Reflection for the Web is terminal emulation software that securely connects browser users to applications on IBM, HP, UNIX, OpenVMS, and Unisys hosts. With its strong authentication and encryption capabilities, you can safely deliver fully functioning host applications across the public Internet. More specifically, with Reflection’s secure token authorization feature, you can add an extra layer of protection to your host applications and integrate them into your modern security infrastructure.
With Reflection for the Web, you can:
- Deploy both web- and Windows-based terminal emulation sessions from a web server.
- Secure all host sessions with secure token authorization and AES or 3DES encryption over SSL/TLS and SSH.
- Authenticate users with Directory Services, X.509 smart cards, Kerberos, and eTrust SiteMinder.
- Use your existing LDAP users and groups to control user authorization to sensitive data and resources.
- Meet regulatory requirements, such as PCI, Sarbanes-Oxley, Gramm-Leach-Bliley, FIPS, HIPPA, and European Data Directive.
- Provide standards-based security for business applications and file transfers.
- Maximize existing technologies—including X.509 certificates, Online Certificate Status Protocol (OCSP), and Certificate Revocation Lists (CRL)—via Reflection for the Web’s Public Key Infrastructure (PKI) support.
- Ensure cross-platform flexibility with client-side support for all major web browsers, including Internet Explorer, Netscape, Opera, Mozilla Firefox, and Safari.
- Use simplified sign-on for easier user access and password management.
- Integrate host applications with IBM, BEA, and eTrust SiteMinder portals.
Diagram 1: How Reflection for the Web Works
1) User connects to the Reflection Management Server.
2) User authenticates to a directory server (LDAP/Active Directory)—optional.
3) Directory server provides user and group identify.
4) Reflection Management Server sends emulation session to authenticated client.
5) Authenticated user connects to the host.
Diagram 2: How Reflection for the Web Secures Host Sessions
1) User connects to the Reflection Management Server.
2) User authenticates to a directory server (LDAP/Active Directory)—optional.
3) Directory server provides user and group identify.
4) Reflection Management Server sends emulation session and digitally signed authorization token to the client.
5) Emulation applet makes SSL/TLS connection to Security Proxy Server and sends signed token to Security Proxy Server.
6) Security Proxy Server validates token’s digital signature, then sends decrypted datastream to the host (port specified in token). Optional: datastream can be encrypted all the way to the host.
Learn More
Technical Specifications
Technical Notes
- 2188 New Features in Reflection for the Web 9.5 and 9.6
- 2111 Frequently Asked Questions: Reflection for the Web version 9.x
- 1946 Securing Windows-Based Reflection Sessions (with SSL/TLS) Using the Reflection Security Proxy
- 1807 Using the Personalization Feature in Reflection for the Web
- 2170 Using Reflection for the Web with Web Proxies
White Paper
Customer Story