1.4 Installing Reflection ZFE

1.4.1 Before you install

Keep these things in mind when installing Reflection ZFE.

  • Host Access Management and Security Server

    Host Access Management and Security Server (MSS) is used for session management: MSS is installed with Reflection ZFE in a typical installation, however, you can use an existing MSS installation if that works better for you. The Windows install program will install MSS, the ZFE session server, and documentation to a single machine. Different components can reside on different machines.

    You will be asked for the user name and password for the MSS machine used by Reflection ZFE. It is a good idea to have those credentials in hand before you start installation.

    MSS uses activation files (activation.jaw) to enable product functionality. The Reflection ZFE install program contains the needed activation file to enable communication between Reflection ZFE and MSS. You will need to provide an activation file if you intend to use an already installed or remote MSS server that has not been activated for use with Reflection ZFE. Support for UTS, T27, and the Terminal ID Manager requires separate activation files. It is important that you install compatible versions of both products. You can read all about MSS activation files in the Host Access Management and Security Server Installation Guide.

  • Reflection ZFE and Java

    Reflection ZFE requires a Java JDK version 8 or higher and MSS requires a Java JRE version 8 or higher. This Java requirement is met during installation, except for these platform exceptions:

    • For systems, such AIX or Linux on System Z that require an IBM JDK, you can use the “nojdk” installer media, which does not include a bundled JDK.

      To use the nojdk media option:

      • The installation must be able to locate a Java executable to start. If a Java executable cannot be found by the installer, then you can set the INSTALL4J_JAVA_HOME environment variable to refer to a Java installation’s bin directory.
      • When started, the installation program will automatically search for version-compatible JDKs on the system. If more than one JDK is found, a list is displayed from which you can choose. If only a JRE is found on the system, you can continue with the installation, but the Reflection ZFE server will not run correctly until you have updated the wrapper.java.command property located in sessionserver/container.conf to refer to a JDK installation.
    • Both Reflection ZFE and MSS require that the Java installation support unlimited strength encryption. More information is available on the Java web site.

    • If necessary, you can use the environment variables named above and INSTALL4J_JAVA_HOME_OVERRIDE to specify a specific Java installation.

  • If you plan on using the IIS Reverse Proxy with Reflection ZFE, read Using the IIS Reverse Proxy with Reflection ZFE for prerequisites and configuration instructions.

1.4.2 System Requirements

All requirements listed are the minimum required to successfully install Reflection ZFE.

Supported web browsers

The only thing needed to access Reflection ZFE terminal emulation is a supported web browser. The following web browsers are currently supported:

  • Google Chrome 33+

  • Mozilla Firefox 27+

  • Microsoft Internet Explorer 11

    See Browser issues for information on performance issues when using Internet Explorer.

  • Microsoft Edge

  • Apple iOS Safari 7+

MSS is platform independent and supports any web browser using JRE 7 or later that supports JavaScript and Cascading Style Sheets (CSS).

Session server operating systems

The Reflection ZFE session server supports the following 64-bit platforms:

  • Windows 2008 Server

  • Solaris 10 (SPARC)

  • Red Hat Enterprise Linux (RHEL) 6.x

  • SUSE Enterprise Linux 11.x

  • AIX 6.x

z/Linux (SUSE E11.x and RHEL 6.x) installation

Follow the procedures described in the download site instructions.

Installing on UNIX platforms

  • You must either install as “root” or use a user account with root privileges to complete successfully. When the installation has successfully completed, the installed application can be started and managed by “root” or someone running as ‘root”.

  • Elevated privileges are needed to open any application ports lower than 1024. Reflection ZFE will not start using a lower port number unless you have system privileges to open low numbered ports.

  • You can use the chmod command to assign application privileges to users other than root.

1.4.3 Preparing to install

Reflection ZFE supports TLS and SSH protocols to protect mission-critical data. To secure your passwords and other sensitive data, you should require browsers to use the HTTPS protocol.

To configure a Reflection ZFE session to use TLS, you must first establish a “trust” for the public certificate chain of the host to which you’re connecting. MSS centrally manages the trust store that Reflection ZFE uses. Be default, the Reflection ZFE session server fetches this trust store every time it attempts a connection.

