object Manager. Array information is mastered on the primary server.

Tarantella Enterprise 3 arrays enable:

Single-point administration of enterprise-level organizational information Load balancing of emulator sessions between Tarantella Enterprise 3 servers No single point of failure if more than one server in the array

Array members communicate using port 5427/tcp. Array information is replicated across this portfrom the primary server to all secondary servers, using the Java Object Serialization Interface(JOSI) protocol.

10

Admin is t ra t ion and management too lsAdmin is t ra t ion and management too ls

Tarantella Enterprise 3 software provides two comprehensive graphical management tools(implemented in Java technology) as well as multiple command line tools for the administration ofTarantella Enterprise 3 servers. These tools have been designed for scalability and ease of use.Only designated administrative users can run these tools.

Ob jec t Manage rOb jec t Manage r

Object Manager, which can be run from the webtop or command line, is a scalable, search-basedadministration tool for managing users and applications throughout an organization. Propertysheets let administrators set up a users details, from their name and email address to how muchnetwork bandwidth they can use for AIP. Similar property sheets allow configuration ofapplications and application servers. Objects may be collected into organizational units toreflect the structure of an organization.

Using simple drag-and-drop actions, administrators can configure users webtops and set upapplication server load balancing.

With Object Manager, administrators can easily find out which users are currently running whichapplications, and can shadow (see ses s i on shadow ingses s i on shadow ing ) an application session and interactwith the application at the same time as the user.

Ar r ay Manage rA r r ay Manage r

Array Manager is an easy-to-use tool for setting up and managing Tarantella Enterprise 3 serverarrays. Like Object Manager, it can also be run from the command line.

Administrators can configure array-wide settings, such as the login page that all users see, thelicense keys in use, and which mechanisms to use for user authentication (for example, aseparate LDAP server).

Administrators can also add and remove Tarantella Enterprise 3 servers from the array, promotea secondary server to be the primary server, and configure settings for each serverindependently. For example, if a server needs to be decommissioned temporarily (for example,for an operating system upgrade) you can easily stop users logging in to their webtop on thatserver.

Command l i ne too l sCommand l i ne too l s

Using the command line tools, an administrator can perform all Object Manager and ArrayManager functions (using batch scripting if desired), and more. For example, administrators canquery the log files, list currently spooled print jobs, or populate the application server passwordcache.

11

Appl icat ion connect iv i tyAppl icat ion connect iv i ty

Tarantella Enterprise 3 software allows client devices to connect to server-based MicrosoftWindows, web, Linux, UNIX, mainframe (3270), and AS/400 (5250) applications.

Mic roso f t W indows app l i ca t i onsMic roso f t W indows app l i ca t i ons

There are a number of ways to manage and deliver these applications with TarantellaEnterprise 3 software. The recommended method is to use Microsoft Windows 2000 Server orMicrosoft Windows NT 4.0 Server, Terminal Server Edition, although other mechanisms can beused to integrate with existing or legacy systems.

Microsoft Windows 2000 Server and Microsoft Windows NT 4.0 Server, Terminal Server Editionmake use of the Microsoft Remote Desktop Protocol (RDP) to display server-based applications(RDP is fully integrated with Tarantella Enterprise 3 software). Administrators can create anapplication object, configure it to use Windows Terminal Services, then add the application tousers webtops. This approach means that, for example, it takes only four steps to deliver threeMicrosoft Windows applications to an unlimited number of users: one step for creating eachapplication object and one step to deploy them to the users.

The Tarantella Enterprise 3 server uses RDP directly, and provides a clean, drop-in solutionthat does not disrupt the application servers. No additional software needs to be installed onthe application server, so new servers can be quickly added to a Tarantella Enterprise 3environment as needed. Existing live servers can be accessed by the Tarantella Enterprise 3server, so applications can be deployed to remote users without the addition of extra systemresources or incurring system downtime.

Note: For client drive mapping, a small software component must be installed on the MicrosoftWindows 2000 application server.

UNIX and UNIX and L inux X Windows Sys tem app l i ca t i onsL inux X Windows Sys tem app l i ca t i ons

These applications can be delivered in two ways:

By default, Tarantella Enterprise 3 software uses an X Protocol Engine (a native binary thatruns on the Tarantella Enterprise 3 server) and an X Display Engine (based on Javatechnology or included as part of a Native Client). This provides full Tarantella Enterprise 3capabilities, such as session resumability, and adjusts for variable network bandwidths todeliver optimal network performance.

