Setting up a Session using the Security Proxy
The MSS Security Proxy Server Add-On provides token-based access control and encrypted network traffic to and from user workstations. This allows users to connect with SSL/TLS encryption to the proxy.
Before you begin
-
Install X Manager (standalone) on administrator and user computers. These must be Windows systems.
-
Follow the instructions in the Management and Security Server Installation Guide to install Management and Security Server (which includes the Administrative Server) and the Security Proxy Add-On on a Windows or Linux server.
-
Make sure you have administrative credentials to log on to the Administrative Server's Administrative Console.
-
Install PKI Services Manager on a Windows or Linux server. See Using PKI Services Manager with Reflection X for information about installing and configuring this tool.
Configure PKI Services Manager to validate the Management and Security Server Security Proxy certificate
The method you use depends on how the Security Proxy is configured:
-
If you've obtained a certificate for the Security Proxy from a Certification Authority (CA), add the CA certificate to the PKI Services Manager trusted root store.
-
If you're using the proxy's default self-signed certificate, add this certificate to the PKI Services Manager trusted root store. To obtain a copy of the default certificate, start the Security Proxy Wizard on the Security Proxy server, and go to Security Proxy Certificates > Export.
note
PKI Services Manager supports the ability to map which entities can authenticate using certificates. This is not used when validating the Security Proxy certificate, so you do not need to configure identity mapping.
To deploy a session with the Administrative Console
-
Add a Reflection X session as shown in the Management and Security Server Administrator Guide, in the Host Access Management and Security Server Documentation.
By default, Start end-user session in notifications area of taskbar is enabled. With this option, X clients are launched on user desktops and X Manager runs in the background on the user's machine. Users see only the clients that are configured to open at startup.
-
Click Launch. This launches X Manager in X Manager Administrative Console Mode.
-
Configure your X client settings.
-
For each configured client, click Advanced to open the Advanced Secure Shell Settings dialog box.
-
On the Proxy tab select Use Reflection security proxy.
-
Under Security proxy server, select your proxy server and port from the drop-down lists.
-
Click Close.
-
-
Go to Tools > Secure Shell Host Keys > PKI Configuration.
-
For PKI server, enter the name of the computer running PKI Services Manager.
-
Click Download key and click Yes to accept the key.
-
-
Test your connection. In response to the Host Key Unknown prompt, click Always. This adds the key to the known hosts lists in the configuration you save to the web server so users won't see the prompt.
note
The option to save a host key by selecting Always is not available for sessions running in X Manager User Mode.
-
Go to File > Exit. Click Save/Exit to close your session and save the configuration to the Management and Security Server Administrative Console.
More information