2.2 System Requirements

Reflection for the Web components can be installed on a single server or on separate servers.

NOTE:Security updates for JREs that are used by Reflection for the Web and Management and Security Server (MSS) are made available through product updates.

Check the requirements for each component:

2.2.1 Server requirements

The server requirements are based on the requirements for Management and Security Server:

  • 3.40 GHz (4 cores) and 8GB of RAM

  • Server-class 64-bit operating system (Windows, Linux, or UNIX)

    For production, a server-class system is required. However, a workstation could be used for initial testing or evaluation.

  • A private OpenJDK (non-Oracle) JRE 1.8.0_<nnn> is installed by the Reflection for the Web automated installer, where <nnn> is the most recent security release as of this product release date.

See the MSS Installation Guide regarding the requirements for specific server components, such as the Security Proxy Server.

2.2.2 Administrator workstation

To be able to configure and manage Reflection for the Web in the MSS Administrative Console, the administrator needs:

  • 64-bit or 32-bit Microsoft Windows

  • any browser, when using Reflection for the Web Launcher

  • Internet Explorer 11 with the Java 8 (or higher) browser plug-in, when not using Reflection for the Web Launcher

2.2.3 Terminal session (client)

The client requirements depend on how (and whether) you are deploying the Reflection for the Web Launcher, which is configured in the MSS Administrative Console.

For instance, with the Standard option, user workstations can still use Internet Explorer 11 with the Java plug-in. However, with Reflection for the Web Launcher’s Hybrid or Launcher option, any browser can be used.

See the Deployment Options to determine the appropriate option for your environment. Then you can check the client requirements.

Client requirements, based on the option for your environment:

NOTE:If you use another JRE that supports Java Web Start, such as one for Oracle or IBM, the Java configuration must have Java caching enabled. That is, the option to Keep temporary files on my computer must be enabled in the Java console.

Standard deployment option

This option supports an environment that uses Oracle’s JRE or a Java browser plug-in.

  • Internet Explorer v11 with the Oracle Java 1.8 plug-in or higher that can run trusted applets

    Note:OpenJDK does not support the Java plug-in for browsers on Microsoft Windows.

Depending on your version of Java, note these specific requirements:

Java 1.8.<n>

  • Supported browsers: Internet Explorer 11

  • Unlimited Strength Jurisdiction Policy Files

    NOTE:Beginning with Java 1.8.0_162, the Java Cryptography extension (JCE) unlimited strength policy files are installed by default. No further configuration is needed.

    If you are using an earlier version, you may need to install the policy files. See Unlimited Strength Jurisdiction Policy Files

Java 1.9 or higher

Note: Oracle no longer provides a free Java (JRE) with Long Term Support for businesses, and may remove the Java browser plug-in. For highlights of Oracle’s policy changes and our response, see Reflection for the Web Launcher: a Web Start (JNLP) solution.

For Java 1.9 or higher:

Internet Explorer 11 configuration

Java 1.9 (or higher) requires these settings.

  1. In Internet Explorer 11 (64-bit), open Internet Options to the Security tab.

  2. Check Enable Protected Mode* (requires restarting Internet Explorer) for each zone:

    • Internet

    • Local intranet

    • Trusted sites

    • Restricted sites

      Click Apply.

  3. Click the Advanced tab.

  4. Scroll to the Security section, and check Enable Enhanced Protected Mode*.

  5. Click Apply and OK. Close Internet Explorer.

  6. Restart your computer for the changes to take effect.

TLS connections

To make TLS connections with Java 1.9 or higher, apply this configuration:

  1. Open the Java 9 Control Panel to the Desktop Settings tab.

    One or more JREs are listed.

  2. In the Runtime Parameters column, add this text to each line:

    --illegal-access=warn

  3. Click Apply.

Unlimited Strength Jurisdiction Policy Files

For TLS connections to your host, Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files may be required. Unlimited strength policyiles contain no restrictions on cryptographic strengths, in contrast to the strong but limited cryptography policy files bundled in some JREs.

Applying the JCE Unlimited Strength Jurisdiction Policy Files

Beginning in Java 1.8.0_151, changes were made to the way the policy files are provided and enabled. Follow the steps for your version of Java.

Table 2-2 Steps to enable JCE Unlimited Strength Jurisdication Policy Files

Java version

Required action

1.8.0_162 or higher

Unlimited strength policy files are enabled by default.

No further configuration is needed.

1.8.0_151 or 1.8.0_152

The policy files are included but must be enabled.

  1. Open jre\lib\security\java.security.

  2. Search for the line #crypto.policy=unlimited and remove the # character to uncomment the line.

earlier than 1.8.0_151

The policy files must be downloaded and installed.

  1. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from your JRE or JDK provider, such as Oracle or IBM. Be sure to download the correct files for your version of Java:

    Oracle: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

    IBM: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk

  2. Uncompress and extract the downloaded file. The download includes a Readme.txt and two .jar files with the same names as the existing policy files.

  3. Locate the two existing policy files:

    local_policy.jar

    US_export_policy.jar

    On UNIX, look in <java-home>/lib/security/

    On Windows, look in C:\Program Files\Java\jre<version>\lib\security\

  4. Replace the existing policy files with the unlimited strength policy files you extracted.

NOTE:The JCE Unlimited Strength Jurisdiction Policy Files must be applied each time you upgrade your JRE.

Hybrid deployment option

The requirements in a mixed environment need to support all users’ workstations.

  • Users whose workstations use Oracle’s Java or the Java plug-in must meet the Standard deployment option requirements.

  • Users who are transitioning away from Oracle’s Java will install Reflection for the Web Launcher on their workstations, and must meet the Launcher deployment option requirements.

Launcher deployment option

This option exclusively supports Reflection for the Web Launcher.

  • 64-bit or 32-bit Microsoft Windows

  • Any browser, including Google Chrome, Mozilla Firefox, Internet Explorer 11, or Microsoft Edge

  • Reflection for the Web Launcher

    Reflection for the Web Launcher installs a JRE from OpenJDK. The JRE includes the most recent security update as of the Reflection for the Web release date.

  • JavaScript is a soft requirement

    When the Reflection for the Web Launcher is configured for Launcher deployment in MSS, browsers that support JavaScript will automatically launch the links list applet and emulator sessions. Otherwise, the user will need to click Display Links List to launch the links list and the sessions.

Related topics