Your browser is not supported

For the best experience, use Google Chrome or Mozilla Firefox.

Reflection for the Web


Reflection for the Web

Deployment options:

Virtual Software Appliance

The first option is an appliance, a virtual machine that contains everything you need to run Product Name in a virtualization environment, with minimal effort.

Linux installer to support your Linux Distribution

The second option is a Linux installer where you choose and manage your own Linux distribution, when that is a priority.

System Requirements:

Each virtual appliance VM or Linux install requires:

Minimum CPU, memory and storage requirements:

8 CPU Cores
60 GB virtual disk space (SSD)

Note: These are the minimum resources required for each node. These requirements assume that no other production software is installed on the node.

Fast Storage:

The use of a solid-state drive (SSD) or other fast storage solution is required.

Fixed IP address:

A fixed, non-changing IP address is required for each node. DHCP (Dynamic Host Configuration Protocol) is supported but the IP must be reserved and cannot change.

Supported Linux Operating Systems (Linux installer only):

These versions or greater:

  • SUSE Linux Enterprise Server 15 SP4
  • OpenSUSE Leap 15.4
  • Red Hat Linux 9
  • Rocky Linux 9
  • Oracle Linux 9
  • Alma Linux 9

Browsers supported:

  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge


  • Complies with United States Government Configuration Baseline (USGCB) security policy requirements


  • LDAP
  • Single Sign-on through IIS
  • Windows Authentication via Kerberos
  • X.509 certificate support for CAC, PIV, and other smart cards
  • SiteMinder
  • SAML

Authorization (access control)

  • LDAP integration to restrict terminal, printer, and file transfer session access to authorized users
  • LDAP-based access control through secure token technology
  • Dynamic LDAP group support
  • Secure terminal and file transfer connections to multiple hosts through a single port in the firewall


  • MSS Management Server log
  • MSS Security Proxy Server log
  • MSS Metering Server log
  • Log data tracks usage by LDAP distinguished names

Encryption and Security

  • FIPS 140-2-validated cryptographic module (Certificate #3152)
  • TLS and HTTPS
  • 256-bit AES, 128-bit AES, and Triple DES
  • RSA
  • DSS/Diffie-Hellman

Emulation Types

  • IBM System z (Mainframe)
    • 3179, 3180, 3196, 3197, 3270, 3278, 3477, 3486, and 3487
    • Models 2 (24x80), 3 (32x80), 4 (43x80), and 5 (27x132)
  • IBM System i (AS/400)
    • 5250, 5251, and 5291
  • UNIX, Linux and OpenVMS
    • VT52, VT100, VT220, VT320, and VT420
  • HP e3000
    • HP2392 and HP700/9x
  • Unisys Clearpath Dorado Systems (Unisys Edition only)
    • UTS20, UTS40, UTS60, and UTS70
  • Unisys Clearpath Libra Systems (Unisys Edition only)
    • T27
  • Airlines hosts (Airlines Edition only):
    • ALC to
      • Galileo/Apollo Travel Services
      • Sabre
      • EDS Shares
      • Amadeus
      • MATIP hosts
      • InfoConnect Airlines Gateway
    • UTS to
      • MATIP hosts
      • Micro Focus Lantern Gateway
      • Micro Focus Pepate Gateway
      • InfoConnect Airlines Gateway (Airlines Edition only)

Network protocols

  • All host types
    • IPv4/IPv6
  • Unisys Clearpath Dorado Systems (Unisys Edition only)
    • INT1
  • Unisys Libra Systems (Unisys Edition only)
    • TCPA
  • IBM System z
    • TN3270, and TN3270E
  • IBM System i
    • TN5250
  • UNIX, Linux, OpenVMS, and HP e3000
    • Telnet, NS/VT, and Secure Shell (SSH2)
  • ALC/TPF (Airlines Edition only)
    • Sabre IP
    • MATIP
    • ATSTCP
    • Airgate
  • UTS
    • INT1 (Unisys and Airlines Edition)
    • MATIP (Airlines Edition only)
    • Airgate (Airlines Edition only)
    • Pepgate (Airlines Edition only)

