3.2.1 Step 6. Create a Windows-based 3270 session that uses TLS 1.2.

The administrator’s company requires secure access to the mainframe. To meet this requirement, create a session to an IBM 3270 host, using both MSS and Reflection Desktop.

  1. Log off Windows as the domain user, and log on as the administrator.

  2. Open MSS, and log on as the MSS administrator.

  3. The MSS ADMINISTRATIVE CONSOLE opens to the Manage Sessions panel.

  4. Click +ADD.

  5. Select Reflection/InfoConnect Workspace as the Product, and Workspace as the Session type.

  6. Enter a Session name, such as 3270-TLS.

  7. Add a comment for internal reference, if desired.

  8. Accept the default settings and click LAUNCH.

    When the MSS Client Launcher is installed, you are prompted to use Zulu Platform x64 Architecture—instead of the Java plug-in—to launch your session.

    Reflection Workspace launches in a separate window.

    NOTE:If the MSS Client Launcher is not installed, click DOWNLOAD to open the MSS Client Launcher Setup Wizard. When the wizard is finished, return to Manage Sessionsto add and LAUNCH your session. (Repeat steps 4–8 above.)

  9. InReflection Workspace, create a new document using the 3270 terminal template. Click Create.

  10. In the Create New 3270 Terminal Document dialog, enter the Host name of a TLS-enabled host name and the appropriate port.

    If you cannot connect with TLS, enter the name of another mainframe host. You will not be able to evaluate the exact behavior on your system, but you can follow along.

  11. Check Configure additional settings (at the bottom), and click OK.

  12. In the Settings for 3270 dialog under Host Connection, click Configure Advanced Connection Settings. Scroll to and click Security Settings. (If prompted, disconnect the session.)

  13. On the SSL/TLS tab:

    1. Check Use SSL/TLS security, and keep the Default Encryption strength.

    2. In the SSL/TLS version drop-down menu, select TLS Version 1.2.

    3. Click OK in this window and the next one. The session is now configured.

    As mentioned earlier, if you cannot connect with TLS, you will not be able to evaluate the exact behavior on your system, but you can follow along.

  14. In Reflection Workspace, click File > Save. Click OK to send the settings to the MSS Administrative Server.

    For this evaluation, you do not need to send it as a compound session.

    (When the session is sent as a compound file, all of the custom keyboard maps and other settings that apply to that session are saved in the session file. Compound files simplify the deployment process because you do not need to deploy these settings in separate files.)

  15. Close Reflection Workspace. You are returned to the MSS ADMINISTRATIVE CONSOLE.

Review your progress

Now that the security settings are configured and the session to the mainframe is created, you can “push” the settings to the domain user.