Setting up a Session using the Security Proxy
The Reflection Security Gateway Security Proxy server provides SSL/TLS encryption to the proxy.
Before you begin
- Install X Manager (standalone) on administrator and user computers. These must be Windows systems.
- Install Reflection Security Gateway on a Windows or UNIX server. (This installs two servers, the Reflection Management Server and the Reflection Security Proxy.) Make sure you have administrative credentials to log onto the Reflection Management Server.
- Install PKI Services Manager on a Windows or UNIX server. See Using PKI Services Manager with Reflection X Advantage for information about installing and configuring this tool.
Configure PKI Services Manager to validate the Reflection Security Gateway Security Proxy certificate
The method you use depends on how the Security Proxy is configured:
- If you've obtained a certificate for the Security Proxy from a Certification Authority (CA), add the CA certificate to the PKI Services Manager trusted root store.
- If you're using the proxy's default self-signed certificate, add this certificate to the PKI Services Manager trusted root store. To obtain a copy of the default certificate, from the server running Reflection Security Gateway start the Security Proxy Wizard, and go to Security Proxy Certificates > Export.
Note: PKI Services Manager supports the ability to map which entities can authenticate using certificates. This is not used when validating the Security Proxy certificate, so you do not need to configure identity mapping.
To deploy a session with the Administrative WebStation
- Log into the Administrative WebStation and select Session Manager.
- In the Session Manager, click Add to open the Add New Session page. Select X Advantage, enter a session name, and click Continue.
- (Optional) On the Configure a Windows-Based Reflection Session page modify any of the optional settings.
- Click Launch. This launches X Manager in Administrative WebStation mode.
- Configure your X client settings.
- For each configured client, click Advanced to open the Advanced Secure Shell Settings dialog box.
- On the Proxy tab select Use Reflection security proxy.
- Under Security proxy server, select your proxy server and port from the drop-down lists.
- Click Close.
- Go to Tools > Secure Shell Host Keys > PKI Configuration.
- For PKI server, enter the name of the computer running PKI Services Manager.
- Click Download key and click Yes to accept the key.
- Test your connection. In response to the Host Key Unknown prompt, click Always. This adds the key to the known hosts lists in the configuration you save to the web server so users won't see the prompt.
Note: The option to save a host key by selecting Always is not available for sessions running in WebStation User Mode.
- Go to File > Exit. Click Save/Exit to close your session and save the configuration to the Reflection Security Gateway Administrative WebStation.