Technical Notes

You can now configure Reflection for IBM 5250 terminal sessions to sign on to IBM hosts using your Windows credentials. This works in conjunction with IBM's Enterprise Identity Mapping (EIM), which must be configured on your host computers.

The IBM Express Logon Feature (ELF) enables you to connect and logon to 3270 sessions without entering a user ID and password. When this feature is configured, the Telnet 3270 server uses certificate information from an SSL connection and the application ID supplied by Reflection to request a user ID and a PassTicket (a temporary password) from the IBM host access control program RACF.

Certificates in the new Reflection store can be used for host and user authentication during Reflection SSL/TLS sessions. Use the new Reflection Certificate Manager to manage these certificates. (Reflection continues to support authentication using certificates in the Windows certificate store.)

You can configure Reflection to use an LDAP server both for external CRL (Certificate Revocation List) checking and to store intermediate certificates. See the LDAP tab in the Reflection Certificate Manager.

Reflection now supports authentication using smart cards that conform to PKCS#11 specifications. See the PKCS #11 tab in the Reflection Certificate Manager.

Two new menu options, Hyperlink and Email, are available when you right-click text in the terminal display window. The Hyperlink option opens a browser window and enters the selected text in the address box. The Email option opens a new email message and enters the selected text for the recipient's address.

You can now configure Reflection to copy text to the clipboard automatically whenever you select text in the terminal display. You can also control whether or not selected text is cleared automatically when it copied to the clipboard. To make this changes, go to Edit > Copy/Paste settings. The new settings are Automatically copy selected text and Clear selection after copy.

The new Show OIA setting specifies whether Reflection shows operation and status messages in the Operator Information Area (OIA) at the bottom of the terminal window. To configure this display option, go to Setup > Display > Options.

The following methods and properties have been added to the Reflection for IBM Visual Basic for Applications API: ExpressLogonFeatureApplid, UseWindowsCredentials, TelnetEncryptionDisableCRLCheck, MouseHyperlink, MouseMailTo, QuickTextURL, ShowOIA, AutoCopyOnSelect, ClearSelectionOnCopy, CertificatePropertiesDlg, AllowInvalidThaiInput, CurrentLocale, CitrixIPAddress, CitrixPCName, CitrixUserName.

The host program VAXLINK2 has been ported to the Itanium Integrity Server using the Alpha Environment Software Translator (AEST) utility. The AEST utility translates the alpha executable image into an I64 compatible object. For more information, install the Administrator Help (not included with a Typical installation), and see "About the IA64 version of VAXLINK2."

Certificates in the new Reflection store can be used for host and user authentication during Reflection SSH and SSL/TLS sessions. Use the new Reflection Certificate Manager to manage these certificates. (Reflection continues to support authentication using certificates in the Windows certificate store.)

You can now import certificates into the Reflection Key Agent and have them available for user authentication for Secure Shell connections.

You can configure Reflection to use an LDAP server both for external CRL (Certificate Revocation List) checking and to store intermediate certificates. See the LDAP tab in the Reflection Certificate Manager.

Reflection now supports authentication using smart cards that conform to PKCS#11 specifications. See the PKCS #11 tab in the Reflection Certificate Manager.

If you have already created an SSH Config scheme, or configured settings for a particular host, you can easily use this configuration again. All configured hosts and schemes are now available for selection from a convenient drop-down list.

Use the Local Port Forwarding dialog box to configure Reflection to launch an application automatically after the Secure Shell connection has been established. This feature makes it easier to send data securely through the SSH Tunnel from any application installed on the local computer.

Use multi-hop connections when you need to establish secure connections through a series of SSH servers. This is useful if your network configuration doesn't allow direct access to a remote server, but does allow access via intermediate servers.

You can reuse an established SSH connection when you open multiple sessions to the same host—additional sessions don’t require re-authentication. To change this setting use the General tab of the Secure Shell Settings dialog box.

Reflection can now forward all FTP communications—including the FTP command channel and data channel(s)—through an existing secure SSH tunnel.

