Reflection for Secure IT Gateway 1.1 - Features and Release Notes

  • 7022080
  • 13-Jul-2016
  • 02-Mar-2018

Environment

Reflection for Secure IT Gateway version 1.1

Situation

This technical note outlines the features available in Reflection for Secure IT Gateway 1.1, which released July 2016.

Resolution

Version Identification

This release is identified as version 1.1.0.255, which is displayed in the Gateway Administrator on the About tab.

Features

Reflection for Secure IT Gateway provides a secure, flexible way to manage files. Reflection Gateway offers two key features: Jobs and Transfer Sites. Both use secure authentication and encryption for all connections and provide administrators with flexible options for creating custom configurations appropriate to different users and business practices.

General Features

  • Web-based administration: The Gateway Administrator console is a web-based tool that enables administrators to modify Reflection Gateway system settings, provision users, and configure jobs and transfers.
  • Delegated administration: The console supports delegation of management tasks. Administrators can assign roles to users or groups to delegate tasks and limit access to the Gateway Administrator console features.
  • Database options: Gateway Administrator installs with a default database, which stores Gateway data on the same system that runs the Gateway Administrator service. For configuring a high availability in a production environment, you can configure Gateway Administrator to use a MySQL database running on a different system.
  • End-to-end encryption: Reflection Gateway uses secure authentication and encryption throughout.
  • File transfer auditing: The Reflection SSH Proxy can be configured to maintain a complete record of all Transfer Site activity. Auditing of Job transfers can also be configured using a Reflection for Secure IT Server. The Reflection for Secure IT Gateway installer includes the Reflection for Secure IT Server for Windows. Each Reflection Gateway license entitles you to install this SFTP-enabled server on one system.
  • Server options: Configure Reflection Gateway to transfer files and/or execute commands on any SFTP-enabled SSH server. (One license of the Reflection for Secure IT Server for Windows is included with Reflection Gateway.) Authentication to your added SFTP servers can be configured using either password or public key authentication.
  • High availability: To ensure high availability, you can store data on an external database, and run Reflection Gateway services on multiple systems. For details, see the Reflection Gateway Administrator’s guide.

Jobs

Reflection Gateway Jobs are ideal for managing automated business-to-business processes. Use Jobs to monitor the content of a directory and initiate actions automatically when new files are added to the scanned directory, or existing files are updated. Because Job actions can trigger any command action supported on your servers, you can tie this feature to existing business practices and requirements.

Jobs enable you to:

  • Monitor directories on any added SFTP file server. You can specify which directory to scan and whether or not to include subdirectories.
  • Create a customized, ordered sequence of Job actions to handle new and updated files. Actions can include:
    • Moving or copying files to any added server.
    • Executing any command supported on the server. Commands can be executed on the server where files first arrive, or on subsequent servers to which files are moved.

If any action in your sequence fails, no further actions take place. This ensures that the processes you configure to secure your site are successfully completed on all files.

  • Configure email notification to alert system administrators when Job actions fail or succeed.
  • Define the window of time that the directory will be monitored. For example, Monday through Friday from 8 AM to 5 PM.
  • Set the scan interval to determine how frequently scans occur, for example every 30 minutes.
  • Specify which files in the directory should be acted on, for example all PDF files, or all files of a given size.
  • Specify the minimum number of files that must arrive before Job actions begin.
  • Manage access to servers using File Server Groups so that delegated Job administrators can configure Jobs on only those servers they have been granted access to.

Transfer Site Features

Reflection Gateway Transfer Sites are designed to support flexible, secure user-to-business file transfers. You can configure secure file exchange with business partners and/or employees working outside your corporate network. User authentication is required for all transfers and end-to-end encryption protects all transferred data.

Features include:

  • Choice of transfer client: Users can transfer files using the Integrated web-based Transfer Client or any other SFTP-enabled SSH client available to them.
  • Choice of authentication method: Configure user authentication using either password or X.509 certificate authentication.
  • Customizable Transfer Site access: Transfer site managers can provide access rights to users or groups and control how long sites remain active. Permissions settings are available to specify who can upload and/or download files and who receives email notifications.
  • Self-registration by email: New external users can be notified via email with links provided for password creation. Customizable email templates are available for account creation, password reset, Transfer Site access notifications, and file upload and download notifications.
  • LDAP integration: Add users to Reflection Gateway who have accounts in your Windows Active Directory.
  • Manage files after a transfer: You can use either Post Transfer Actions or Jobs to trigger automated processes after files are uploaded to your server.

Security Features

  • Reflection for Secure IT Gateway uses the RSA BSAFE Crypto-J and JCE Software Module version 6.2.1 for FIPS 140-2 Level 1 validation (certificate #2468).
  • The Reflection SSH Proxy uses the OpenSSL FIPS Object Module v2.0.2 for FIPS 140-2 Level 1 validation (certificate #1747) and the OpenSSL Cryptography and SSL/TLS Toolkit version 1.0.2h.
  • Reflection for Secure IT Gateway installs Oracle Java Platform Standard Edition 8 Update 101.

Known Issues

  • When configuring Job Success and Failure actions, the “Send Test Email” feature is currently available only to Gateway Administrator users who have the System Setup role enabled. Other Gateway Administrator users see an error when trying an email test. This issue only affects the test email feature; actual Success and Failure email notifications are sent correctly when the configured Job runs.

Supported Platforms and Installation

For information about supported platforms and installing Reflection for Secure IT Gateway, see Installation and System Requirements in the Administrator’s Guide (https://www.attachmate.com/documentation/gateway-1-1/gateway-admin-guide/data/fxg_server_requirements.htm) and KB 7022010.

Additional Information

Legacy KB ID

This article was originally published as Attachmate Technical Note 2874.