Extend. Manage. Secure. More than 30 years in the business. Over 65,000 customers.
Home » Products » Managed File Transfer » Reflection for Secure IT » Reflection for Secure IT Web Edition
How to Buy  Evaluate
Sales: 1.800.872.2829

Reflection for Secure IT Web Edition

Secure Web File Transfer

Version 8.1 is now available
See how your Reflection compares

Version Comparison Chart

Reflection for Secure IT Web Edition is a web-based file transfer solution that allows enterprise users to securely upload or download files of any size to corporate servers. No desktop installation or configuration is required. It is part of the Reflection for Secure IT family of SSH clients and servers for Windows and UNIX—all designed to protect data in motion.


Key Features in Version 8.1
  • Support for major browsers.
  • Industry-standard security with Secure Shell (SSH) support.
  • Checkpoint restart for stopping or restarting a transfer.
  • Separate management of external and internal user accounts.
  • File transfer auditing.
  • Easy drag-and-drop transfers.
  • LDAP integration.
  • X.509 authentication.

With Reflection for Secure IT Web Edition, you can:

  • Provide file transfer capabilities to users through a web browser.
  • Use the secure shell (SSH) protocol standard to protect sensitive files in transit.
  • Avoid placing files in the DMZ as a step in the transfer process.
  • Pause and resume a file transfer, or recover a failed transfer, at the place where it stopped.
  • Maintain audit records of all file transfers.

In these ways, you can support safer information sharing and meet growing regulatory requirements with confidence.



Secure Shell Clients

Secure Shell Access

  • Secure remote terminal connections:
    • Configurable terminal provider  (cmd.exe)
    • Configurable terminal default directory
    • Use of mapped drives to access network directories during terminal sessions
  • Secure remote command execution

Secure File Transfer

  • SCP and SFTP version 4 protocol support
  • SCP and SFTP special features:
    • Smart Copy (to eliminate redundant copying of identical source and target files)
    • File transfer resume after interrupted downloads
  • SCP1 protocol support (for compatibility with OpenSSH clients)
  • Virtual directory and chroot environment support

Access Control

  • Assignable rights (allow or deny):
    • Terminal shell access
    • Exec requests
    • Local port forwarding
    • Remote port forwarding
    • SCP1 access
    • SFTP/SCP2 access
    • SFTP activities (Browse, Download, Upload, Delete, and Rename)
  • Assignable to (subconfigurations):
    • Global
    • Groups
    • Users
    • Per client system (by IP address or domain name)
  • Deny connections to users without Windows interactive access rights
  • Control over the number of connections allowed per user 
  • Use of alternative credentials for accessing SFTP directories (for file transfers) and mapped drives (for terminal sessions)


  • TCP port forwarding (local and remote)
  • FTP protocol (active and passive mode)
  • RDP protocol

Standards Support

  • Compliance with IETF Secsh Internet drafts and RFCs 4250–4254, 4256, 4462, 4344, 4345, and 4716
  • UTF-8 character support

Cryptographic Library Validation

  • FIPS 140-2 validated


  • Ciphers:
    • AES (128-, 192-, and 256-bit CTR)
    • AES (128-, 192-, and 256 bit-CBC)
    • 3DES (3 56-bit key EDE)
    • Blowfish (128-bit)
    • CAST (128-bit)
    • Arcfour (128- and 256-bit)  
  • MACs:
    • HMAC-MD5 (optional MD5 rejection available)
    • HMAC-MD5-96
    • HMAC-SHA1
    • HMAC-SHA1-96
    • HMAC-SHA256
    • HMAC-SHA512
    • RIPEMD160  
    • Meets DoD requirements for SHA-2
  • Key exchange:
    • Diffie-Hellman 
    • GSS-API key exchange


  • Server authentication:
    • Public key (RSA and DSA)
    • PKI X.509 certificates
    • GSSAPI/Kerberos
  • User authentication:
    • Password (local user and Windows domain user)
    • Public key:
      • RSA user keys
      • DSA user keys
      • OpenSSH public key interoperability
      • X.509 certificates
    • Keyboard interactive:
      • RSA SecurID
      • RADIUS
  • Keyboard-interactive password
    • GSSAPI/Kerberos
Web Edition Transfer Client


  • Password
  • new X.509 certificates

Remote Server Access

  • Any secure shell server can be proxied with the transfer server
    • Supported protocols: SFTP v3 or v4
    • Supported authentications: password or public key
    • Settable root folder on remote server
    • Checkpoint-restart when remote server is a Reflection for Secure IT Server

Identity Management

  • new Integration with any LDAP-compliant store (such as Active Directory)
  • Built-in user storage for local users
  • Real-time synchronization
  • Filtering
  • LDAP Groups


  • new Optional enforcement of browser plug-in version
  • Audited transfers
  • Encrypted connections:
    • HTTPS for authentication
    • SFTP for file transfer
    • AES-128 cipher
    • SHA-256 MAC

Transfer Client

  • Drag-and-drop transfers
  • Local and Server views
  • Transfer entire directory trees
  • Smart copy
  • Checkpoint restart
  • UTF-8 encoding supports files names in any locale
General Specifications

Reflection PKI Services Manager:

  • Centralized configuration and management of PKI functions across multiple Reflection for Secure IT Windows servers, UNIX servers, and UNIX clients
  • Standalone service module supported on most platforms supported by Reflection for Secure IT Windows and UNIX servers
  • DoD PKI certified
  • FIPS 140-2 validated (in process as of July 2013)
  • RFCs 2253, 2560, and 3280
  • X.509 certificates for server and client authentication (X.509 versions 1-3)
  • Version 2 X.509 CRL
  • OCSP revocation checks
  • HSPD-12 support
  • Support for LDAP and HTTP certificate and CRL repositories
  • Support for Microsoft Windows Certificate Store
  • Certificate extensions supported:
    • CDP
    • IDP
    • AIA
    • Policy constraints
    • Basic constraints
    • Name constraints
    • Extended key usage
  • Customizable configuration on per trust anchor basis
  • Fully customizable mapping of SSH user account names to certificates
  • SOCKS proxy support
  • PKI client command line utility for querying services availability and certificate validity

    Auditing and Logging

    • Configurable Windows Event Log level
    • Configurable Debug Log with local and UTC time stamps
    • Notification of exceeded maximum password attempts
    • Dedicated audit log for all file transfers

    Administrative Tools

    • Customizable locations for server configuration files
    • Section 508 support in the Reflection for Secure IT Server for Windows configuration utility
    • new Flexible deployment of components (co-located or separate servers)

    Operating Systems

    • new Microsoft Windows Server 2012 (x86-64)
    • Microsoft Windows Server 2008 R2 (x86-64)
    • Microsoft Windows Server 2008 (x86 and x86-64)
    • new VMWare ESXi support

    System Requirements

    • Any system that meets the minimum requirements for the Microsoft Windows operating system
    • Disk space varies depending on the features installed
    • Network interface card
    Let's Talk

    Request a Call

    Complete the form below or call 1-800-872-2829.
    * = Required Field

    * Name:

    * Email Address:

    * Phone:

    * Country:


    For support information, please visit Technical Support.

    Thank You

    Thank you for your interest in Attachmate. An Attachmate representative will be in touch shortly.



    Sales: 1-800-872-2829

    For support information, please visit
    Technical Support.