|
|
|
Web-based Management of Windows-based Reflection Sessions
Technical Note 1740
Last Reviewed 13-Nov-2008
Applies To
Reflection Administrator 2008
Reflection Administrator version 9.x
Reflection for the Web 2008
Reflection for the Web version 9.x
Reflection Standard Suite 2008
Reflection for IBM 2008
Reflection for IBM 2007
Reflection for IBM version 12.0 through 14.x
Reflection for UNIX and OpenVMS 2008
Reflection for UNIX and OpenVMS version 12.0 through 14.x
Reflection for HP with NS/VT version 12.0 through 14.x
Reflection X 2008
Reflection X version 12.0 through 14.x
Reflection FTP Client version 12.0 through 14.x
Summary
View Full Size
Technical Note 1740
Last Reviewed 13-Nov-2008
Applies To
Reflection Administrator 2008
Reflection Administrator version 9.x
Reflection for the Web 2008
Reflection for the Web version 9.x
Reflection Standard Suite 2008
Reflection for IBM 2008
Reflection for IBM 2007
Reflection for IBM version 12.0 through 14.x
Reflection for UNIX and OpenVMS 2008
Reflection for UNIX and OpenVMS version 12.0 through 14.x
Reflection for HP with NS/VT version 12.0 through 14.x
Reflection X 2008
Reflection X version 12.0 through 14.x
Reflection FTP Client version 12.0 through 14.x
Summary
This technical note describes how to create, configure, and manage Windows-based Reflection sessions using the Reflection Administrative WebStation, a web-based tool. These sessions can use services provided by the Reflection servers: the management server, the security proxy, and the metering server.
Note the following:
- The term "Windows-based Reflection products" refers to non web-based Reflection products, such as Reflection for UNIX and OpenVMS, Reflection for IBM, and Reflection X.
- Web-based management is available to Reflection administrators who have obtained the Reflection Administrator add-on component for use with their Reflection Windows-based products, or who have installed and configured Reflection for the Web with the appropriate licensing.
- If you are licensed for Reflection for the Web, you have the server components necessary to centrally manage Reflection Windows-based sessions; however, you must still obtain the appropriate licensing to run Reflection in this manner. Licensing is provided by purchasing the Reflection Administrator add-on product.
If you do not have Reflection for the Web, to use Reflection to manage Windows-based Reflection sessions, obtain a copy of Reflection Administrator. This gives you both the required Reflection servers, and a license to use the servers to manage Windows-based Reflection sessions.
- Windows-based Reflection sessions are available only from Windows workstations that have the supporting Windows-based Reflection client software installed.
This technical note contains the following topics:
Web-based Reflection Management Tools—Overview
What to Install
What to Configure
What to Install
What to Configure
I. Starting the Servlet Runner
II. Configuring the Security Proxy (Optional)
III. Configuring Access Control
IV. Creating and Configuring Reflection Sessions
Links to Reflection SessionsII. Configuring the Security Proxy (Optional)
III. Configuring Access Control
IV. Creating and Configuring Reflection Sessions
Web-based Reflection Management Tools—Overview
The Reflection Administrative WebStation is a web-based tool used to centrally manage Reflection sessions. These sessions can use services provided by the Reflection servers:
- Management server
- Security proxy server
- Metering server
Some features of these servers are listed in this section. Details for what to install and how to configure the servers are included in the remainder of this technical note.
Management Server—Reflection Administrative WebStation
When you use the WebStation to manage your Windows-based sessions, you can:
- Create a web page that enables users to click a link to launch configured Reflection sessions on their workstations using centrally deployed settings files.
- Maintain settings files centrally on a web server or enable users to maintain their settings files locally after the initial download.
- Use a single console (the WebStation) to manage web-based sessions or Windows-based Reflection sessions for users who have installed Reflection software.
- Easily configure Windows-based Reflection sessions that use the Reflection security proxy server and its Secure Authorization token technology.
- Use Reflection's access control and authentication methods to specify which Reflection sessions are available to particular users or groups of users.
