Reflection Desktop 17.0 Release Notes

1.0 Introduction

Reflection Desktop products are full-featured desktop applications that allow you to run host applications, transfer files, and integrate host data into the latest Windows and Office software applications.

  • Reflection Desktop for IBM provides access to applications running on IBM mainframe and AS400 systems.

  • Reflection Desktop for UNIX and OpenVMS provides access to applications running on UNIX and OpenVMS systems.

  • Reflection Desktop provides access to applications running on IBM, UNIX, and OpenVMS systems.

  • Reflection Desktop for X provides access to applications running on UNIX and OpenVMS systems. It also includes Reflection X Advantage, an X server that allows you to view your UNIX desktop and work with X client applications from a remote workstation.

  • Reflection Desktop Pro includes Reflection Desktop along with Reflection X Advantage, and provides access to applications running on IBM, UNIX, and OpenVMS systems, as well as X clients.

  • The Reflection Desktop for NonStop Add-On is a separately licensed product for connecting to HP NonStop hosts (Tandem 6530).

The Reflection Desktop 17.0 Release includes a number of new security improvements, new features, and resolved issues.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs.

2.0 What’s New

Reflection Desktop v17.0 includes several major new features, enhancements, and installation requirements:

Security Enhancements

  • Added support to Reflection X Advantage for configuring Federal Information Processing Standard (FIPS) 140-2. You can now choose to run FIPS on or off while using Standalone mode with Remote Session Services.

  • Added support for TLS version 1.3 for IBM, VT, and FTP sessions.

  • Added support for Elliptic Curve Cryptography (ECC) algorithms in SSH. Support for ECDSA and EdDSA (curve 25519) algorithms can be used for key-exchange, host authentication, and user authentication.

  • Developed a new option for users to select the appropriate certificate during TLS connections. When 'Prompt for certificate' is selected during the connection, the Select Certificate dialog presents the user with options to select from based on information from the Server’s Certificate Request message.

  • Redesigned dialog boxes for configuring secure connections. The Reflection Secure Shell Settings and SSL/TLS Security Properties Dialog boxes were updated in this release as part of a greater redesign of Micro Focus products.

  • Added support for algorithms rsa-sha2-256 and rsa-sha2-512 for Secure Shell user and host authentication.

  • Added a new setting to the ssh config file: PubkeyAlgorithms allows an administrator to configure what public key algorithms key(s) will be used and in what order. For additional information on the keyword, see the help topic Configuration File Keyword Reference - Secure Shell Settings.

  • Modified an existing SSH keyword setting x509rsasigtype. A new value was added and the default value changed for this keyword. For additional information on the keyword, see the help topic Configuration File Keyword Reference - Secure Shell Settings.

  • Improved the “look and feel” (font, colors, and icons) of the redesigned Secure Shell Settings and Security Properties Dialog boxes.

  • Removed Kerberos settings from the Secure Shell Settings and Security Properties dialog boxes in this release.

  • Added the setting Custom Ciphers to the Encryption Strength section of the Security Properties dialog box that allows users to select specific ciphers.

  • Updated the TLS Encryption Strength terms to Recommended Ciphers and Custom Ciphers. The Recommended Ciphers option allows Micro Focus to determine a recommended encryption strength that will be updated in line with industry encryption standards. Session files from previous versions of Reflection that use default, 168, 128 or 256 bit Encryption Strength will be imported as Custom Ciphers and maintain the list that was used in prior versions for those settings options.

  • Added the following warning message to the Security Properties Dialog Box when a user selects TLS 1.0:

    "The SSL/TLS version selected is no longer a secure protocol. Any sensitive data transmitted over this connection could be compromised.

IT Administration Features

This release supports the latest Windows 10 “Windows as a Service” update and includes a number of new features that allow IT administrators to:

  • Change and deploy specific session settings without changing other settings on users’ desktops. This allows you to change a session setting after you deploy Reflection without the risk of overwriting other settings that users have configured.

  • Broadcast commands to more than one VT session. If you manage multiple Unix or Linux systems, you may often need to send the same command to more than one host and reentering the command on each host can be tedious. You can save time by using the CommandCast feature to broadcast the commands you enter in one host to any number of other hosts that you have selected to receive the commands.

  • Access, set, and lockdown individual security settings via Group Policy or Permissions Manager.

  • Use Security Assertion Markup Language (SAML) authentication for the Micro Focus Host Access Management and Security Server.

  • Save 6530 sessions as compound session document files that include embedded custom keyboard maps and ribbons.

    NOTE:New 6530 sessions are saved in the .rd6x file format. You can open older (.rd6) 6530 session files. When you save these files, they are automatically converted to the new .rd6x file format. (To open 6530 session files, you must install the Reflection Desktop for NonStop Add-On.)