If the client device has a local X server, the Tarantella Enterprise 3 software can beinstructed to route the X Windows protocol directly to this, bypassing the Tarantellaprotocol and display engines. This can deliver improved performance in somecircumstances. Note that session resumability and low-bandwidth handling are notavailable in this case.

UNIX and UNIX and L inux cha rac te r app l i ca t i onsL inux cha rac te r app l i ca t i ons

These applications are delivered via a Character Protocol Engine (a native binary that runs onthe Tarantella Enterprise 3 server) and a Character Display Engine (based on Java technologyor included as part of a Native Client). The Character Protocol Engine supports a number ofcommon terminal types.

12

Main f rame app l i ca t ions v i a TN3270Main f rame app l i ca t ions v i a TN3270

TN3270 capabilities are delivered via the Tarantella Mainframe Connectivity Pack.

AS/400 (5250 ) app l i ca t ionsAS/400 (5250 ) app l i ca t ions

These applications are delivered via the Tarantella AS/400 Connectivity Pack.

Web app l i ca t i onsWeb app l i ca t i ons

A web application is an application accessed by a URL that is protected by Basic HTTPauthentication. For example, this could be a link to a CGI script, servlet, or an HTML document.To prevent users from being prompted for authentication each time they access the webapplication, Tarantella uses its own web server plugin for authentication. The TarantellaAuthentication Daemon determines if a Tarantella Administrator has granted the user accessto this application and if so allows access to the application without the user being prompted.

Authent icat ionAuthent icat ion

Tarantella Enterprise 3 software can authenticate users in many different ways, using configurablelogin authorities. Each login authority can check user credentials (e.g. username and password)against an authentication service, and can identify a corresponding user in the Tarantella datastorethat determines the appearance and content of the users webtop. The login authorities arearranged in a chain, so that if one fails to authenticate the user, the next is tried.

Tarantella Enterprise 3 software can authenticate against LDAP directories (including MicrosoftActive Directory, Netscape/iPlanet Directory Server and Novell NDS), Windows NT/Windows2000 domains, and UNIX user databases (including NIS), allowing organizations to integrateTarantella software seamlessly with their existing IT infrastructure.

In addition, Tarantella Enterprise 3 software allows anonymous access, if desired. Users can log inwithout supplying a username or password and be given access to certain applications.

Cl ient connect iv i tyCl ient connect iv i ty

Tarantella Enterprise 3 software supports access from client devices using Microsoft InternetExplorer or Netscape Navigator web browsers (with Java technology enabled), without requiringadditional software to be installed on those devices.

A Tarantella Native Client is also available for some client devices, giving application access usingnative software rather than Java technology.

Cl ient d r i ve mapp ingCl ient d r i ve mapp ing

Users logging in to Tarantella using a web browser or Tarantella Native Client on a MicrosoftWindows client device can access their local client's drives from Microsoft Windows 2000applications. For example, users can work on documents using applications displayed throughTarantella, and save the results to their own floppy drive or hard drive.

The Tarantella Enhancement Module must be installed on each Windows 2000 application serverfor which you want to provide client drive mapping support.

Tarantella Administrators can configure which users have access to which drives, and which driveletters to use on the application server. Configuration details for this feature can be found in theonline documentation.

13

Datas to reDatas to re

The Tarantella datastore is the sum of all the information used by the various components ofTarantella. The datastore includes:

Information about hosts and users on the network Tarantella session information (users logged in, applications running) Organizational information

This information can be manipulated with Object Manager, Array Manager or from the commandline, and is accessible array-wide.

Each object in the datastore has a unique TFN (Tarantella Federated Naming) name. TFN namesinclude a component identifying the source of the information, called the namespace. TFN namescommonly have the following form:

.../namespace/name-within-namespace

The ... indicates the "root" of TFN. Each namespace may use a different naming scheme. Thenamespace part of the TFN name acts as a "gateway" to that naming scheme. The followingnamespaces are commonly used with Tarantella Enterprise 3 software:

N a m e s p a c eN a m e s p a c e E x a m p l eE x a m p l e D e s c r i p t i o nD e s c r i p t i o n

