docmain.css" /> Installing Reflection ZFE - Reflection ZFE 2.3.3

2.4 Installing Reflection ZFE

2.4.1 Before you install

Keep these things in mind when installing Reflection ZFE.

  • Downloading Reflection ZFE

    The Micro Focus download site contains the compressed files necessary to install all supported platforms, including the Windows connector. Different activation files will enable different editions/platforms of Reflection ZFE.

  • Basic installation

    The following instructions provide you with the basic default installation. This means that all components are installed locally and are using default ports. With this installation in place you can follow the walk through and familiarize yourself with ZFE and MSS.

  • IIS Reverse Proxy with ZFE

    If you plan on using the IIS Reverse Proxy with Reflection ZFE, read Accessing Reflection ZFE using the IIS Reverse Proxy for prerequisites and configuration instructions.

2.4.2 System Requirements

NOTE:All requirements listed are the minimum required to successfully install Reflection ZFE.

Supported web browsers

The only thing needed to access Reflection ZFE terminal emulation is a supported web browser. The following web browsers are currently supported:

  • Google Chrome 33+

  • Mozilla Firefox 27+

  • Microsoft Internet Explorer 11

    See Browser issues for information on performance issues when using Internet Explorer.

  • Microsoft Edge

  • Apple iOS Safari 7+

MSS is platform independent and supports any web browser that supports JavaScript and Cascading Style Sheets (CSS).

Session server operating systems

The Reflection ZFE session server supports the following 64-bit platforms:

  • Windows 2008 Server

  • Red Hat Enterprise Linux (RHEL) 6.x

  • SUSE Enterprise Linux 11.x

ZFE and Java

The Reflection ZFE session server requires a Java JDK version 8 or higher and MSS requires a Java JRE version 8 or higher. This Java requirement is met during installation, except for systems, such as Linux on System Z that require an IBM JDK. See Installing on z/Linux (SUSE E11.x and RHEL 6.x) for information on using the nojdk option.

Both Reflection ZFE and MSS require that the Java installation support unlimited strength encryption. More information is available on the Java web site.

If necessary, you can use the environment variables specified in the nojdk option and INSTALL4J_JAVA_HOME_OVERRIDE to specify a specific Java installation.

Installing on z/Linux (SUSE E11.x and RHEL 6.x)

For systems, such as Linux on System Z, that require an IBM JDK, you can use the “nojdk” installer media, which does not include a bundled JDK.

  • The installation must be able to locate a Java executable to start. If a Java executable cannot be found by the installer, then you can set the INSTALL4J_JAVA_HOME environment variable to refer to a Java installation’s bin directory.

  • When started, the installation program will automatically search for version-compatible JDKs on the system. If more than one JDK is found, a list is displayed from which you can choose. If only a JRE is found on the system, you can continue with the installation, but the Reflection ZFE server will not run correctly until you have updated the wrapper.java.command property located in sessionserver/container.conf to refer to a JDK installation.

If necessary, you can use the environment variables named above and INSTALL4J_JAVA_HOME_OVERRIDE to specify a specific Java installation.

Installing on UNIX platforms

  • You must either install as “root” or use a user account with root privileges to complete successfully. When the installation has successfully completed, the installed application can be started and managed by “root” or someone running as ‘root”.

  • If you are running on Linux platforms, follow these steps to set the session server to start automatically when your system first boots up.

  • Elevated privileges are needed to open any application ports lower than 1024. Reflection ZFE will not start using a lower port number unless you have system privileges to open low numbered ports.

  • You can use the chmod command to assign application privileges to users other than root.

  • If you are installing on a headless Linux system and there are no fonts installed on the system, you may encounter this font-related error: java.lang.Error: Probable fatal error: No fonts found. Ensure that fontconfig or at least one font is installed on the system in order to proceed with the installation.

2.4.3 Preparing to install

Reflection ZFE supports TLS and SSH protocols to protect mission-critical data. To secure your passwords and other sensitive data, you should require browsers to use the HTTPS protocol.

To configure a Reflection ZFE session to use TLS, you must first establish a “trust” for the public certificate chain of the host to which you’re connecting. MSS centrally manages the trust store that Reflection ZFE uses. By default, the Reflection ZFE session server fetches this trust store every time it attempts a connection.

