Reflection for Secure IT Gateway

Reflection for Secure IT Gateway provides a secure, flexible way to manage files. Reflection for Secure IT Gateway offers two key features: Jobs and Transfer Sites. Both use secure authentication and encryption for all connections and provide administrators with flexible options for creating custom configurations appropriate to different users and business practices.

General Features

  • Web-based administration: The Gateway Administrator console is a web-based tool that enables administrators to modify Reflection Gateway system settings, provision users, and configure Jobs and Transfers.

  • Delegated administration: The console supports delegation of management tasks. Administrators can assign roles to users or groups to allow limited access to the Gateway Administrator console features.

  • Database options: Gateway Administrator installs with a default database, which stores Gateway data on the same system that runs the Gateway Administrator service. To support high availability in a production environment, you can configure Gateway Administrator to use a MySQL database running on a different system.

  • End-to-end encryption: Reflection Gateway uses secure authentication and encryption throughout.

  • File transfer auditing: The Reflection Gateway Proxy can be configured to maintain a complete record of all Transfer Site activity. Auditing of Job transfers can also be configured using a Reflection for Secure IT Server.

  • Server options: You can configure Reflection Gateway to transfer files and/or execute commands on any SFTP-enabled SSH server. Authentication to your added SFTP servers can be configured using either password or public key authentication.


Jobs are ideal for managing automated business-to-business processes. Use Jobs to monitor the content of a directory and initiate actions automatically when new files are added to the scanned directory, or existing files are updated. Because Job actions can trigger any command action supported on your servers, you can tie this feature to existing business practices and requirements. Jobs enable you to:

  • Monitor directories on any added SFTP file server. You can specify which directory to scan and whether or not to include subdirectories.

  • Create a customized, ordered sequence of Job actions to handle new and updated files. Actions can include:

    • Moving or copying files to any added server.

    • Executing any command supported on the server. Commands can be executed on the server where files first arrive, or on subsequent servers to which files are moved.

    If any action in your sequence fails, no further actions take place.

    This ensures that the processes you configure to secure your site are successfully completed on all files.

  • Configure email notification to alert system administrators when Job actions fail or succeed.

  • Define the window of time that the directory will be monitored. For example, Monday through Friday from 8 AM to 5 PM.

  • Set the scan interval to determine how frequently scans occur, for example every 30 minutes.

  • Specify which files in the directory should be acted on, for example all PDF files, or all files of a given size.

  • Specify the minimum number of files that must arrive before Job actions begin.

  • Manage access to servers using File Server Groups so that delegated Job administrators can configure Jobs on only those servers they have been granted access to.

Transfer Site Features

Reflection Gateway Transfer Sites are designed to support flexible, secure user-to-business file transfers. You can configure secure file exchange with business partners and/or employees working outside your corporate network. User authentication is required for all transfers and end-to-end encryption protects all transferred data. Features include:

  • Choice of transfer client: Users can transfer files using the integrated web-based Transfer Client or any other SFTP-enabled SSH client available to them.

  • Choice of authentication method: Configure user authentication using either password or X.509 certificate authentication.

  • Customizable Transfer Site access: Transfer site managers can provide access rights to users or groups and control how long sites remain active. Permissions settings are available to specify who can upload and/or download files and who receives email notifications.

  • Self-registration by email: New external users can be notified via email with links provided for password creation. Customizable email templates are available for account creation, password reset, Transfer Site access notifications, and file upload and download notifications.

  • LDAP integration: Windows Active Directory users can be added to Gateway Administrator. Authentication is managed by the LDAP server.

  • Manage files after a transfer: You can use either Post Transfer Actions or Jobs to trigger automated processes after files are uploaded to your server.

Security Features

  • Reflection for Secure IT Gateway uses the FIPS 140-2 “In Process” BCJFA 1.0.1 package from The Legion of the Bouncy Castle to establish secure sessions using the SSL/TLS protocol.

  • The Reflection Secure Shell Proxy uses the OpenSSL FIPS Object Module v2.0.2 for FIPS 140-2 Level 1 validation (certificate #1747) and the OpenSSL Cryptography and SSL/TLS Toolkit version 1.0.2h.