Installing Reflection ZFE

Before you install

Keep these things in mind when installing Reflection ZFE.

  • Host Access Management and Security Server

    Host Access Management and Security Server (MSS) is used for session management: MSS is installed with Reflection ZFE in a typical installation, however, you can use an existing MSS installation if that works better for you. The install program will install MSS, the ZFE session server, and documentation to a single machine. Different components can reside on different machines.

    You will be asked for the user name and password for the MSS machine used by Reflection ZFE. It is a good idea to have those credentials in hand before you start installation.

    MSS uses activation files (activation.jaw) to enable product functionality. The Reflection ZFE install program contains the needed activation file to enable communication between Reflection ZFE and MSS and is typically activated as part of the install process. You can, if necessary, activate the product in Administrative Console >Configure Settings >Product Activation. Also, you will need to provide an activation file if you intend to use an already installed or remote MSS server that has not been activated for use with Reflection ZFE. It is important that you install compatible versions of both products. You can read all about MSS activation files and learn the activation process in the Host Access Management and Security Server Installation Guide.

  • Reflection ZFE and Activation Files

    To work in a production environment, activation is required. Activation files are downloaded from the Micro Focus download site along with the install package and are specific for the different editions of Reflection ZFE.

    Remember that after you install, if activation was not part of the installation, you need to open the Administrative Console (Configure Settings > Product Activation) and complete the product activation process. See Upgrading from Previous Versions for information on handling activation files when you upgrade.

  • Reflection ZFE and Java

    The Reflection ZFE session server requires a Java JDK version 8 or higher and MSS requires a Java JRE version 8 or higher. This Java requirement is met during installation, except for these platform exceptions:

    • For systems, Linux on System Z that require an IBM JDK, you can use the “nojdk” installer media, which does not include a bundled JDK.

      To use the nojdk media option:

      • The installation must be able to locate a Java executable to start. If a Java executable cannot be found by the installer, then you can set the INSTALL4J_JAVA_HOME environment variable to refer to a Java installation’s bin directory.
      • When started, the installation program will automatically search for version-compatible JDKs on the system. If more than one JDK is found, a list is displayed from which you can choose. If only a JRE is found on the system, you can continue with the installation, but the Reflection ZFE server will not run correctly until you have updated the wrapper.java.command property located in sessionserver/container.conf to refer to a JDK installation.
    • Both Reflection ZFE and MSS require that the Java installation support unlimited strength encryption. More information is available on the Java web site.

    • If necessary, you can use the environment variables named above and INSTALL4J_JAVA_HOME_OVERRIDE to specify a specific Java installation.

  • If you plan on using the IIS Reverse Proxy with Reflection ZFE, read Accessing Reflection ZFE using the IIS Reverse Proxy for prerequisites and configuration instructions.

System Requirements

NOTE:All requirements listed are the minimum required to successfully install Reflection ZFE.

Supported web browsers

The only thing needed to access Reflection ZFE terminal emulation is a supported web browser. The following web browsers are currently supported:

  • Google Chrome 33+

  • Mozilla Firefox 27+

  • Microsoft Internet Explorer 11

    See Browser issues for information on performance issues when using Internet Explorer.

  • Microsoft Edge

  • Apple iOS Safari 7+

MSS is platform independent and supports any web browser that supports JavaScript and Cascading Style Sheets (CSS).

Session server operating systems

The Reflection ZFE session server supports the following 64-bit platforms:

  • Windows 2008 Server

  • Red Hat Enterprise Linux (RHEL) 6.x

  • SUSE Enterprise Linux 11.x

z/Linux (SUSE E11.x and RHEL 6.x) installation

Follow the procedures described in the download site instructions.

Installing on UNIX platforms

  • You must either install as “root” or use a user account with root privileges to complete successfully. When the installation has successfully completed, the installed application can be started and managed by “root” or someone running as ‘root”.

  • If you are running on Linux platforms, follow these steps to set the session server to start automatically when your system first boots up.

  • Elevated privileges are needed to open any application ports lower than 1024. Reflection ZFE will not start using a lower port number unless you have system privileges to open low numbered ports.

  • You can use the chmod command to assign application privileges to users other than root.

  • If you are installing on a headless Linux system and there are no fonts installed on the system, you may encounter this font-related error: java.lang.Error: Probable fatal error: No fonts found. Ensure that fontconfig or at least one font is installed on the system in order to proceed with the installation.

Preparing to install

Reflection ZFE supports TLS and SSH protocols to protect mission-critical data. To secure your passwords and other sensitive data, you should require browsers to use the HTTPS protocol.

To configure a Reflection ZFE session to use TLS, you must first establish a “trust” for the public certificate chain of the host to which you’re connecting. MSS centrally manages the trust store that Reflection ZFE uses. By default, the Reflection ZFE session server fetches this trust store every time it attempts a connection.

