action.skip

Reflection for the Web Overview

Reflection for the Web provides Java-based applets to deploy web-based terminal emulation sessions to your users. Reflection for the Web’s terminal sessions are centrally managed and secured using the Management and Security Server (MSS) Administrative Console.

Your Reflection for the Web license entitles you to

  • Centralized management (MSS), which is automatically installed with Reflection for the Web

  • Security Proxy

  • Terminal ID Manager

Using Reflection for the Web and MSS, you can configure secure web-based terminal emulations sessions that connect to host applications located inside or outside the firewall.

Briefly, here’s how it works:

  1. An administrator installs Reflection for the Web on a server and either installs or uses an existing installation of Management and Security Server (MSS).

  2. The administrator uses the MSS Administrative Console to create, configure, and secure terminal emulation sessions. Optional security settings can be configured on a per-session basis.

  3. A user clicks a link to start a terminal session.

  4. The Reflection for the Web session is downloaded to the user's workstation.

  5. The user connects to and communicates with the host system using the downloaded emulation applet.


The diagram below depicts the interaction between Reflection for the Web, the MSS Administrative Server, and the optional Security Proxy Server to provide enhanced security.

  1. Reflection for the Web user connects to the MSS Administrative Server.

  2. User authenticates to a directory server (LDAP/Active Directory) or other identity management system — optional.

  3. Directory server provides user and group identity — optional.

  4. The Administrative Server sends a list of Assigned Sessions to the authenticated client. The user clicks a session.

  5. When the optional Security Proxy Server is configured for use by a session, emulation applet makes a TLS connection to Security Proxy Server and sends it a signed token.

  6. When present, the Security Proxy Server validates session token and establishes a connection to the host:port it specifies.

  7. When no Security Proxy Server is present or a session is not configured to use it, an authenticated user connects directly to the host.

Administrative Server

The Management and Security Server Administrative Server includes the MSS Administrative Console and terminal emulation files, which are installed together on a web server.

After you install (or point to an existing) Management and Security Server, you can open the Administrative Console, which is a self-contained web application. Use the Administrative Console to manage and configure web-based terminal sessions. With Reflection for the Web, Java-based applets deploy terminal emulation sessions to your users.

Optional Components

Your Reflection for the Web license entitles you to these optional components in Management and Security Server:

  • Metering Server monitors the use of terminal sessions.

  • Security Proxy Server acts as a proxy for terminal sessions, routing encrypted network traffic to and from user workstations.

  • Terminal ID Manager spools terminal IDs, tracks ID usage, and manages inactivity timeout values for specific users.

Note

Your Reflection for the Web license includes the Security Proxy and Terminal ID Manager, which are Add-On Products to Management and Security Server.

For information about installing, configuring, and using these components, see the MSS Deployment Guide.