For a successful installation you must have a valid certificate signed by a trusted Certificate Authority (CA) and install it on the session server. To head off any installation issues, read Making Secure Connections. In a typical Reflection ZFE installation there are three main connection points that you need to consider in regard to security, the Making Secure Connections topic deals with all three; web browser to Reflection ZFE session server, Reflection ZFE session server to MSS, and Reflection ZFE session server to the host legacy system.

Simple install

  1. From the Micro Focus download site, download your product install package. The package includes support for all supported platforms.

  2. Download the activation file for the associated Reflection ZFE Edition.

  3. Following the install program prompts, install Reflection ZFE and if needed, Management and Security Server (MSS).

  4. Open the MSS Administrative Console and add the downloaded activation file.

Ports used by Reflection ZFE

Configure your firewall to allow connections on the following TCP listening ports:

Component

Default Port Numbers

Reflection ZFE session server

  • 7070 - HTTP

    Use this port to make insecure browser connections to the ZFE web application

  • 7443 - HTTPS

    Use this port to make secure browser connection to the ZFE web application

  • 7444 - HTTPS

    Port used by MSS to communicate with the session server for management purposes

MSS

  • 80 - HTTP

  • 443 - HTTPS

Both the Reflection ZFE and the MSS Administrative Server ports can be changed depending on your network needs. To modify the Reflection ZFE session server ports, see How to Change Ports.

2.4.4 Upgrading from previous versions

WARNING:If you are upgrading, it is important that you remove any activation files from MSS associated with prior versions of Reflection ZFE. Leaving obsolete activation files in place may result in limited access to sessions.

It’s best to back up any previous work before you upgrade.

  1. From the Micro Focus download site, download the install package and activation files for the version you are upgrading to.

  2. Remove any activation files from MSS associated with prior versions of Reflection ZFE. Leaving obsolete activation files in place may result in limited access to sessions.

  3. Install Reflection ZFE.

  4. If not handled during the installation process, install the new activation file or files into MSS using Administrative Console > Configure Settings > Product Activation.

Additional configuration

To continue using server side events or other customizations created in previous versions of ZFE, there are some minor manual steps to undertake after upgrading:

  • Server-side Events - Copy your server-side event JAR files located in /webapps/zfe/WEB-INF/lib to /microservices/zfe/extensions/server.

  • Client customizations - Copy the contents of webapps/zfe/custom to /microservices/zfe/extensions/client. Re-enable customizations.

2.4.5 Troubleshooting the Installation

To complete a successful installation, make sure that you have taken care of these common issues:

Are the activation files installed and activated in the Administrative Console?

MSS uses activation files to enable product functionality. With your installation you received an activation file associated with the type of host you are connecting to. For example, if you are licensed for the Unisys Edition, if not handled as part of the install process, you will need to open the Administrative Console, go to Configure Settings > Product Activation and verify that both the Reflection ZFE Unisys activation file is in place.

Is MSS configured for HTTPS?

Connect to the system where the Administrative Server is installed and log in to the Administrative Server. In the Administrative Console, open the Security Setup section and note the protocol selection.

Verify that both MSS and Reflection ZFE are using trusted certificates.

MSS imports certificates and private keys to C:\ProgramData\Micro Focus\MSS\MSSData\certificates.

If you are not using trusted certificates, have you configured Reflection ZFE to run using HTTP?

Are your connection properties configured properly?

In the unlikely event that you have to verify connection information, the container.properties file for both the management component and the Reflection ZFE session server contains the connection properties needed to make the Reflection ZFE to MSS connection as well as the browser to Reflection ZFE connection.

You can find the file in the Reflection ZFE installation at <install-dir>/sessionserver/conf/container.properties.

Install does not complete on UNIX or Linux platforms

The Reflection ZFE install program may stall on UNIX or Linux systems, particularly headless ones. This stall is caused by an insufficient amount of entropy in the system, typically due to a lack of interaction with the operating system’s UI (or lack of UI).

To remedy the issue:

  1. Stop the installation process.

  2. On the installer’s command line, prepend –J to the Java System property: ./reflectionzfe-xxxx-linux-x64.sh -J-Djava.security.egd=file:///dev/urandom

  3. Run the installation program containing the added argument.