ENS .../_ens/o=IndigoInsurance/ou=Marketing/cn=Cust-o-Dat

The ENS namespace, containing objects withTarantella-specific behavior

LDAP .../_ldap/cn=Cust-o-Dat,ou=Marketing,o=IndigoInsurance

Objects in an LDAP server

DNS .../_dns/verona.indigo-insurance.com Hosts on the network

Display EngineDisp lay Engine

Display Engines render the application display to the client device and send mouse and keyboardinput from the client device to the application via an appropriate Protocol Engine. A DisplayEngine is a thin Java applet (or part of a native client) that is invoked when a user requests accessto an application. It requests that the Protocol Engine Manager start the appropriate ProtocolEngine. The Protocol Engine and Display Engine then talk directly, independently of other parts ofthe Tarantella server.

Tarantella Enterprise 3 software uses one display engine per application for each user. Forexample, an instance of a Character Display Engine is started when a character application isrequested.

F i rewal l sF i rewal l s

Tarantella Enterprise 3 servers are typically installed in a corporate enterprise or ASP environment.The clients may reside at remote sites out of the control of the organization that controls theTarantella Enterprise 3 server. Clients may be routed through firewalls and/or proxy servers whenaccessing Tarantella Enterprise 3 servers over the Internet. Corporate security policies at the clientsite may only allow traffic to or from a specific port.

Tarantella Enterprise 3 software provides firewall traversal by allowing all communication to theTarantella Enterprise 3 server over a single port, usually 443/tcp. Proxy server traversal is alsosupported for clients who are routed through a proxy server to the Tarantella Enterprise 3 server.Details can be found in the Firewall white paper ath t t p : / / w w w . t a r a n t e l l a . c o m / w h i t e p a p e r sh t t p : / / w w w . t a r a n t e l l a . c o m / w h i t e p a p e r s .

14

F i g 3 . C l i e n t s a c c e s s i n g T a r a n t e l l a E n t e r p r i s e 3 F i g 3 . C l i e n t s a c c e s s i n g T a r a n t e l l a E n t e r p r i s e 3 t h r o u g h a f i r e w a l lt h r o u g h a f i r e w a l l

Intel l igent ly cached Java c lassesIntel l igent ly cached Java c lasses

When users access applications from a client running a Java Virtual Machine, Tarantella Enterprise3 software detects the client type and deploys a Java class file archive suitable for the client,rather than deploying each class file separately. This optimizes performance of login andapplication launching on all network connections. Tarantella Enterprise 3 software deploysarchived Java classes on the first occasion that a client device connects to a Tarantella Enterprise3 server. Key portions of the Tarantella Enterprise 3 client, including the login applet and DisplayEngines, are then cached on the client device. These components do not need to be re-deployedat each subsequent connection, which is of particular benefit on slower network connections.

The cached Java classes are self-updating. When Java classes are updated at the server they areautomatically re-deployed and cached the next time the client device connects.

L icens ingL icens ing

Tarantella software uses concurrent-user, component-based licensing. Each component is licensedfor a number of users, and usage information is tracked over time. Administrators can obtain andinstall license keys to increase the number of users licensed for particular components.

To license Tarantella software, administrators must first install an activation license key for eitherTarantella Enterprise 3 or Tarantella Enterprise 3 Starter for Linux software. Activation license keysdetermine the particular rights and restrictions of each product; for example, the TarantellaEnterprise 3 Starter for Linux product may only be installed on Intel platforms. Other license keysmay be installed after the activation license key.

Users installing Tarantella software without a license key may evaluate the software for a period of30 days from installation. During the evaluation period, there are no restrictions on the number ofusers that may log in or the types of application they may use. After the evaluation period, usersmay not log in to Tarantella or start applications. The number of days remaining in the evaluationperiod is displayed to all users when they log in to Tarantella.

License keys for the core Tarantella software and the Tarantella Security Pack are enforced bysoftware. This means that once the license limits are reached for these components, additionalusers may not log in.

15

Load ba lanc ingLoad ba lanc ing

Tarantella Enterprise 3 software includes load balancing at both tier 2 and tier 3 in the three-tierarchitecture. When users start an application, the Tarantella Enterprise 3 server (tier 2) chooses aserver in the array to manage the application session, based on criteria configured by theadministrator: none (uses the array member the user logged into); least CPU usage (load ismeasured across all array members continuously); fewest emulator sessions (number ofapplications being hosted on the particular Tarantella server).