User Experience Improvements:

Several improvements allow you to:

  • Use the Macro Panel to run VBA macros saved in your session document file or to run other macros, such as referenced macros, EML macros, or macros created with other products, that you have previously run on that session.

  • Easily set up a recorded macro to run when a session connects.

  • Open legacy EXTRA! .FTB (file transfer batch) files that contain multiple host connections.

  • Use Extra! file transfer scheme files referenced in legacy .ebm macros.

  • Convert toolbar definitions in legacy .RSF files into new ribbon tabs or chunks.

  • Disable tooltips within a session window.

The Reflection Desktop interface was enhanced with a modern look and feel.

Programming Improvements:

Reflection Desktop now supports the A Programming Language (APL) character set.

Added support for multi-threaded Extra! HLLAPI applications.

Reflection X Advantage improvements:

  • Reflection X Advantage now supports the GNOME 3 Desktop in both in Standalone and Domain modes. Domain and Remote Session Services compression algorithms have also been improved to handle GNOME 3’s increased bandwidth requirements. It is recommended to use compression when running GNOME 3 Desktops and high bandwidth X clients.

    NOTE:Compression algorithms can also improve performance for other types of X clients when you’re working from home, using a slow network, or using an X client application that transmits large amounts of data.

  • Reflection X Advantage has improved performance for SSH connections.

  • Added the "Disconnect SSH session automatically when token is removed" setting. When this setting is selected, the removal of a smart card disconnects the session.

Installation requirements

Reflection Desktop 17.0 requires a 64-bit operating system.

3.0 Resolved Issues

3.1 Security Related Issues

The following security issues were resolved in this release.

  • Improved how the "Disconnect automatically when token is removed" setting functions in Reflection Desktop so the removal of a smart card disconnects the session.

  • Added new pki_config keyword ‘ValidateTrustAnchors’. The default value is 1, and when set to 0, the trust certificate signature validation is skipped for Trusted Root Certificate. For example: ‘ValidateTrustAnchors = 0’

  • Resolved a connection failure error that occurred when trying to reconnect a centrally managed Reflection Desktop SSH session to an OpenVMS host.

  • Added a button to the Reflection FTP Client to toggle between Guardian API and OSS APIs.

  • Fixed the sftp comand line -q option to display the correct output data when certain commands are executed while the switch is invoked. This fix restores the original behavior for the -q option.

4.0 Known Issues

You may encounter the following issues:

FIPS 140-2 validated crypto module status.

The crypto module in Reflection Desktop is not FIPS 140-2 validated, but an upcoming release will provide a FIPS 140-2 validated module. Enabling FIPS in your secure connection configurations will cause the connection to fail.

NOTE:The crypto module in Reflection X Advantage is FIPS validated.

Reflection X Advantage 17.0 domain components are not backwards compatible with earlier versions

The Reflection X Advantage (RXA) 17.0 X Manager for Domains, X Administrative Console, and domain nodes cannot connect to a Reflection X Advantage version 16.2 (or lower version) domain controller. This is due to a change in how domain components securely authenticate each other and encrypt communications. For upgrade instructions, see “Upgrading Reflection X Advantage domains” in the RXA Help.

5.0 Installing Reflection Desktop

Maintained customers are now eligible to download the latest product releases at https://download.attachmate.com/Upgrades/. You will be prompted to login and accept the Software License Agreement before you can download a file.

5.1 System Requirements

Reflection Desktop

For information about supported platforms and hardware requirements for Reflection Desktop, see System Requirements in the Refection Deployment Guide.

NOTE:Reflection Desktop 17.0 requires a 64-bit operating system.

For more information about installing Reflection Desktop, see the Reflection Help and the Reflection Deployment Guide.

Reflection X Advantage

For information about supported platforms and hardware requirements for Reflection X Advantage, see System Requirements in the Refection X Advantage Help. For more information about installing Reflection X Advantage, see the Reflection X Advantage Help and the Reflection X Planning and Installation Guide.

NOTE:

Reflection X Advantage 17.0 requires a 64-bit operating system that supports Java 11.

Reflection X Advantage requires Java 11. By default, Reflection X Advantage installs and uses a private Java Runtime Environment (JRE) that is correctly configured to fully support all Reflection X Advantage features. It is also possible to configure Reflection X Advantage running on Windows to use a different JRE.

6.0 Previous Releases

For information about the Reflection Desktop 16.2 release, see the Reflection Desktop 16.2 Release Notes and the Reflection Desktop 16.2 Update 4 Release Notes.

7.0 Contacting Micro Focus

For specific product issues, contact Micro Focus Support at https://www.microfocus.com/support-and-services/.

Additional technical information or advice is available from several sources: