Reflection for Secure IT Server for Windows

Specs

Reflection for Secure IT Server for Windows 8.2

Secure shell access:
  • Secure remote terminal connections
    • Configurable terminal provider (i.e., cmd.exe)
    • Configurable terminal default directory
    • Use of mapped drives to access network directories during terminal sessions
  • Secure remote command execution
Secure file transfer:
  • SCP and SFTP version 4 protocol support
  • SCP and SFTP special features
    • Smart Copy (to eliminate redundant copying of identical source and target files)
    • File transfer resume after interrupted downloads
  • SCP1 protocol support (for compatibility with OpenSSH clients)
  • Virtual directory and chroot environment support
Access control:
  • Assignable rights (allow or deny)
    • Terminal shell access
    • Exec requests
    • Local port forwarding
    • Remote port forwarding
    • SCP1 access
    • SFTP/SCP2 access
    • SFTP activities (Browse, Download, Upload, Delete, and Rename)
  • Assignable to (subconfigurations)
    • Global
    • Groups
    • Users
    • Per client system (by IP address or domain name)
  • Deny connections to users without Windows interactive access rights
  • Control over the number of connections allowed per user
  • Use of alternative credentials for accessing SFTP directories (for file transfers) and mapped drives (for terminal sessions)
Tunneling:
  • TCP port forwarding (local and remote)
  • FTP protocol (active and passive mode)
  • RDP protocol
Standards support:
  • Compliance with IETF Secsh Internet drafts and RFCs 4250–4254, 4256, 4462, 4344, 4345, and 4716
  • UTF-8 character support
Cryptographic library validation:
  • FIPS 140-2 validated (Certificate #1747)
Algorithms:
  • Ciphers
    • AES (128-, 192-, and 256-bit CTR)
    • AES (128-, 192-, and 256 bit-CBC)
    • 3DES (3 56-bit key EDE)
    • Blowfish (128-bit)
    • CAST (128-bit)
    • Arcfour (128- and 256-bit)
  • Key exchange
    • Diffie-Hellman
    • GSS-API key exchange
  • MACs
    • HMAC-MD5 (optional MD5 rejection available)
    • HMAC-MD5-96
    • HMAC-SHA1
    • HMAC-SHA1-96
    • HMAC-SHA256
    • HMAC-SHA512
    • RIPEMD160
    • Meets DoD requirements for SHA-2
Authentication:
  • Reflection PKI Services Manager
    • Centralized configuration and management of PKI functions across multiple Reflection for Secure IT Windows servers, UNIX servers, and UNIX clients
    • Standalone service module supported on most platforms supported by Reflection for Secure IT Windows and UNIX servers
    • DoD PKI certified
    • FIPS 140-2 validated (Certificate #2468)
    • RFCs 2253, 2560, and 3280
    • X.509 certificates for server and client authentication (X.509 versions 1-3)
    • Version 2 X.509 CRL
    • OCSP revocation checks
    • HSPD-12 support
    • Support for LDAP and HTTP certificate and CRL repositories
    • Support for Microsoft Windows Certificate Store
    • Certificate extensions supported
      • CDP
      • IDP
      • AIA
      • Policy constraints
      • Basic constraints
      • Name constraints
      • Extended key usage
    • Customizable configuration on per trust anchor basis
    • Fully customizable mapping of SSH user account names to certificates
    • SOCKS proxy support
    • PKI client command line utility for querying services availability and certificate validity
  • Server authentication
    • Public key (RSA and DSA)
    • PKI X.509 certificates
    • GSSAPI/Kerberos
  • User authentication
    • Password (local user and Windows domain user)
    • Public key
      • RSA user keys
      • DSA user keys
      • X.509 certificates
      • OpenSSH public key interoperability
    • Keyboard interactive
      • RSA SecurID
      • RADIUS
  • Keyboard-interactive password
    • GSSAPI/Kerberos
Auditing and logging:
  • Configurable Windows Event Log level
  • Configurable Debug Log with local and UTC time stamps
  • Notification of exceeded maximum password attempts
  • Dedicated audit log for all file transfers
Administrative tools:
  • Post Transfer Actions for automating important processes for files after they are received
  • ProcessPriority for limiting the amount of CPU resources consumed
  • Customizable locations for server configuration files
  • Section 508 support in the Reflection for Secure IT Server for Windows configuration utility
Operating systems:
  • Microsoft Windows Server 2016 (x86-64)
  • Microsoft Windows Server 2012 (x86-64)
  • Microsoft Windows Server 2008 R2 (x86-64)
  • Microsoft Cluster Service support
  • VMWare ESXi support
System requirements:
  • Any system that meets the minimum requirements for the Microsoft Windows operating system
  • Disk space varies depending on the features installed
  • Network interface card
release-rel-2019-8-1-2404 | Tue Aug 6 19:30:17 PDT 2019
2404
release/rel-2019-8-1-2404
Tue Aug 6 19:30:17 PDT 2019