FIPS mode can now be configured on a per-session basis. Reflection also continues to support use of group policy to enforce FIPS mode for all sessions.

New keywords are available for configuring VT220 emulation for command line ssh and ssh2 sessions. These can be configured in the Secure Shell configuration file, or by using the -o command line switch. To see a list of these new terminal settings, see "Secure Shell, configuration file keywords (terminal settings)" in the Reflection application Help index.

The ssh, scp, and sftp command line utilities now support the full range of command line switches provided by equivalent OpenSSH-style utilities. New ssh2, scp2, and sftp2 utilities have been added for customers who are migrating from F-Secure and need to maintain scripts written for the F-Secure command line utilities.

The scp and scp2 command line utilities now use the sftp subsystem to transfer files securely. (Backwards compatibility for OpenSSH-style scp transfer, which uses rcp through the SSH tunnel, is available using the -1 switch.)

The Reflection F-Secure migration wizard now migrates a more complete set of F-Secure settings for use with the Reflection client. Migrated information now includes certificates and PKI settings, default profiles, and the F-Secure ssh2_config file.

With the XI Driver Client, you can use a SpaceBall or SpaceMouse input device installed on your local PC to work with a 3D CAD/CAM application, such as CATIA, that's installed on a host.

For ease of use, local X client connections are now maintained (the server is not reset) if your PC enters hibernation mode and your X client sessions are suspended. As with previous versions of Reflection X, you specify whether to deny session suspension (Settings menu > Server > Confirm close when clients are connected check box).

The Reflection X Replay command is now available from the Tools menu, as well as from the Trace dialog box. Use this command to play back a captured trace, either locally or on another computer running Reflection X.

The new Advertise single depth visuals option (Settings > Color) provides a quick way to advertise only those visuals with the same depth as the Default visual type.

To help Attachmate customers smoothly transition from KEA! X to Reflection X, a customized migration utility is now available from the Attachmate Download Library. See Technical Note 1884 for more information.

So that Administrators can profile Reflection X to start with different areas of the Client Files tree (X Manager) expanded, three new settings have been added, thus making it easier for users to locate their client files. For more information, install the Administrator Help (not included with a Typical installation), and refer to the descriptions for ExpandFilesTreeClientStartup, ExpandFilesTreeLocal, and ExpandFilesTreeXDMCP.

Administrators can now easily review which Reflection X settings have been profiled using the new Profiled radio button and Profiled command button in the View Settings dialog box.

Reflection administrators can use the features on the X Profiler's General tab to troubleshoot Reflection X profiles (Rx.ini) on remote computers. The X Profiler is installed in the Administrative Tools folder if you have installed the Reflection Administrator's Toolkit. Start the Profiler and use its help file (Xprofile.chm) to learn more about this new feature.

Certificates in the new Reflection store can be used for host and user authentication during Reflection SSH and SSL/TLS sessions. Use the new Reflection Certificate Manager to manage these certificates. (Reflection continues to support authentication using certificates in the Windows certificate store.)

You can now import certificates into the Reflection Key Agent and have them available for user authentication for Secure Shell connections.

You can configure Reflection to use an LDAP server both for external CRL (Certificate Revocation List) checking and to store intermediate certificates. See the LDAP tab in the Reflection Certificate Manager.

Reflection now supports authentication using smart cards that conform to PKCS#11 specifications. See the PKCS #11 tab in the Reflection Certificate Manager.

If you have already created an SSH Config scheme, or configured settings for a particular host, you can easily use this configuration again. All configured hosts and schemes are now available for selection from a convenient drop-down list.

Use the Local Port Forwarding dialog box to configure Reflection to launch an application automatically after the Secure Shell connection has been established. This feature makes it easier to send data securely through the SSH Tunnel from any application installed on the local computer.

Use multi-hop connections when you need to establish secure connections through a series of SSH servers. This is useful if your network configuration doesn't allow direct access to a remote server, but does allow access via intermediate servers.