- Use the Auto Update feature to configure automatic updates to Reflection for IBM, Reflection for UNIX and OpenVMS or Reflection for HP with NS/VT session settings.
- Audit, manage, and report the usage of Reflection sessions.
Security Proxy Server (Optional)
The Reflection security proxy provides secure connections to any host through the Reflection security proxy server, using SSL v3.0 or TLS v1.0 protocol. The data transmitted between the Reflection client and the security proxy is encrypted, but the data sent from the proxy server to the destination host is unencrypted. (Note: Reflection can be configured for end-to-end encryption in certain scenarios.)
The following Reflection products and versions can be used with the security proxy server.
| Product and Version |
Security proxy support with client authorization Enabled (the default)** |
Security proxy support with client authorization Disabled |
| Reflection Standard Suite 2008 |
No * |
Yes |
| Reflection for UNIX and OpenVMS 2008 |
No * |
Yes |
| Reflection for UNIX and OpenVMS 12.0 - 14.x |
Yes |
Yes |
| Reflection for HP with NS/VT 12.0 - 14.x |
Yes |
Yes |
| Reflection for IBM 2008 |
No * |
Yes |
| Reflection for IBM 2007 |
No * |
Yes |
| Reflection for IBM 12.0 - 14.x |
Yes |
Yes |
| Reflection X 2008 |
No * |
Yes |
| Reflection X 12.0 - 14.x |
No * |
Yes |
| Reflection for Secure IT SSH or SFTP 6.0 - 7.x |
No * |
Yes |
| Reflection FTP Client 13.04 - 14.x |
Yes |
Yes |
* These products do provide their own fully-integrated support for secure authentication and data encryption. For more details, refer to the product Help.
** Products that have security proxy support with client authorization enabled can appear in the login/links list.
Metering Server (Optional)
If you are using the Reflection metering server, you can configure Windows-based Reflection products to report to the Reflection metering server. This enables you to audit, control access to, and report the usage of Reflection Windows-based session license use.
For information about configuring Reflection for the Web Windows-based sessions to work with the metering server, see Technical Note 2393.
What to Install
The steps in this technical note refer to using the automated installers provided with Reflection for the Web and Reflection Administrator. Depending on your environment, you may need to manually install some components and do more extensive configurations. This note links to resources with further instructions.
Windows-based Reflection sessions are available only from Windows workstations that have the supporting Windows-based Reflection client software installed. To manage your Reflection sessions using the Administrative WebStation, the following software must be installed.
What Versions to Install
For optimal performance, we recommend that you install the compatible product versions as follows:
| Reflection Administrator/ Reflection for the Web |
Reflection Windows-based Products |
| Version 2008 |
Version 2008 Version 14.x |
| Version 9.x |
Version 14.x |
Note the following:
- To monitor Reflection 2008 products, you must be using Reflection Administrator 2008 R2.
- Reflection version 12.0 - 14.x sessions can be monitored from Reflection Administrator and Reflection for the Web versions 9.0 through 2008. Starting in version 13.0, you can manage of Reflection for Secure IT and Reflection FTP session through the Reflection Administrator/Reflection for the Web.
What to Install on the Administrative and User Workstations
On each client machine and on each machine that will be used to launch the Administrative WebStation, install:
- Your Windows-based Reflection product(s). Note: Perform an Administrative installation if you want the option to configure Metering later.
- A web browser with a Java virtual machine (JVM).
What to Install On the Web Server
- Reflection Administrator or Reflection for the Web
Use the automated installation to install Reflection Administrator or Reflection for the Web. De-select the optional components that you do not plan to use.
- Optional components (can be installed on different servers):
Reflection security proxy
Reflection metering server
Reflection metering server
By default, the security proxy and the metering server are installed during the automated installation unless they are de-selected. Note: You can install either option at a later time, but more extensive configuration is required.
What to Configure
For ease of administration, proceed with your configuration of the Reflection web-based management features in this order.