For application server (tier 3) load balancing, an administrator configures a set of applicationservers that can run each application. At application start-up, the Tarantella Enterprise 3 serverchooses the application server running the fewest application sessions.

Webtop sessions (tier 1) can be spread across arrays by using standard techniques such as round-robin DNS.

Logging and b i l l ingLogging and b i l l ing

Tarantella Enterprise 3 software provides array-wide billing utilities and log files. Server, user andsession information is collated and output in CSV format, compatible with most third-partyaccounting and billing systems. A range of information, including application start and stop timesand application server information, is made available for billing and log analysis products.

For more information on logging and billing see the white paper on the Tarantella web site.

Nat ive C l ientNat ive C l ient

Each Native Client is targeted to a particular client device and is installed on that device. Userscan run the Native Client instead of a web browser to access their webtop. This is appropriate forspecialized devices or in cases where browser installation is not desired or possible. NativeClients are available for Microsoft Windows, SPARC Solaris, Linux on Intel and HP-UX. They allowboth standard and secure (with the Tarantella Security License) connections.

The Native Client is included with the Tarantella Enterprise 3 core software and can be installedfrom http:///tarantella/cgi-bin/install.cgi.

Pr in t ingP r in t ing

When a user prints from an application displayed through Tarantella, a print job is created on theapplication server in the standard way. This is passed to the Tarantella server through either anLPD interface or (for Microsoft Windows 2000 application servers using Windows TerminalServices) an RDP interface.

The print job is spooled on the Tarantella server, and the client device is notified of a print job.The users webtop contains a Print Display Engine, which requests the print job. A Print ProtocolEngine starts, which forwards the print job using AIP to the Print Display Engine. This then sendsthe print job to the client devices default printer.

With Microsoft Windows 2000 application servers using Windows Terminal Services, a printer isautomatically configured that uses the client devices printer driver and sends print jobs to theTarantella servers print queue. For other platforms, administrators must manually configure aprinter to forward print jobs to the LPD printer on the Tarantella server.

16

ProcessesProcesses

Ta r an te l l a P r o xy Se r ve r (T a r an te l l a P r o xy Se r ve r ( t t aaux se r v ) p r oces st t aaux se r v ) p r oces sThe Tarantella Proxy Server is the controlling parent process. It sends launch requests to theProtocol Engine Manager and passes all other requests to the JServer. It communicates with theclient on port 3144 and with the JServer on port 5427. It will restart the JServer and ProtocolEngine Manager if they exit unexpectedly.

P ro toco l Eng ine Manage r (P ro toco l Eng ine Manage r ( t t aaux se r v ) p r oces st t aaux se r v ) p r oces s

The Protocol Engine Manager communicates on a dynamically allocated port. It hands off AIPconnections to Protocol Engines and executes UNIX logins. It communicates with the JServer to:

Access the password cache Receive UNIX login requests Notify the JServer when emulator sessions change state

J S e r v e r (J S e r v e r ( j r e ) p r o c e s sj r e ) p r o c e s s

The JServer is a Java technology application. It is the decision-making process that maintains theconfiguration and database, and interfaces to JNDI. The JServer process handles webtopconstruction, application launch and resumption, load balancing, session management, arrayreplication and authentication. It connects to the Protocol Engine Manager to launch applicationsand verify UNIX passwords. It is event-based and propagates important events across the array.JServers on different array members communicate on port 5427/tcp.

JND IJND I

JNDI is the API used to store and interrogate data. It is the interface to the naming system used bythe Tarantella software, and provides uniform access to diverse data, allowing operations such assearching, creation, deletion, modification and event modification.

A S A DA S A D

ASAD is the datastore protocol used by the JServer. Most communication with the JServer usesASAD. (The Native Client uses a form of AIP, understood by the JServer, designed for ASAD-typerequests.) ASAD is used:

By the client (downloading the webtop and launching applications)

In peer-to-peer connections (including replication)

By administration tools (GUI and command line)

Protocol EnginesProtocol Engines

The Protocol Engines, which run on the Tarantella Enterprise 3 server, provide the emulationnecessary to view and interact with applications. A Protocol Engine acts as a client to theapplication on the application server, and communicates using the application server's nativeprotocol. It translates this native protocol into Adaptive Internet Protocol for transmission to theclient device .. Protocol Engines are implemented as native binaries to ensure optimal performanceon the server.

