Connecting to the Host

Reflection ZFE supports IBM 3270 and 5250 hosts and VT and UTS host types.

To connect to the host:

From the Type drop down list, select the type of host you are connecting to.
Identify the host to which you want to connect. You can use a full host name or its IP address.
Type the number of the port you want to use.
Complete the information needed for the host connection.
Save your connection settings.

Your users gain access to the host through sessions that you create and configure. Sessions are created by an administrator in the MSS Administrative Console. When you launch a session from the Administrative Console, the web client Connection panel opens in a separate browser window. You configure connection options from this panel. Options vary depending on your host type.

Providing access to the session

Your users have access to their assigned sessions through a URL you provide (for example, https://<sessionserver>:7443/zfe). From this URL users select which session to open from the list of available sessions you have configured for them.

Your users can switch between sessions, open additional sessions and close sessions with which they are no longer working.

NOTE:A new session will not be launched if the specified session already exists when the user opens the link.

Alternatively, you can use single session mode and provide URLs to particular sessions that are launched using name and session parameters, (for example a direct link on a company portal page). To enable the launch of a single session use the query parameter singleSession. You can use this parameter on its own to just launch the Reflection ZFE web client in single session mode, for example, http://<sessionserver>:7443/zfe/?exampleSessionName, or it can be used in conjunction with a named session parameter to launch a particular named session in single session mode: http://<sessionserver>:7443/zfe/?singleSession&name=HumanResources. The order of the parameters does not matter.

When your users access a single session, they cannot switch between open sessions and cannot open new sessions.

Common connection settings

These options are common to all supported host types.

Connect at startup

By default, sessions are configured to connect to the host automatically when you create or open a session. However, you can set up a session so that it doesn't automatically connect to the host. Choose No to manually connect to the host.
Reconnect when host terminates connection

When set to Yes, Reflection ZFE attempts to reconnect as soon as the host connection terminates.

Protocol

From the drop down list, select the protocol you want to use to communicate with the host. To establish a host connection, both the Reflection ZFE Web Client and the host computer must use the same network protocol. The available values are dependent on the host to which you are connecting. They are:

Table 4 Protocol Descriptions

Protocol	Description
TN3270	TN3270 is a form of the Telnet protocol, which is a set of specifications for general communication between desktop and host systems. It uses TCP/IP as the transport between desktop computers and IBM mainframes.
TN3270E	TN3270E or Telnet Extended is for users of TCP/IP who connect to their IBM mainframe through a Telnet gateway that implements RFC 1647. The TN3270E protocol allows you to specify the connection device name (also known as LU name), and provides support for the ATTN key, the SYSREQ key, and SNA response handling. If you try to use Telnet Extended to connect to a gateway that doesn’t support this protocol, standard TN3270 will be used instead.
TN5250	TN5250 is a form of the Telnet protocol, which is a set of specifications for general communication between desktop and host systems. It uses TCP/IP as the transport between desktop computers and AS/400 computers.
Secure Shell (VT)	You can configure SSH connections when you need secure, encrypted communications between a trusted VT host and your computer over an insecure network. SSH connections ensure that both the client user and the host computer are authenticated; and that all data is encrypted
Telnet (VT)	Telnet is a protocol in the TCP/IP suite of open protocols. As a character stream protocol, Telnet transmits user input from character mode applications over the network to the host one character at a time, where it is processed and echoed back over the network.
INT1 (UTS)	Provides access to Unisys 1100/1200 hosts using the TCP/IP network protocol.
TCPA (T27)	Use this protocol to connect to Unisys ClearPath NX/LX series or A Series hosts. TCPA Authentication is the process of verifying user login information. When properly configured, you can request a security credential from your application's credential server and send the credential back to the server. If the credential is valid, your application will be logged in; you do not have to enter a user ID or password. If the credential is not valid however, you will be prompted for a user ID and a password.

Enable emulation tracing

You can choose to generate host traces for a session. No is the default. Select Yes to create a new emulation host trace each time the session is launched. The trace file is stored in <install directory>/sessionserver/logs/hosttraces/<date(yyyymmdd>/<trace-file>. Host trace files are created each time a session is launched.

3270 and 5250 connection settings

In addition to the common configuration settings, 3270 and 5250 host types require these specific settings.