File transfer

  • SFTP (SSH2) support
  • IBM System z
    • Works with any conventional FTP server
    • Secure access to multiple FTP hosts through one firewall port
    • LDAP-based access control using secure token authorization
    • Reflection Security Proxy Server hides the FTP server name/port and protects the host from external exposure
  • Standalone FTP client (independent of emulator)
  • FTP command line interface
  • FTP with automatic detection of ASCII and binary formats and preset file transfer configurations
  • Autoconnect support for FTP client
  • IBM System z IND$FILE file transfer for CMS, TSO, or CICS
  • Browse host files for IND$FILE (for quick access to host file lists)
  • IBM System i data transfer
  • Ability to save frequently used IND$FILE, FTP, and System i file transfers


  • Complies with United States Government Configuration Baseline (USGCB) security policy requirements


  • Cryptographic module (The Legion of the Bouncy Castle - BC-FJA version 1.0.1) for FIPS 140-2-validated currently in process
  • TLS 1.2 (via the Reflection Security Proxy Server or direct to host)
  • SHA-256 support
  • SFTP (SSH2) support
  • IBM System z
    • Works with any conventional FTP server
  • Secure Shell (SSH2)
    • 256-bit and 128-bit AES and Triple DES

Key exchange

  • RSA
  • DSS/Diffie-Hellman


  • Screen printing, with configurable headers and footers
  • Configurable support for form feeds in IBM 3270 LU3 printer sessions
  • IBM 3287
  • IBM 3812 (HPT and non-HPT)
  • VT logging and controller-mode printing
  • HP pass-through printing
  • Airlines/travel capabilities for printing on bi-directional devices, such as ATB2 printers over a wide variety of protocols (Airlines Edition only)

Programming and automation

  • JavaScript macro recorder and editor
  • Macro sharing
  • Centralized creation and management of macros by administrators
  • Macro mapping to keystrokes, mouse triggers, and customizable toolbar buttons
  • URL recognition and opening from emulation client
  • Password prompt for recorded macros
  • Java-based API for scripting applets with JavaScript, VBScript, or Java
  • Compatibility with Host Access Class Library (HACL)
  • Programmatic access to FTP file transfer
  • Customizable tooltips on the Button Palette
  • Keyboard mapping, compatible with Windows, Linux, or other keyboards
  • Mouse action mapping, compatible with Windows, Linux, or other mice
  • Customizable toolbar
  • Toolbar buttons mappable to commands, terminal keys, keyboard actions, macros, file transfer requests
  • 3270 and 5250 light pen support

Web-based administrative tools

  • Host Access Management and Security Server (MSS), Management Server
    • Automated management server data replication for load-balanced environments
    • Step-by-step configuration for web-based host sessions
    • LDAP-based control of host access
  • Host Access Management and Security Server (MSS), Metering Server
    • Usage logging
    • Session number limitation
    • License enforcement
    • Works in Citrix scenarios

International support

  • English, French, and German language support
  • Extensive international code page and keyboard support, including Eastern European and Cyrillic code pages and character sets
  • ROECE Latin code page (Eastern Europe) for IBM System z and IBM System i

MSS add-On components

(Requires an additional license)

  • Security Proxy Add-On: Deliver end-to-end encryption and enforce access control at the perimeter with patented security technology.
  • Automated Sign-On for Mainframe Add-On: Enable automated sign-on to IBM 3270 applications via your identity and access management system.
  • Terminal ID Management Add-On: Dynamically allocate terminal IDs based on username, DNS name, IP address, or address pool.
release-rel-2024-5-1-9444 | Tue Apr 30 16:03:23 PDT 2024
Tue Apr 30 16:03:23 PDT 2024