17

Graphical applications such as X11, Microsoft Windows, 3270 graphical and 5250 use the XProtocol Engine. Character applications use the Character Protocol Engine. The Print ProtocolEngine is used for printing and the Client Drive Mapping Protocol Engine is used when client drivemapping is used.

Tarantella Enterprise 3 software uses one protocol engine for each application type for each user.However, a single protocol engine instance will handle multiple sessions for a particular user.Protocol Engines are invoked on demand.

Secur i tySecur i ty

The Tarantella Security License can be installed on the base product to provide a high level ofsecurity through data encryption (using SSLv3) and host validation (using X.509 servercertificates). It also provides the ability to traverse firewalls without opening additional ports andto route client traffic through a proxy server.

Administrators can configure the type of connection each user receives, based on the clientdevice and Tarantella Enterprise 3 server theyre using. For example, a user can be given a secureconnection whenever they connect from a client device outside the firewall, and a standardconnection when connecting from inside the firewall.

We recommend that you use a secure (HTTPS) web server on all Tarantella hosts. This ensures thatall web pages users see, and the sensitive connection information the client downloads, areencrypted. Using a secure web server does not encrypt Tarantella-related information, such as keypresses, display updates or login information, so you must license the Tarantella Security Pack forthis level of security. A combination of the Tarantella Security Pack and HTTPS is recommended.

Server lockoutServer lockout

Tarantella Enterprise 3 software allows administrators to decommission Tarantella servers withinan array for maintenance, upgrades, etc. without affecting users. This stops new users from loggingin to a particular server, without affecting existing users, and redirects new users to other arraymembers.

Session Session resumabi l i tyresumabi l i ty

Session resumability lets users resume an interrupted session, on any client device, at a later time.For example, Bill Orange, currently running an application at the office, turns off his PC and goeshome. The application continues running. When Bill arrives home, he can log back in to Tarantellaand resume the application, as if he was still at his desk in the office. While Bill travels home, theapplication continues running. He could start a lengthy calculation in the office, then pick up theresults when he logs in from home.

Session resumability is also useful for applications that take a long time to start, or for those thatrequire the user to take a large number of steps after start-up (for example, to walk through acomplicated menu system). Also, if a modem connection is interrupted, the server must be able torecreate the state associated with the client when it reconnects. Session resumability allows this.

Administrators can configure session resumability per-application.

18

Webtop

Sess ion shadowingSess ion shadowing

Session shadowing allows administrators to view and interact with a user's Tarantella applicationsessions simultaneously with the user. Help-desk staff can take over a user's application sessionand get them out of trouble or otherwise assist.

WebtopWebtop

Users interact with applications and documentson the network using the web equivalent of adesktop the webtop. Tarantella Enterprise 3gathers all objects (applications, documents, etc.)associated with a user and dynamically creates apage to represent this information.

The browser-based Tarantella Enterprise 3webtop is built of standard HTML and Javacomponents. When the user clicks one of theicons, requests are issued to invoke applicationsor view documents. Any application web-enabledby Tarantella Enterprise 3 software can be startedby users in this way. Tarantella Enterprise 3software also allows local applications, forexample, Windows front-ends to client/serverapplications, to be launched in this way, and sopresents a consistent entry point to al la l linformation. The webtop can be displayed withinthe browser, as a separate window, or even as a full screen.

The browser-based webtop is fully customizable. Tarantella Enterprise 3 software provides HTMLtemplates, or themes for the layout and presentation of the webtop. These themes can beapplied to users or organizational units, and make it easy to create webtops with the corporatestyling, or even, for example, departmental styling. The Java applets that constitute the browser-based webtop have interfaces that can be used to develop sophisticated HTML-based solutions,such as workflow or hierarchical webtops.

Note that the Native Clients do not use HTML or Java and are not fully customizable.

19

Supported Servers , Cl ient Devices and Web BrowsersSupported Servers , Cl ient Devices and Web Browsers

Refer to h t t p : //www . t a r an te l l a . comht tp : //www . t a r an te l l a . com for updated information.

