You can centrally manage, secure, and monitor users’ access to host connections with the Micro Focus Host Access Management and Security Server (MSS), a separately available product that is designed to provide centralized management for Reflection sessions.
Using this centralized management server, you can grant or deny access based on group or role, quickly apply security updates and configuration changes to align with changing regulatory or business needs, and make post-install adjustments on the fly. MSS allows you to configure and lock down large numbers of desktops with ease.
MSS includes two servers that you can use to configure and monitor your sessions:
The Administrative Server
Using the MSS Administrative Console, you can define terminal emulation sessions, configure and save session settings, and then manage and configure secure settings for those sessions. You can also use directory services, such as Active Directory, to authorize access to host applications—without changing your LDAP schema or data. Sessions that you create in this way are saved to the server and can be made available to users from the server and modified at any time. See Create and Deploy Sessions and Settings with the MSS Administrative Console.
The Metering Server
Use the Metering Server to track Reflection sessions and determine how many client workstations use the product. See Enable Usage Metering.
You can enhance your ability to manage sessions and reinforce security with MSS Add-Ons. You’ll gain additional critical functionality when you pair MSS with these products:
Security Proxy Add-On
The Security Proxy acts as a proxy for terminal sessions and provides token-based access control, routing encrypted network traffic to and from user workstations. The Security Proxy Server can be installed on the same server as the Administrative Server or on another system.
To set up the Security Proxy for client authorization, pass through, end-to-end TLS, and end-to-end SSH security connections, see Connect to Hosts using the Security Proxy Add-On.
Terminal ID Manager Add-On
You can use the Terminal ID Management Add-On to monitor a pool of resource IDs that a client can use to establish a host session, thereby eliminating the need to create configurations for every client. The Terminal ID Manager enables you to pool terminal IDs, track ID usage, and manage inactivity timeout values for specific users, thus conserving terminal ID resources and significantly reducing operating expenses. The Terminal ID Manager can be installed on the same server as the Administrative Server or on another system. See Set Up Terminal ID Management for Reflection Desktop Sessions.
Automated Sign-On for Mainframe Add-On
The Automated Sign-On for Mainframe Add-On enables users to authenticate to a front-end system using a modern form of authentication (such as a smart card, certificate, LDAP password, Kerberos, etc.) and then be automatically logged on to a z/OS mainframe application. To add Automated Sign-On for Mainframe, you need to install the activation file and configure settings using the Administrative Console. Some configuration is also needed on the mainframe. See Set up Automated Sign-On for Mainframe Sessions.