For a successful installation you must have a valid certificate signed by a trusted Certificate Authority (CA) and install it on the session server. To head off any installation issues, read Making Secure Connections. In a typical Reflection ZFE installation there are three main connection points that you need to consider in regard to security, the Making Secure Connections topic deals with all three; web browser to Reflection ZFE session server, Reflection ZFE session server to MSS, and Reflection ZFE session server to the host legacy system.

Simple install

  1. From the Micro Focus download site, download your product install package. The package includes support for all supported platforms.

  2. Download the activation file for the associated Reflection ZFE Edition.

  3. Following the install program prompts, install Reflection ZFE and if needed, Management and Security Server (MSS).

  4. Open the MSS Administrative Console and add the downloaded activation file.

Ports used by Reflection ZFE

Configure your firewall to allow connections on the following TCP listening ports:

Component

Default Port Numbers

Reflection ZFE session server

7070 - HTTP

7443 - HTTPS

MSS

80 - HTTP

443 - HTTPS

Both the Reflection ZFE and the MSS Administrative Server ports can be changed depending on your network needs. To modify the Reflection ZFE session server ports, see How to Change Ports.

Upgrading from Previous Versions

It’s best to back up any previous work before you upgrade.

  1. From the Micro Focus download site, download the install package and activation files for the version you are upgrading to.

  2. Remove any activation files from MSS associated with prior versions of Reflection ZFE. Leaving obsolete activation files in place may result in limited access to sessions.

  3. Install Reflection ZFE.

  4. If not handled during the installation process, install the new activation file or files into MSS using Administrative Console > Configure Settings > Product Activation.

Troubleshooting the Installation

To complete a successful installation, make sure that you have taken care of these common issues:

Are the activation files installed and activated in the Administrative Console?

MSS uses activation files to enable product functionality. With your installation you received an activation file associated with the type of host you are connecting to. For example, if you are licensed for the Unisys Edtion, if not handled as part of the install process, you will need to open the Administrative Console, go to Configure Settings > Product Activation and verify that both the Reflection ZFE Unisys activation file is in place.

Is MSS configured for HTTPS?

Connect to the system where the Administrative Server is installed and log in to the Administrative Server. In the Administrative Console, open the Security Setup section and note the protocol selection.

Verify that both MSS and Reflection ZFE are using trusted certificates.

MSS imports certificates and private keys to C:\ProgramData\Micro Focus\MSS\MSSData\certificates.

If you are not using trusted certificates, have you configured Reflection ZFE to run using HTTP?

Are your connection properties configured properly?

In the unlikely event that you have to verify connection information, the container.properties file for both the management component and the Reflection ZFE session server contains the connection properties needed to make the Reflection ZFE to MSS connection as well as the browser to Reflection ZFE connection.

You can find the file in the Reflection ZFE installation at <install-dir>/sessionserver/conf/container.properties.

Connecting using HTTP

If you do not have a trusted certificate in place, you can configure Reflection ZFE to use HTTP. This configuration is not secure and should be used only when no other option is available.

Connecting to...

Do this...

An existing remote MSS Administrative Server

  1. During the Reflection ZFE installation, after you accept the license agreement and choose a destination directory, select Use remotely hosted MSS. Click Next.

  2. Enter either the host name, DNS name, or IP address.

  3. Change the port from 443 to 80.

  4. Select HTTP and complete the installation process.

The MSS Administrative Server that is installed with Reflection ZFE

  1. Select Install MSS and follow the installation instructions.

  2. Clear the Perform this action option and click Finish.

    If this option is not disabled, you can open <install-directory>\Micro Focus\ReflectionZFE\sessionserver\conf\container.properties in a text editor and change 443 to 80 in the following line: management.server.url=http://yourmachine:80/mss

    If this option is not cleared, an internal error is generated and you will be asked to contact your system administrator.

  3. Restart the Reflection ZFE Session Server service.

Other known issues

This section documents miscellaneous known issues and work around tips for Reflection ZFE.

SSL/TLS error message issues

  • (ECL1011) Error connecting to host: Connection to host failed.

    This error can display in a number of situations that are not simply due to a connection failure.

    • You may see this error if an SSL/TLS connection failed due to the lack of a trusted certificate in the MSS trust store.

    • This error displays when a SSL/TLS handshake failure occurs when you use TLS to connect to or from a plain text host.

Install does not complete on UNIX or Linux platforms

The Reflection ZFE install program may stall on UNIX or Linux systems, particularly headless ones. This stall is caused by an insufficient amount of entropy in the system, typically due to a lack of interaction with the operating system’s UI (or lack of UI).

To remedy the issue:

  1. Stop the installation process.

  2. On the installer’s command line, prepend –J to the Java System property: ./reflectionzfe-xxxx-linux-x64.sh -J-Djava.security.egd=file:///dev/urandom

  3. Run the installation program containing the added argument.

Related Topics