I. Starting the Servlet Runner
II. Configuring the Security Proxy (Optional)
III. Configuring Access Control
IV. Creating and Configuring Reflection Sessions
II. Configuring the Security Proxy (Optional)
III. Configuring Access Control
IV. Creating and Configuring Reflection Sessions
I. Starting the Servlet Runner
The servlet runner must be started before you can use the Reflection management server (Note: The term "Reflection management server" refers to the Administrative WebStation plus the terminal emulation files.)
The procedure for starting the servlet runner varies depending on where and how you installed Reflection Administrator or Reflection for the Web. If you are using the Tomcat servlet runner provided with Reflection (installed either by the automated installer or tomcat.zip), follow these steps:
On Windows Servers
If you used the automated installer and you chose to install the servlet runner as a service, then the servlet runner starts automatically. You can start or stop the service in the Services list. In Windows Control Panel, click Administrative Tools > Services, and select Reflection Server.
If the servlet runner was not installed as a service, you can use the Start menu: Programs > Reflection Administrator OR Reflection for the Web > Start Servlet Runner.
If you installed using archive files, run the startup.bat file in the \ReflectionServer\jakarta-tomcat-[version number]\bin\ folder. (To close the servlet runner, run shutdown.bat in the same folder.)
On UNIX or Linux Platforms
Run the startup.sh file in the [installation path]/jakarta-tomcat-[version number]/bin/ directory. The command is: ./startup.sh (To close the servlet runner, run shutdown.sh in the same folder.)
Note: Be sure that necessary permissions have been set for the .sh files. Permissions should be set to allow full access for owner, and read and execute permissions for group and other. Use the following command: chmod 755 *.sh
If you are using a servlet runner other than the one provided with Reflection, refer to the servlet runner documentation for instructions to start the servlet runner.
II. Configuring the Security Proxy (Optional)
If your host does not support a secure protocol, or if you want to take advantage of the features offered by the proxy server, you can use the Reflection security proxy to make secure SSL/TLS connections.
For information about configuring the security proxy, see the following technical note for your operating system.
| Operating System |
Technical Note |
| Microsoft Windows |
1320 |
| UNIX, Linux, and Mac OS X |
1812 |
After the security proxy server has been installed and configured, return to this technical note and proceed with III. Configuring Access Control.
III. Configuring Access Control
The Administrative WebStation supports several authentication methods to specify which sessions can be accessed by individual users or groups of users. Authentication is optional. Only configure an authentication method if you want to restrict access to sessions by user or group identity.
- In the Administrative WebStation, click Access Control Setup > Configure to see the list of options.
- Select an authentication method and click Next to configure it. The default is "None."
Note: The remainder of this technical note assumes that you have selected "None." For information about other authentication methods, click Help in the Choose Authentication Method window.
View Full Size
After you set the access control, you are ready to create and configure your Reflection sessions.
IV. Creating and Configuring Reflection Sessions
When you create or edit Windows-based Reflection sessions from the Administrative WebStation, the Reflection Windows-based client runs in "Administrative WebStation mode." In this mode, your sessions are saved automatically to the web server, and the Reflection management server automatically creates web pages with links that can be used to launch your sessions.
Reminder:
- Windows-based Reflection sessions are available only from Windows workstations that have the supporting Reflection client software installed.
- Support for Windows-based Reflection 2008 sessions requires Reflection for the Web 2008 R2 or Reflection Administrator 2008 R2.
- Reflection for the Web/Administrator does not currently support web-based sessions for Reflection Standard Suite 2008, Reflection for UNIX and OpenVMS 2008, Reflection for IBM 2008, or Reflection X 2008. These Windows-based products can be metered, but cannot be started as web-based sessions from the login/links list.
Using the Administrative WebStation
Follow these steps to use the Reflection Administrative WebStation to configure Windows-based Reflection sessions.
- Before you begin, confirm that the appropriate Reflection software products are installed on the Windows workstations (see What to Install).