Terminal model

Specify the terminal model (also known as a display station) you want Reflection ZFE to emulate. There are different terminal models available depending on the host type.

If you choose Custom Model, you can set the number of columns and rows to customize the terminal model.
Terminal ID (3270 only)

When Reflection ZFE connects to a Telnet host, the Telnet protocol and the host negotiate a terminal ID to use during the initial Telnet connection. In general, this negotiation will result in the use of the correct terminal ID, and so you should leave this box empty.

TLS/SSL Security

SSL and TLS protocols allow a client and server to establish a secure, encrypted connection over a public network. When you connect using SSL/TLS, ZFE authenticates the server before opening a session, and all data passed between and the host is encrypted using the selected encryption level. The following options are available:

Table 5 TLS/SSL Descriptions

Security options	Description
None	No secure connection is required.
TLS 1.2 - 1.0	Allow connection through TLS 1.2, TLS 1.1, TLS 1.0 depending on the capabilities of the host or server to which you are connecting.
TLS 1.2	Select this value to connect using TLS. As part of the TLS protocol, the client checks the server or host name against the name on the server certificate. Therefore, TLS connections require the common name on the server certificate to match the host or proxy server name.

NOTE:See the section on Making Secure Connections for information on adding trusted certificates, key stores, using SSH, and other advanced security information.

Device name

If you selected TN3270, TN3270E, or TN5250 as the protocol, specify the device name to use when the session connects to the host. The device name is also known as the host LU or pool. You can also choose to:

Generate a unique device name. An unique device name will be automatically generated.
Use Terminal ID Manager which displays additional settings to complete.
Prompt User. When you select this option the end user will be prompted for the device ID each time a connection is attempted.

If you do not specify a device name for the session, the host dynamically assigns one to the session. A device name that is set within a macro will override this setting.

If you selected Terminal ID Manager you can use it to provide IDs to client applications at runtime. You can use the Terminal ID Manager to manage pooled IDs for different host types. An ID is connection data that is unique for an individual host session. To use Terminal ID Manager, you must have a Terminal ID Manager server configured. See Terminal ID Manager in the Management and Security Server Installation Guide.

If you decide to use Terminal ID Manager and have configured the Terminal ID Manager server, then you can select from the options below to configure the criteria for acquiring an ID. All criteria must be met in order for an ID to be returned.

NOTE:Keep in mind that by specifying a criterion, you are indicating that the ID should be allocated only when an ID that has that specific value is found. The set of criteria selected here must be an exact match of the set of criteria specified on at least one Pool of IDs in Terminal ID Manager before the ID request can succeed.

Table 6 Terminal ID Manager Criteria

Criterion	Description
Pool name	Include this attribute and enter the name of the pool to limit the ID search to a specified pool.
Client IP address	The IP address of the client machine will be included as part of the request for an ID.
Host address	The address of the host configured for this session will be included as part of the request for an ID.
Host port	The port for the host configured for this session will be included as part of the request for an ID.
Session name	When selected, requires that the ID is configured to be used by this session exclusively.
Session type	The session type (for example, IBM 3270, IBM 5250, UTS, or T27) is always included as part of any request for an ID.
User name	Use this criterion to ensure that only IDs created for exclusive use by specific users will be allocated. The current user’s name, which must be found on an ID before it can be allocated, is the name of the user that the session is allocated to at runtime. To configure a session based on user names, a default place holder user name is available: tidm-setup. For the administrator to configure sessions using tidm-setup, the Terminal ID Manager needs to have IDs provisioned for tidm-setup. You can override the default name with one of your own by modifying the Micro Focus/ReflectionZFE/sessionserver/conf/container.properties file as follows: id.manager.user.name=custom-username Where custom-username is replaced by the name you want to use.
Application name (UTS)	The name of the host application will be used as part of the request for an ID.

To determine the connection attempt behavior if Terminal ID Manager does not successfully allocate an ID to this session, use If ID is not allocated:

Fail connection attempt -If selected, the session will not attempt to connect when an ID is not allocated.
Allow connection attempt -If selected, the session will attempt to connect when an ID is not allocated. The attempt may be rejected by the host. There are some host types that permit a user to connect without an ID.

To confirm that Terminal ID Manager can provide an ID using the criterion and value selections you have made, clickTest. .

