Configure the Reflection for Secure IT server to allow access by external users

1. On the gateway server, start the Reflection for Secure IT server console. (Start > All Programs > Attachmate Reflection > Reflection SSH Server Configuration.)
2. On left panel of the Configuration tab, click External Users.
3. Enable Allow access to external users.
4. Click Verify connection to confirm that the Reflection for Secure IT server can communicate with the User Manager.
5. Click Select account. Click Add and enter a user name and password for the user under whose account external users will run. Click Test to confirm these credentials, then click OK to save this user account to the credential cache.
6. In the Select Account dialog box, select the user account you just added and click OK to set this as the account to use for external user access.
7. (Recommended) To help ensure security on this system, disable port forwarding for all users. On the left panel of the Configuration tab, click Permissions. Under Tunneling, clear the two port forwarding options.
8. Save your settings (File > Save Settings).

Launch the User Manager and add a new external user

1. On the gateway server, start the User Manager. (Start > All Programs > Attachmate Reflection > Web Edition User Manager.)

   Note: The User Manager runs in your default browser and you will see a certificate warning message before you see the login page. This warning shows up because the User Manager installs with a self-signed security certificate which is unknown to your browser. For initial testing purposes, you can ignore this warning and proceed with the connection (Internet Explorer or Chrome) or add an exception (Firefox). For more information, see Certificate Management in the Reflection for Secure IT Web Edition Administrator's Guide.

2. For your initial login enter the following credentials.

   Username: admin

   Password: secret

3. Immediately after your first log in, you'll be prompted to change the password for the admin account. Enter the current and new password and click Submit.

   Once you are successfully logged in, you should see the Users page. The initial view shows a single user - the admin account you used to log in.

4. From the Users page, click New.
5. From the New User page, specify values for your test user's user ID, password, first name, last name and email address. Leave group membership unchanged for this test user; group configuration is optional.

   Make a note of the user name and password. You'll use these credentials for your next test.

6. Click Save.

You'll be returned to the Users page and should see your new user added to the list.

In this next procedure, a test transfer copies a document from one file location on the gateway server to another location on the same computer. This test scenario helps confirm that your setup is correct.

Test a transfer on the gateway server

1. On the gateway server, start the Transfer Client. (Start > All Programs > Attachmate Reflection > Web Edition Transfer Client.)

   Note: The Transfer Client runs in your default browser and you will see a certificate warning message before you see the log in page. This warning shows up because the Transfer Client web server installs with a self-signed security certificate which is unknown to your browser. For initial testing purposes, you can ignore this warning and subsequent certificate warnings. Before you deploy to actual users, you will need to install a certificate from a well-known Certificate Authority (CA). Once you've configured the Reflection for Secure IT Web Server to use the CA-signed certificate, users will be able to log in without seeing certificate warnings. For more information, see Certificate Management.

    

2. Log in using the user ID and password of the external user you just created.

   You'll see two additional messages, a certificate warning followed by a Java query. Both messages give you the option to trust content from this publisher, and, if you select this option, the messages won't appear again. (The certificate warning won't appear at all once you've configured the server to use a CA-signed certificate.)

3. The Transfer Client opens and connects to the running Reflection for Secure IT server. Check to confirm that the status line in the lower left corner says "Connected to server."
4. Browse to locate a document for a test transfer and drag this file from Local files to Server files. After the transfer is complete, you should see the transferred file in the Server files list.

Locate an uploaded file on the gateway server

1. Find the file you just transferred file on the gateway host in the following location:

   C:\Users\<run_as_user>\ReflectionExternalUsers\Reflection.VirtualDirectory\<external_user>

   Where <run_as_user> is the user account you selected for external users to run under and <external_user> is the user ID you specified in the User Manager.

 

Note: In this case, the transferred document is saved to the Reflection for Secure IT Web Edition server. See Transfer a File from an External User to the Document Depot to configure a transfer in which the transferred document is saved to a different server.