Tech Specs for Reflection for Secure IT Client for UNIX

Secure Shell Access
  • Secure remote terminal connections
  • Secure remote command execution
Secure File Transfer
  • SCP and SFTP special features
    • Smart Copy (to eliminate redundant copying of identical source and target files)
    • File transfer resume after interrupted downloads
    • Recursive directory copying
    • Remote-to-remote transfers (SCP)
    • Automatic ASCII mode for specified file extension types (SFTP)
  • SCP and SFTP version 4 protocol support
  • Support for High Performance Enabled file transfer
  • Unattended scheduled file transfers
Tunneling
  • X11 protocol
  • Background and "one-shot" (single use) forwarding ports
  • TCP port forwarding (local and remote)
  • FTP protocol
Standards Support
  • Compliance with IETF Secsh Internet drafts and RFCs 4250–4254, 4256, 4462, 4345, and 4716
  • UTF-8 character support
Cryptographic Library Validation
  • FIPS 140-2 Level 1 (Certificate #1747 and #2398-AIX)
Algorithms
  • Ciphers
    • AES (128-, 192-, and 256-bit CBC)
    • AES (128-, 192-, and 256-bit CTR)
    • 3DES (3 56-bit key EDE)
    • Blowfish (128-bit)
    • CAST (128-bit)
    • Arcfour (128- and 256-bit)
  • Key exchange
    • Diffie-Hellm
    • GSS-API key exchange
    • RSA
    • DSA
  • MACS
    • HMAC-MD5
    • HMAC-MD5-96
    • HMAC-SHA1
    • HMAC-SHA1-96
    • HMAC-SHA256
    • HMAC-SHA512
    • RIPEMD160
    • Meets DoD requirements for SHA-2
Authentication
  • Reflection PKI Services Manager
    • Centralized configuration and management of PKI functions across Reflection for Secure IT Server for Windows, Server for UNIX, and Client for UNIX
    • Standalone service module supported on most platforms supported by Reflection for Secure IT Server for Windows and Server for UNIX
    • DoD PKI certified
    • FIPS 140-2 Level 1-validated for most supported platforms (Certificate #2058)
    • RFCs 2253, 2560, and 3280
    • X.509 certificates for server and client authentication (X.509 versions 1-3)
    • Version 2 X.509 CRL
    • OCSP revocation checks
    • HSPD-12 support
    • Support for LDAP and HTTP certificate and CRL repositories
    • Certificate extensions supported
      • CDP
      • IDP
      • AIA
      • Policy constraints
      • Basic constraints
      • Name constraints
      • Extended key usage
    • Customizable configuration on per trust anchor basis
    • Fully customizable mapping of SSH user account names to certificates
    • SOCKS proxy support
    • PKI client command line utility for querying services availability and certificate validity
  • Server authentication
    • Public key (RSA and DSA)
    • PKI X.509 certificates
    • Kerberos (gssapi-keyex)
  • User authentication
    • Password
    • Public key
      • RSA and DSA user keys
      • Key agent utility for private key management
      • Agent forwarding
      • Host name aliasing for host key storage
      • PKCS#11 smart card support on Solaris 10 SPARC platforms
    • Keyboard interactive
      • RSA SecurID
      • RADIUS
      • Keyboard-interactive password
    • PKI X.509 certificates
    • Kerberos (gssapi-with-mic)
Accounting and Auditing
  • Notification of exceeded maximum password attempts
  • Oracle Solaris Projects support
  • Dedicated audit log for all file transfers
Performance
  • High Performance Enabled (HPN) support leverages dynamic TCP windows for improved file transfer performance
  • Granular control of data compression levels enables performance calibration
Operating Systems
  • HP-UX 11i v2 (PA-RISC)
  • HP-UX 11i v2 (Itanium)
  • HP-UX 11i v3 (Itanium)
  • IBM AIX 6.1 (POWER)
  • IBM AIX 7.1 (POWER)
  • Red Hat Enterprise Linux 5 (x86)*
  • Red Hat Enterprise Linux 5 (x86-64)*
  • Red Hat Enterprise Linux 6 (x86)*
  • Red Hat Enterprise Linux 6 (x86-64)*
  • Red Hat Enterprise Linux 7 (x86-64)*
  • Red Hat Enterprise Linux 7 (x86-64)*

*Customizable installation directory available for Solaris and Linux platforms

  • Oracle Solaris 10 (x86)*
  • Oracle Solaris 10 (x86-64)*
  • Oracle Solaris 11 (SPARC)*
  • Oracle Solaris 11 (x86-64)*
  • SUSE Linux Enterprise Server 10 (x86)*
  • SUSE Linux Enterprise Server 10 (x86-64)*
  • SUSE Linux Enterprise Server 10 zSeries (64-bit)*
  • SUSE Linux Enterprise Server 11 (x86)*
  • SUSE Linux Enterprise Server 11 (x86-64)*
System Requirements
  • For all Itanium systems, the library libunwind is required (HP-UX, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server)
  • Network interface card
  • Any system that meets the minimum requirements for the UNIX/Linux operating system
  • Oracle Solaris UltraSPARC CPU