- Open the Reflection Administrative WebStation:
- Choose the method according to your installation:
In Windows (on the web server): Click Start > Programs > Reflection Administrator OR Reflection for the Web > Administrative WebStation.
Alternate method (from any machine): Open the URL for the login page in your web browser. The URL uses this format:
https://[host name]:[port number]/[web application context]/AdminStart.htmlIf the port number is the default of 80 for HTTP or 443 for HTTPS, you can omit it. For example, the URL to open the Administrative WebStation might be:
https://ServerName/rweb/AdminStart.htmlNote: When you connect over HTTPS to a server using a self-signed certificate, your browser warns you about the certificate you created. This is expected behavior. In the warning message, click Yes to proceed, and the administrator login page will open. This warning message does not appear after you purchase a CA-signed certificate or if you connect using HTTP.
- Log on as an administrator by entering the password that you specified during installation.
- Click Submit. A links list opens; click the Administrative WebStation link.
- Click Session Manager and click Add to create a new Reflection session.
- On the Add New Reflection Session page, select a session type and enter a session name. Then, click Continue.
Note: The format of the information presented on this page varies depending on which Reflection product and version you are using.
- On the Configure a Windows-Based Reflection Session page, specify your preferences for where and how files will be copied to user workstations. For more information about these options, click Help.
- Click Launch to start the new terminal session on your workstation in "Administrative WebStation mode."
Configure the Reflection Session
In the launched Reflection session, configure your settings and security options.
- Set your preferences. In the launched Reflection session, click Setup and then click each menu option to select your preferences.
Note: To import settings from an existing settings or client file, use the File > Open command. The settings file saved to the web server uses the session name that you entered for the session (on the Add New Reflection Session page), not the name of the imported settings file.
- Set the security properties. Follow the steps below if you choose to use either a host-support security protocol in Reflection or the Reflection security proxy.
If you choose to not secure the Reflection session at this time, skip to step 4 to save and exit your session.
- In the launched Reflection session, open the Security Properties dialog box:
In Reflection for HP with NS/VT or Reflection for UNIX and Open VMS, click Connection > Connection Setup > Network. Select a protocol, and click the Security button.
In Reflection for IBM, click Connection > Session Setup > Security (button).
In Reflection X, click Settings > Security. The check box to Enable XDM AUTHORIZATION-1 method is cleared by default.
When you launch Reflection in Administrative WebStation mode, the SSL/TLS tab of Security Properties dialog box includes additional controls that make it easy to create sessions that connect to hosts via the proxy. (Note: This option is not available in Reflection X, Reflection FTP Client, or Reflection for Secure IT SSH or SFTP clients.)
Here is an example from Reflection for IBM version 14.x that uses the security proxy:
- Select your preferred security protocol and enter the appropriate information. To use the security proxy, click the SSL/TLS tab.
- Enter the appropriate information.
If you are using the security proxy, select the check boxes to Use SSL/TLS security and to Use Reflection security proxy. Then enter the Security proxy server and destination host information.
- When the information is entered, click OK, and then test your connection.
- Save and exit your Reflection session. When the Windows-based Reflection session exits:
- The saved settings become part of the session configuration and are automatically saved to your web server.
- If configured, the session's security protocol is listed in the Session Manager under Security Status.
- You are returned to the Administrative WebStation, and the confirmation page provides a link to the Access Mapper.
- In Access Mapper, select which sessions you want to make available to all users. By default, sessions are available only to administrators.
Note: This screen shot assumes that you selected "None" for the Reflection for the Web authentication method. (For details, see IV. Configuring Access Control.) The display looks different if an alternate authentication method was selected.
Links to Reflection Sessions
As the administrator, you can provide users with a URL that displays links to the configured Reflection sessions that they are authorized to access. The URL uses this format:
http://myserver/rweb/WIXSession.do?link[Session Name]To see a list of the links generated for your individual Reflection sessions, open the Administrative WebStation and click Session Manager > View URLs. For example, the URL for an IBM 3270 session might look like this:
http://<server>:443/rweb/WIXSession.do?link=IBM*u0020Session