You can install Reflection ZFE from the Micro Focus Download site.
In this section
Related Topics
These prerequisites need to be met before you can successfully install Reflection ZFE.
Host Access Management and Security Server
Reflection ZFE requires Host Access Management and Security Server (MSS) for session management: you can use an existing MSS installation or a simple first-time install. The Windows install program will install MSS, the ZFE session server, and documentation to a single machine. Different components can reside on different machines.
You will be asked for the user name and password for the Management and Security Server used by Reflection ZFE. It is a good idea to have those credentials in hand before you start installation.
MSS uses activation files (activation.jaw) to enable product functionality. The Reflection ZFE install program contains the needed activation file. You will need to provide an activation file if you intend to use an already installed or remote MSS server that has not been activated for use with Reflection ZFE. Support for UTS, T27, and the Terminal ID Manager require separate activation files. You can read all about MSS activation files in the Host Access Management and Security Server Installation Guide.
Reflection ZFE and Java
Reflection ZFE requires a Java JDK version 8 or higher and MSS requires a Java JRE version 8 or higher. This Java requirement is met during installation, except for these platform exceptions:
For systems, such AIX or Linux on System Z that require an IBM JDK, you can use the “nojdk” installer media, which does not include a bundled JDK.
To use the nojdk media option:
Both Reflection ZFE and MSS require that the Java installation support unlimited strength encryption. More information is available on the Java web site.
If necessary, you can use the environment variables named above and INSTALL4J_JAVA_HOME_OVERRIDE to specify a specific Java installation.
If you plan on using the IIS Reverse Proxy with Reflection ZFE, read Technical Note 2859 for prerequisites and configuration instructions.
All requirements listed are the minimum required to successfully install Reflection ZFE.
The only thing needed to access Reflection ZFE terminal emulation is a supported web browser. The following web browsers are currently supported:
Google Chrome 33+
Mozilla Firefox 27+
Microsoft Internet Explorer 11+
See Browser issues for information on performance issues when using Internet Explorer.
Microsoft Edge
Apple iOS Safari 7+
MSS is platform independent and supports any web browser using JRE 7 or later that supports JavaScript and Cascading Style Sheets (CSS).
The Reflection ZFE session server supports the following 64-bit platforms:
Windows 2008 Server
Solaris 10 (SPARC)
Red Hat Enterprise Linux (RHEL) 6.x
SUSE Enterprise Linux 11.x
AIX 6.x
Follow the procedures described in the download site instructions.
You must either install as “root” or use a user account with root privileges to complete successfully. When the installation has successfully completed, the installed application can be started and managed by “root” or someone running as ‘root”.
Elevated privileges are needed to open any application ports lower than 1024. Reflection ZFE will not start using a lower port number unless you have system privileges to open low numbered ports.
You can use the chmod command to assign application privileges to users other than root.
Reflection ZFE supports TLS and SSH protocols to protect mission-critical data. To secure your passwords and other sensitive data, you should require browsers to use the HTTPS protocol.
To configure a Reflection ZFE session to use TLS, you must first establish a “trust” for the public certificate chain of the host to which you’re connecting. MSS centrally manages the trust store that Reflection ZFE uses. Be default, the Reflection ZFE session server fetches this trust store every time it attempts a connection.
For a successful installation you must have a valid certificate signed by a trusted Certificate Authority (CA) and install it on the session server. To head off any installation issues, read Making Secure Connections. In a typical Reflection ZFE installation there are three main connection points that you need to consider in regard to security, the Making Secure Connections topic deals with all three; web browser to Reflection ZFE session server, Reflection ZFE session server to MSS, and Reflection ZFE session server to the host legacy system.
Configure your firewall to allow connections on the following TCP listening ports:
Component |
Default Port Numbers |
---|---|
Reflection ZFE session server |
7070 - HTTP 7443 - HTTPS |
MSS |
80 - HTTP 443 - HTTPS |
Both the Reflection ZFE and the MSS Administrative Server ports can be changed depending on your network needs. To modify the Reflection ZFE session server ports, see How to Change Ports.
Upgrading is a simple and easy. It’s best to back up any previous work before you upgrade.
To upgrade from previous versions to the current version:
Stop Management and Security Server.
Uninstall the previous version of Reflection ZFE, but do not uninstall Management and Security Server.
Install the latest version of Reflection ZFE.
To complete a successful installation, make sure that you have taken care of these common connection issues:
✓ |
Is MSS configured for HTTPS? Connect to the system where the Administrative Server is installed and log in to the Administrative Server. In the Administrative WebStation, open the Security Setup section and note the protocol selection. |
✓ |
Verify that both MSS and Reflection ZFE are using trusted certificates. MSS imports certificates and private keys to C:\ProgramData\Micro Focus\MSS\MSSData\certificates. If you are not using trusted certificates, have you configured Reflection ZFE to run using HTTP? |
✓ |
Are your connection properties configured properly? In the unlikely event that you have to verify connection information, the container.properties file for both the management component and the Reflection ZFE session server contains the connection properties needed to make the Reflection ZFE to MSS connection as well as the browser to Reflection ZFE connection. You can find the file in the Reflection ZFE installation at <install-dir>/sessionserver/conf/container.properties. |
If you do not have a trusted certificate in place, you can configure Reflection ZFE to use HTTP. This configuration is not secure and should be used only when no other option is available.
Connecting to... |
Do this... |
---|---|
An existing remote MSS Administrative Server |
|
The MSS Administrative Server that is installed with Reflection ZFE |
|
This section documents miscellaneous known issues and work around tips for Reflection ZFE.
Due to an apparent bug in iOS 8, Reflection ZFE users cannot connect to a session server over HTTPS from their iPad when using a self-signed certificate. If feasible, the quickest solution is to use HTTP instead of HTTPS.
If HTTPS is needed, you have the following options:
Obtain a valid certificate signed by a trusted CA and install it on the session server.
Find an alternate browser that will accept the self-signed certificate. See System requirements for a list of supported browsers.
Leverage a custom certificate authority:
Create a custom CA, CA root certificate, and a server certificate signed by that CA’s root certificate.
Install the server certificate on the session server.
Install the custom CA root certificate on te iPad by means of a profile. The iPad show now accept the server certificate as it was signed by a “trusted CA”.
For a list of CAs trusted by Apple iOS, see Lists of available trusted root certificates in iOS.
(ECL1011) Error connecting to host: Connection to host failed.
This error can display in a number of situations that are not simply due to a connection failure.
You may see this error if an SSL/TLS connection failed due to the lack of a trusted certificate in the MSS trust store.
This error displays when a SSL/TLS handshake failure occurs when you use TLS to connect to or from a plain text host.
If the EURO character does not display correctly on the terminal screen, talk to your system administrator to make sure the host character set for the session is setup correctly. By default, Reflection ZFE uses a character set which does not support the Euro character (€). To display the Euro character, change the character set to one that supports the Euro character.
The Reflection ZFE install program may stall on UNIX or Linux systems, particularly headless ones. This stall is caused by an insufficient amount of entropy in the system, typically due to a lack of interaction with the operating system’s UI (or lack of UI).
To remedy the issue:
Stop the installation process.
On the installer’s command line, prepend –J to the Java System property: ./reflectionzfe-xxxx-linux-x64.sh -J-Djava.security.egd=file:///dev/urandom
Run the installation program containing the added argument.