Ta ran te l l a En te rp r i se 3Ta ran te l l a En te rp r i se 3r equ i r e s one o f t he se UN IXrequ i r e s one o f t he se UN IXo r o r L i n u x s e r v e r sL i n u x s e r v e r s

Sun SPARC Solaris 2.6+ IBM AIX 4.3+ UnixWare 7.1.1+ HP-UX 10.20+ Caldera OpenServer Release 5.0.5+ Compaq Tru64 UNIX 4.0D+ TurboLinux 6.0+ Caldera OpenLinux eServer 2.3+ SuSE Linux 6.3+ Red Hat Linux 6.2+

S e r v e r r e q u i r e m e n t sS e r v e r r e q u i r e m e n t s 120MB free disk space, plus another 100MB atinstall time

Minimum 128MB RAM (256MB recommended) 100MHz CPU

This is in addition to what is required for normal operationof the host.

S e r v e r r e q u i r e m e n t s p e rS e r v e r r e q u i r e m e n t s p e ru s e ru s e r

5MB RAM for each user 5MHz for each user

S e r v e r r e q u i r e m e n t s p e rS e r v e r r e q u i r e m e n t s p e rapp l i ca t i onapp l i ca t i on

Each X application, 1.5MB per user Each X application, displayed using Client Window

Management, 2.5MB per user

Windows session, 1.7MB per user Character applications, 0.9MB per user 3270 or 5250 applications, 1.5MB per user

S u p p o r t e d c l i e n t d e v i c e s ,S u p p o r t e d c l i e n t d e v i c e s ,w e b b r o w s e r s , N a t i v ew e b b r o w s e r s , N a t i v eC l i en t sC l i en t s

Client devices must support TCP/IP PC clients: Intel 486 with 16MB RAM minimum,

supported with Native Client. Pentium processor orabove, with 32MB RAM recommended

UNIX clients should be of comparable performance andmemory

A complete list of clients and supported clients is at:www. t a r an te l l a . com/p roduc t s/e3/e3c l i en t s . h twww . t a r an te l l a . com/p roduc t s/e3/e3c l i en t s . h tmlml

Netwo rk t r an spo r tNe two rk t r an spo r t TCP/IP

20

Sales Off icesSales Off ices

U S & W o r l d w i d e H QU S & W o r l d w i d e H QTarantella, Inc.425 Encinal StreetSanta CruzCA 95060United States of AmericaTel: +1 831 427 7222Fax: +1 831 457 5400

T o l l F r e e S a l e s I n f oT o l l F r e e S a l e s I n f oTel: +1 888 831 9700

w w w . t a r a n t e l l a . c o mw w w . t a r a n t e l l a . c o ms a l e s @ t a r a n t e l l a . c o ms a l e s @ t a r a n t e l l a . c o m

E u r o p e a n H QE u r o p e a n H QTarantella Ltd7 Britannia Court, The GreenWest DraytonUB7 7PNUnited KingdomTel: + 44 1895 456100Fax: +44 1895 456112

F r e e P h o n e S a l e s I n f oF r e e P h o n e S a l e s I n f oUK: 0800 0390134France: 0800 913184Germany: 0800 1802450Italy: 0800 781920

w w w . t a r a n t e l l a . c o mw w w . t a r a n t e l l a . c o ms a l e s @ t a r a n t e l l a . c o ms a l e s @ t a r a n t e l l a . c o m

P a c i f i c R i m H QP a c i f i c R i m H QTarantella KKNakamura Building2-24-3 Ohashi, Meguro-kuTokyo 153-0044JapanTel: +81 3 5431 0200Fax: +81 3 5431 0201

S a l e s I n f oS a l e s I n f oTel: +81 3 5431 0200

w w w . t a r a n t e l l a . c o . j pw w w . t a r a n t e l l a . c o . j pj a p a n s a l e s @ t a r a n t e l l a . c oj a p a n s a l e s @ t a r a n t e l l a . c omm

Tarantella, Tarantella Enterprise 3, and the Tarantella logo are trademarks or registered trademarks of Tarantella, Inc. in the USA and othercountries. Java is a trademark or registered trademark of Sun Microsystems, Inc. in the USA and other countries. All other brand and productnames are or may be trademarks of, and are used to identify products or services of, their respective owners. This document is provided "as is"and may include technical inaccuracies or typographical errors. Tarantella, Inc. reserves the right to add, delete, change or modify this documentat any time without notice. This document is for information only, no express or implied representations or warranties are given in thisdocument. Copyright 2001 Tarantella, Inc. All Rights Reserved. techarchwp-3.11.doc August 2001