Send keep alive packets - Use this setting to provide a constant check between your session and the host so that you become aware of connection problems as they occur. Choose from the following types of keep alive packets:

This option	Does this....
None	The default. No packets are sent.
System	The TCP/IP stack keeps track of the host connection and sends keep alive packets infrequently. This option uses fewer system resources than the Send NOP Packets or Send Timing Mark Packets options.
Send NOP packets	Periodically a No Operation (NOP) command is sent to the host. The host is not required to respond to these commands, but the TCP/IP stack can detect if there is a problem delivering the packet.
Send timing mark packets	Periodically a Timing Mark Command is sent to the host to determine if the connection is still active. The host should respond to these commands. If a response is not received or there is an error sending the packet, the connection shuts down.

Keep alive timeout (seconds) - If you choose to use either the Send NOP packets or the Send timing mark packets option, select the interval between the keep alive requests set. The values range from 1 to 36000 seconds (1 hour); the default is 600 seconds.

How to test Terminal ID Manager criteria

The Terminal ID Manager provides IDs to client applications at runtime. To confirm that Terminal ID Manager can provide an ID using the criteria and value selections you selected use this test option.

Criteria for the current session are specified on the Connection panel after selecting Use Terminal ID Manager from either the Device Name (3270, 5250 host types), the Terminal ID (UTS) field, or the Station ID (T27) field. By default, the selected criteria for the current session are displayed.

Click Test to confirm that Terminal ID Manager can provide an ID matching the configured criterion and value selections. The test returns the name of an available ID that satisfies the selected attribute values.

Testing for other criteria and values

You can also use this panel to test criteria different from those associated with the current session.

Select any of the session types from the Session type list, and select the criteria you want to test. You can test alternate values that you want to use in a sample Terminal ID Manager request.
Click Test to confirm that Terminal ID Manager can provide an ID matching the criterion and value selections. The test returns the name of an available ID that satisfies the selected values.

VT connection settings

In addition to the common connection settings, VT hosts require these additional settings:

Table 7 VT session configuration options

VT Settings	Description
Terminal ID	This setting determines the response that Reflection ZFE sends to the host after a primary device attributes (DA) request. This response lets the host know what terminal functions it can perform. The Reflection ZFE response for each Terminal ID is exactly the same as the VT terminal's response; some applications may require a specific DA response. This terminal ID setting is independent of the Terminal type setting. The options are: VT220, VT420, VT100, DEC-VT100, and VT52.
Local Echo	Automatic (default). How Reflection ZFE responds to remote echo from a Telnet host: Automatic attempts to negotiate remote echo, but does what the host commands. Yes means Reflection ZFE negotiates local echo with the host, but always echoes, while No means Reflection ZFE negotiates remote echo with the host, but does not echo.
Renegotiate Echo	No (default). When set to Yes, passwords are not displayed on the local screen, but all other typed text is visible. Reflection ZFE supports the Telnet Suppress Local Echo (SLE) option when connected to a host in half-duplex mode. This means that Reflection ZFE will suppress character echo to the host computer, and with SLE support Reflection ZFE can be instructed to suppress echo locally.
Set Host Window Size	Yes (default). This setting sends the number of rows and columns to the Telnet host whenever they change. This enables the Telnet host to properly control the cursor if the window size is changed.
Request Binary	No (default). Telnet defines a 7-bit data path between the host and the terminal. This type of data path is not compatible with certain national character sets. Fortunately, many hosts allow for 8-bit data without zeroing the 8th bit, which resolves this problem. In some cases, however, it may be necessary to force the host to use an 8-bit data path by selecting this check box.
Send LF after CR	No (default). A "true" Telnet host expects to see a CrNu (carriage return/null) character sequence to indicate the end of a line sent from a terminal. There are some hosts on the Internet that are not true Telnet hosts, and they expect to see a Lf (linefeed) character following the Cr at the end of a line. If you're connecting to this type of Telnet host, select Yes.
Ctrl-break sends	Choose what sequence Ctrl-break sends to the host when pressed. Options are: Telnet break sequence (the default), Interrupt process, or Nothing.
Host Character Set	The default value for the Host character set depends on the type of terminal you are emulating. This setting reflects the current terminal state of VT Host Character Set, which can be changed by the host. The associated default setting, saved with the model is DEC Supplemental.
Auto Answerback	No (default). This setting specifies whether the answerback message (set with the Answerback property) is automatically sent to the host after a communications line connection.
Answerback String	This setting allows you to enter an answerback message if the host expects an answer in response to an ENQ character. The answerback string supports characters with codes less than or equal to 0xFFFF via Unicode escape sequences. The escape sequence begins with \u followed by exactly four hexadecimal digits. You can embed Unicode escape sequences in any string. For example, this embedded \u0045 will be interpreted as this embedded E, since 45 is the hexadecimal code for the character E. To pass Unicode escape sequences to the host, escape the sequence with a leading backslash. For example, to send the string literal \u001C to the host, map a key to \\u001C. Reflection ZFE will convert this to the string \u001C when that key is pressed and send the 6 characters of the resulting string to the host.