For a successful installation you must have a valid certificate signed by a trusted Certificate Authority (CA) and install it on the session server. To head off any installation issues, read Making Secure Connections. In a typical Reflection ZFE installation there are three main connection points that you need to consider in regard to security, the Making Secure Connections topic deals with all three; web browser to Reflection ZFE session server, Reflection ZFE session server to MSS, and Reflection ZFE session server to the host legacy system.

Ports used by Reflection ZFE

Configure your firewall to allow connections on the following TCP listening ports:


Default Port Numbers

Reflection ZFE session server

7070 - HTTP

7443 - HTTPS


80 - HTTP

443 - HTTPS

Both the Reflection ZFE and the MSS Administrative Server ports can be changed depending on your network needs. To modify the Reflection ZFE session server ports, see How to Change Ports.

1.4.4 Upgrading from Previous Versions

Upgrading is a simple and easy. It’s best to back up any previous work before you upgrade.

To upgrade from previous versions to the current version:

  1. Stop Management and Security Server.

  2. Uninstall the previous version of Reflection ZFE, but do not uninstall Management and Security Server.

  3. Install the latest version of Reflection ZFE.

1.4.5 Troubleshooting the Installation

To complete a successful installation, make sure that you have taken care of these common connection issues:

Is MSS configured for HTTPS?

Connect to the system where the Administrative Server is installed and log in to the Administrative Server. In the Administrative Console, open the Security Setup section and note the protocol selection.

Verify that both MSS and Reflection ZFE are using trusted certificates.

MSS imports certificates and private keys to C:\ProgramData\Micro Focus\MSS\MSSData\certificates.

If you are not using trusted certificates, have you configured Reflection ZFE to run using HTTP?

Are your connection properties configured properly?

In the unlikely event that you have to verify connection information, the container.properties file for both the management component and the Reflection ZFE session server contains the connection properties needed to make the Reflection ZFE to MSS connection as well as the browser to Reflection ZFE connection.

You can find the file in the Reflection ZFE installation at <install-dir>/sessionserver/conf/container.properties.

Connecting using HTTP

If you do not have a trusted certificate in place, you can configure Reflection ZFE to use HTTP. This configuration is not secure and should be used only when no other option is available.

Connecting to...

Do this...

An existing remote MSS Administrative Server

  1. During the Reflection ZFE installation, after you accept the license agreement and choose a destination directory, select Use remotely hosted MSS. Click Next.

  2. Enter either the host name, DNS name, or IP address.

  3. Change the port from 443 to 80.

  4. Select HTTP and complete the installation process.

The MSS Administrative Server that is installed with Reflection ZFE

  1. Select Install MSS and follow the installation instructions.

  2. Clear the Perform this action option and click Finish.

    If this option is not disabled, you can open <install-directory>\Micro Focus\ReflectionZFE\sessionserver\conf\container.properties in a text editor and change 443 to 80 in the following line: management.server.url=http://yourmachine:80/mss

    If this option is not cleared, an internal error is generated and you will be asked to contact your system administrator.

  3. Restart the Reflection ZFE Session Server service.

Other known issues

This section documents miscellaneous known issues and work around tips for Reflection ZFE.

SSL/TLS error message issues

  • (ECL1011) Error connecting to host: Connection to host failed.

    This error can display in a number of situations that are not simply due to a connection failure.

    • You may see this error if an SSL/TLS connection failed due to the lack of a trusted certificate in the MSS trust store.

    • This error displays when a SSL/TLS handshake failure occurs when you use TLS to connect to or from a plain text host.

Install does not complete on UNIX or LInux platforms

The Reflection ZFE install program may stall on UNIX or Linux systems, particularly headless ones. This stall is caused by an insufficient amount of entropy in the system, typically due to a lack of interaction with the operating system’s UI (or lack of UI).

To remedy the issue:

  1. Stop the installation process.

  2. On the installer’s command line, prepend –J to the Java System property: ./reflectionzfe-xxxx-linux-x64.sh -J-Djava.security.egd=file:///dev/urandom

  3. Run the installation program containing the added argument.

Related Topics

  • Setting Post Installation Options
  • Making Secure Connections