You can reuse an established SSH connection when you open multiple sessions to the same host—additional sessions don’t require re-authentication. To change this setting use the General tab of the Secure Shell Settings dialog box.

Reflection can now forward all FTP communications—including the FTP command channel and data channel(s)—through an existing secure SSH tunnel.

FIPS mode can now be configured on a per-session basis. Reflection also continues to support use of group policy to enforce FIPS mode for all sessions.

New keywords are available for configuring VT220 emulation for command line ssh and ssh2 sessions. These can be configured in the Secure Shell configuration file, or by using the -o command line switch. To see a list of these new terminal settings, see "Secure Shell, configuration file keywords (terminal settings)" in the Reflection application Help index.

The ssh, scp, and sftp command line utilities now support the full range of command line switches provided by equivalent OpenSSH-style utilities. New ssh2, scp2, and sftp2 utilities have been added for customers who are migrating from F-Secure and need to maintain scripts written for the F-Secure command line utilities.

The scp and scp2 command line utilities now use the sftp subsystem to transfer files securely. (Backwards compatibility for OpenSSH-style scp transfer, which uses rcp through the SSH tunnel, is available using the -1 switch.)

Certificates in the new Reflection store can be used for host and user authentication during Reflection SSH and SSL/TLS sessions. Use the new Reflection Certificate Manager to manage these certificates. (Reflection continues to support authentication using certificates in the Windows certificate store.)

You can now import certificates into the Reflection Key Agent and have them available for user authentication for Secure Shell connections.

You can configure Reflection to use an LDAP server both for external CRL (Certificate Revocation List) checking and to store intermediate certificates. See the LDAP tab in the Reflection Certificate Manager.

Reflection now supports authentication using smart cards that conform to PKCS#11 specifications. See the PKCS #11 tab in the Reflection Certificate Manager.

The Reflection FTP Client can now be configured to transfer files securely (using the TLS protocol) through the Reflection security proxy server. This proxy server is available with Reflection Administrator (available seperately). To configure this from the FTP Client, open the Site Properties dialog box, click Security, then go to the SSL/TLS tab. Use this tab to enable a connection through the Reflection security proxy and to specify the Security proxy server and port to connect to. You can also configure this support using either Reflection Administrator or the Reflection for the Web Administrative Webstation.

If you have already created an SSH Config scheme, or configured settings for a particular host, you can easily use this configuration again. All configured hosts and schemes are now available for selection from a convenient drop-down list.

Use the Local Port Forwarding dialog box to configure Reflection to launch an application automatically after the Secure Shell connection has been established. This feature makes it easier to send data securely through the SSH Tunnel from any application installed on the local computer.

Use multi-hop connections when you need to establish secure connections through a series of SSH servers. This is useful if your network configuration doesn't allow direct access to a remote server, but does allow access via intermediate servers.

You can reuse an established SSH connection when you open multiple sessions to the same host—additional sessions don’t require re-authentication. To change this setting use the General tab of the Secure Shell Settings dialog box.

Reflection can now forward all FTP communications—including the FTP command channel and data channel(s)—through an existing secure SSH tunnel.

FIPS mode can now be configured on a per-session basis. Reflection also continues to support use of group policy to enforce FIPS mode for all sessions.

New keywords are available for configuring VT220 emulation for command line ssh and ssh2 sessions. These can be configured in the Secure Shell configuration file, or by using the -o command line switch. To see a list of these new terminal settings, see "Secure Shell, configuration file keywords (terminal settings)" in the Reflection application Help index.

The ssh, scp, and sftp command line utilities now support the full range of command line switches provided by equivalent OpenSSH-style utilities. New ssh2, scp2, and sftp2 utilities have been added for customers who are migrating from F-Secure and need to maintain scripts written for the F-Secure command line utilities.

The scp and scp2 command line utilities now use the sftp subsystem to transfer files securely. (Backwards compatibility for OpenSSH-style scp transfer, which uses rcp through the SSH tunnel, is available using the -1 switch.)