Specs

Compliance

• Compliance with United States Government Configuration Baseline (USGCB) security policy requirements

Authentication

• Microsoft Active Directory single sign-on
• Kerberos for Windows Single Sign-On
• Support for NTLM 2
• Public Key Infrastructure (PKI) support
  • Certificate Revocation List (CRL) support
  • Online Certificate Status Protocol (OCSP) support
  • Certificate policy support
• X.509 certificate support for CAC, PIV, and other smart cards
• Kerberos 5 with Microsoft Active Directory
• Directory Support, including support for Active Directory, NetIQ eDirectory, OpenLDAP, and other RFC compliant directory servers
• Support for Micro Focus Advanced Authentication

Authorization (Access Control)

• LDAP integration to restrict terminal, printer, and file transfer session access to authorized users
• Access control for session access based on individual identity or LDAP group membership
• LDAP-based access control enforced through secure token authorization technology
• Dynamic LDAP group support
• Secure terminal and file transfer connections to multiple hosts through a single port in the firewall

Auditing

• MSS Management Server log
• MSS Security Proxy Server log
• MSS Metering Server log
• Log data tracks usage by LDAP-distinguished names

Encryption and Security

• FIPS 140-2-validated cryptographic module (Certificate #3152)
• TLS and HTTPS
• 256-bit AES, 128-bit AES, and Triple DES
• RSA
• DSS/Diffie-Hellman

Support for MSS add-On components*

• Security Proxy Add-On: Deliver end-to-end encryption and enforce access control at the perimeter with patented security technology.
• Advanced Authentication Add-On: Enable multifactor authentication to authorize access to your valuable host systems.
• Automated Sign-On for Mainframe Add-On: Enable automated sign-on to IBM 3270 applications via your identity and access management system.
• PKI Automated Sign-On Add-On: PKI-enable automated application sign-on to your critical enterprise systems.
• Terminal ID Management Add-On: Dynamically allocate terminal IDs based on username, DNS name, IP address, or address pool.

*Requires an additional license

• Installation support
• Automated installer for Windows and Linux with all necessary components
• Automated installer for Linux on Z runs with your supplied Java runtime
• Native 64-bit installer support for 64-bit versions of Windows and Linux

System requirements

Server platforms supported**

• SUSE Linux Enterprise Server (SLES) 11 SP4
• Red Hat Enterprise Linux 7.6
• Windows 2012
• Linux on Z Systems
  • SUSE Linux Enterprise Server (SLES) 11 SP4
  • Red Hat Enterprise Linux 7.6

** Supported versions include those listed and higher

• Workstations running Micro Focus client software (see Micro Focus Clients Supported above)
  • A web browser that supports Java 8 or above if using links list feature
  • Java Runtime Environment 8 or above if using links list feature
• MSS Administrative Console
  • A web browser that supports JavaScript and Cookies
• MSS Administrative Server, Metering Server, and Terminal ID Management Add-On
  • Java Servlet 2.3-compliant servlet engine and Java Server Pages (JSP) 1.2
• MSS Security Proxy Add-On
  • Java Runtime Environment 8 or above
• MSS Advanced Authentication Add-On
  • Micro Focus Advanced Authentication Appliance 5.2 or above
• MSS Automated Sign-On for Mainframe Add-On
  • IBM Digital Certificate Access Service (DCAS) running on z/OS
  • OS/390 V2R10 or above
  • RACF configured for DCAS

Micro Focus clients supported

• Reflection Desktop
• Reflection Desktop Pro
• Reflection Desktop For X
• Rumba+ Desktop
• InfoConnect Desktop Pro for Unisys
• InfoConnect Desktop Pro for Airlines
• See each product’s tech specs to learn what MSS features they support.