UTS connection settings

In addition to the common connection settings, UTS hosts require these additional settings:

Table 8 UTS INT1 session configuration options

UTS INT1 options	Description
Application	The name of the host application or host operating mode to be accessed. This is the word or phrase that the local machine sends to the host when you first establish communication with the host. If you were using a host terminal, this would be the $$OPEN name of the application.The application name is typically the same as the environment name. However, they can be different. For example, the environment name might be MAPPER, and the application might be UDSSRC. During a terminal emulation session, you would type $$OPEN MAPPER at the prompt, and INT1 would send UDSSRC to the host once the connection is established.
TSAP	The desired Transport Service Access Point (TSAP), up to 32 characters (such as TIPCSU for TIP connections, RSDCSU for Demand connections).A TSAP is required only if you are connecting to a Host LAN Controller (HLC) or to a Distributed Communications Processor (DCP) in IP router mode. If you're not sure which value to use, contact your host administrator.
Initial transaction	The character, word, or phrase that the local machine will send to the host when communication with the host is first established (up to 15 characters).This parameter is optional and is primarily used with TIP. For example, you might type ^ to run MAPPER. This parameter can also be used to transmit passwords.
Start transaction	When you configure an initial transaction, by default, the data is sent as soon as the session connection is established. You can decide when to send an initial transaction by using a particular string to trigger the initial transaction. For example, to wait for a successful login before sending initial transaction data, type in a string to be used to identify a successful login. You can use this setting in combination with Send initial transaction.
Send initial transaction	You can determine when the initial transaction is sent: Immediately - Default. When start of entry (SOE) character is received - Useful when multi-line transactions must be completed before sending the string. After specified milliseconds
Terminal ID	Choose whether to specify a terminal ID or use the Terminal ID Manager. To specify a terminal ID, type it in the Specify Terminal ID field. If you choose Use Terminal ID Manager, you are prompted to select the Terminal ID attributes you want to use to obtain an ID. See Terminal ID Manager Attributes. To test the attributes, click Test.
Specify Terminal ID	The Terminal ID, a terminal identifier (typically up to 8 alphanumeric characters) to use for the communication session associated with this path. Also known as a TID or PID, each terminal ID should be unique to the host.

T27 connection settings

Along with the common connection settings, you can configure these additional T27 connection options:

Table 9 T27 Connection Settings

T27 options	Description
Terminal type	Select the type of terminal to emulate during the session. T27 emulation supports Unisys TD830, TD830 ASCII, TD830 INTL, and TD830 NDL terminal types
Request binary	You must enable the Request binary option when you require pass through printing. The default in No. TCPA defines a 7-bit data path between the host and the terminal emulator. This type of data path is not compatible with certain national character sets. However, many hosts allow for 8-bit data without zeroing the 8th bit, which resolves this problem. However, it may be necessary to force the host to use an 8-bit data path; you can do so by selecting this option.
Line width	Select the number of characters the host will send to the client. The default is 80 characters.
TLS/SSL security	See Table 4 TLS/SSL Descriptions for a description of the various options.
Station ID	Choose whether to specify a station ID or use the Terminal ID Manager. To specify a station ID, choose Specify Station ID and type the name in the Station ID field. Each station id should be unique to the host and typically consists of up to eight alphanumeric characters. If you do not specify a station id for the session, the host dynamically assigns one to the session. If you select Use Terminal ID Manager, you will see a number of Terminal ID criteria to configure. See Terminal Manager ID Criteria for descriptions of the various options.