Skip to content


Reflection database

The Reflection database ( ic32.cfg) contains connection settings information for ALC, T27, and UTS terminal sessions. The database contains information about all the Reflection packages, path templates and libraries that have been installed, as well the paths that have been created. The Reflection packages, path templates and libraries are included based on which product features (emulations and transports) are installed.

Reflection global application data folder

Settings here apply to all users of the system. The location is version-specific: \ProgramData\Micro Focus\Reflection.

Reflection global ssh data folder

Reflection stores global Secure Shell information in the Windows common application data folder. The default is \ ProgramData\Micro Focus\Reflection.

Reflection program folder

The default on English language systems is C:\Program Files (x86)\Micro Focus\Reflection on 64-bit systems and C:\Program Files\Micro Focus\Reflection on 32-bit systems.

Reflection user application data folder

The default is \Users\ username \AppData\Roaming\Micro Focus\Reflection.

Reflection user data folder

This folder location is configurable using the Data Location tab during installation. The default is C:\Users\ username\Documents\Micro Focus\Reflection.

Reflection user ssh folder

Reflection stores Secure Shell information for individual users in the following location in the Windows personal documents folder. The default is \Users\ username \Documents\ Micro Focus\Reflection\.ssh.

AppDataFolder property

The full path of the Roaming folder for the current user. The default is C:\Users\username\AppData\Roaming\.


The process of reliably determining the identity of a communicating party. Identity can be proven by something you know (such as a password), something you have (such as a private key or token), or something intrinsic about you (such as a fingerprint).

Auto Expand

Use the Auto Expand feature to add acronyms or shortcuts for long words, phrases, or complex repeat commands. The shortcut, when typed and followed by the Spacebar, automatically expands to the full word or phrase.


A cipher is an encryption algorithm. The cipher you select determines which mathematical algorithm is used to obscure the data being sent after a successful Secure Shell connection has been established.

Client authentication

Client authentication (also referred to as user authentication) requires users to prove their identity using digital certificates (the default setting for the Reflection Security Proxy).

Client authentication is typically required when an SSL session is first established. It will also be required by a TN 3270 server if the user is using the Express Logon Feature provided by some mainframe systems.

Client authorization

Used in connections secured by the Reflection Security Gateway to ensure that access to host systems is approved before the connection can proceed.

When a user logs into the Reflection Security Gateway, he or she only has access to terminal session files and other features for which he has been explicitly authorized to use.

CommonAppDataFolder property

The full path to application data for all users. The default is C:\ProgramData.

CRL (Certificate Revocation List)

A digitally signed list of certificates that have been revoked by the Certification Authority. Certificates identified in a CRL are no longer valid.

digital certificate

An integral part of a PKI (Public Key Infrastructure). Digital certificates (also called X.509 certificates) are issued by a certificate authority (CA), which ensures the validity of the information in the certificate. Each certificate contains identifying information about the certificate owner, a copy of the certificate owner's public key (used for encrypting and decrypting messages and digital signatures), and a digital signature (generated by the CA based on the certificate contents). The digital signature is used by a recipient to verify that the certificate has not been tampered with and can be trusted.

digital signature

Used to confirm the authenticity and integrity of a transmitted message. Typically, the sender holds the private key of a public/private key pair and the recipient holds the public key. To create the signature, the sender computes a hash from the message, and then encrypts this value with its private key. The recipient decrypts the signature using the sender's public key, and independently computes the hash of the received message. If the decrypted and calculated values match, the recipient trusts that the sender holds the private key, and that the message has not been altered in transit.

Express Logon Feature (ELF)

Also referred to as single sign-on (SSO), express logon is an IBM mainframe feature that lets users log on and connect to the host without entering a user ID and password each time. Express Logon authenticates the user on the mainframe by using her SSL client certificate in lieu of entering a user ID and password.


Field Control Character. A UTS terminal field attribute.


Also called a message digest, a hash or hash value is a fixed-length number generated from variable-length digital data. The hash is substantially smaller than the original data, and is generated by a formula in such a way that it is statistically unlikely that some other data will produce the same hash value.

KDC (Key Distribution Center)

The security server that maintains the database of principal information, uses the information in the database to authenticate users, and controls access to kerberized services in a realm.

keyboard map

A keyboard map is a configuration file that allows you to use your PC keyboard as a host terminal keyboard. Keyboard maps also include definitions for keyboard shortcuts.

OCSP (Online Certificate Status Protocol)

A protocol (using the HTTP transport) that can be used as an alternative to CRL checking to confirm whether a certificate is valid. An OCSP responder responds to certificate status requests with one of three digitally signed responses: "good", "revoked", and "unknown". Using OCSP removes the need for servers and/or clients to retrieve and sort through large CRLs.


A passphrase is similar to a password, except it can be a phrase with a series of words, punctuation, numbers, white space, or any string of characters. Passphrases improve security by limiting access to secure objects, such as private keys and/or a key agent.


PCI DSS (Payment Card Industry Data Security Standard) is a worldwide standard comprising technology requirements and process requirements designed to prevent fraud and is published by PCI Security Standards Council, LLC. All companies who handle credit cards are likely to be subject to this standard.

PersonalFolder property

The full path to the Documents folder for the current user. The default is C:\Users\username\Documents.

port forwarding

A way to redirect unsecured traffic through a secure SSH tunnel. Two types of port forwarding are available: local and remote. Local (also called outgoing) port forwarding sends outgoing data sent from a specified local port through the secure channel to a specified remote port. You can configure a client application to exchange data securely with a server by configuring the client to connect to the redirected port instead of directly to the computer running the associated server. Remote (also called incoming) port forwarding sends incoming data from a specified remote port through the secure channel to a specified local port.

product installation folder

The default on English language systems is C:\Program Files (x86)\Micro Focus\Reflection on 64-bit systems and C:\Program Files\Micro Focus\Reflection on 32-bit systems.

public key/private key

Public keys and private keys are pairs of cryptographic keys that are used to encrypt or decrypt data. Data encrypted with the public key can only be decrypted with the private key; and data encrypted with the private key can only be decrypted with the public key.

Screen History

Screen History creates recordings of host screens as you navigate to them. (VT screens are not recorded automatically; they can be recorded using manual capture.) You can view and/or verify the information from those screens, and send multiple host screens to Microsoft Word, PowerPoint, and Outlook (Email Message and Note only), if they are installed on your computer.


The combination of a host name (IP address or DNS name) and a port number. This creates a unique identifier that a client application uses as an end point of communications.

trusted host

A trusted host is one for which you hold the public key.

trusted locations

A trusted location is a directory that's designated as a secure source for opening files. By default, Reflection allows you to open documents only in directories specified as trusted locations using the Specify Trusted Locations dialog box.

Windows common application data folder

The application data folder is hidden by default. The default is \ ProgramData\.

Windows personal documents folder

The default on English systems is \Users\ username \Documents\.

Workspace Menu

The Workspace menu contains layout options, application and document settings, and a list of recent documents. It is accessed by clicking the File menu or Reflection button (../images/when using the Ribbon user interface).