Prior to establishing a host system connection, you must define a host connection.
This section describes how to define a new connection. The BlueZone VT Define New Connection property sheet consists of Connection, Firewall, Security, and Certificate tabs.
Once you have defined at least one host connection in your Connection List, the Edit, Copy, and Remove buttons become active.
Connection tab
Telnet Connection
|
• |
Connection Name: A unique name used to identify this collection of Connection settings.
|
|
• |
Host Address: Specifies the computer name (in Internet format, known as DNS Name) or the IP address in either IPv4 or IPv6 format, of
the host system.
|
|
• |
TCP Port: Specifies the TCP port number. The default is 23.
|
|
• |
Backup Host: Specifies the backup host to which BlueZone connects if the primary host is not available. Backup hosts are selected from
the Connection List.
|
|
• |
Terminal: Select the Terminal Type that you want to emulate from the list box.
|
|
• |
Terminal ID: The Terminal ID automatically changes with the chosen Terminal setting above; however, you can override this value with
the setting of your choice.
|
Default Screen Size
|
• |
Rows: Sets the number of viewable rows used by the host.
|
|
• |
Columns: Sets the number of viewable columns used by the host.
|
Emulation tab
The Emulation tab allows the configuration of emulation specific features.
Emulation Options
|
• |
Auto-Login UserName: Type the desired user name in this field if you want BlueZone to automatically send this information to the host upon connect.
Otherwise, leave it blank.
Note Not all Telnet hosts support this feature.
|
|
• |
Answerback: Type the desired answerback in this field, if any.
|
|
• |
Local Echo: If enabled, BlueZone VT displays the characters (locally) pressed by the user for hosts that do not echo back the characters
that are sent to it. If you see double characters, then clear this check box.
|
|
• |
Force Auto Wrap: If enabled, BlueZone VT forces word wrapping of any characters that normally extend off the right hand side of the screen.
This overrides the setting that is sent down from the host.
|
|
• |
Disable Dimming Colors: If enabled, the BlueZone VT character dimming feature is turned off. This can be useful when it is difficult to distinguish
dim characters on the screen. Refer to Colors tab for more information on selecting color options for Bold and Dim intensities.
|
|
• |
Disable 8-bit Control Characters: If enabled, BlueZone VT disables the use of 8-bit control characters.
|
|
• |
Use ANSI Colors: If enabled, BlueZone VT uses ANSI Colors for VTXXX connections.
Note This option does not apply to any other host type.
|
Firewall tab
The Firewall tab allows the configuration of firewall and proxy server sign on systems.
Firewall Options
|
• |
Connect Through Firewall or Proxy Server: Check to enable this feature.
|
|
• |
Firewall Type: Select the firewall type from the drop-down list:
|
|
• |
Firewall Address: Type the IP address of the firewall.
|
|
• |
Port: Type the port number used by the firewall.
|
|
• |
Timeout: Type the appropriate time out value.
|
|
• |
User Name: Type the appropriate user name.
|
|
• |
Password: Type the appropriate password.
Note If you selected NVT Proxy or Firewall, then you must provide the following prompts:
|
♦ |
Host Name Prompt: Type the firewall prompt, or a unique portion of the prompt, of the host name that BlueZone is expecting. For example, Enter host name. If this prompt is detected, the Host Address from the Connections tab is sent.
|
|
♦ |
User Name Prompt: Type the firewall prompt, or a unique portion of the prompt, of the user name that the firewall is expecting. For example,
Enter user name. If this prompt is detected, the User Name Prompt field is sent.
|
|
♦ |
Password Prompt: Type the firewall prompt, or a unique portion of the prompt, of the password that the firewall is expecting. For example,
Enter password. If this prompt is detected, the Password Prompt field is sent.
|
|
♦ |
Connected Prompt: Type the firewall prompt, or a unique portion of the prompt, of the connection message. For example, Connected or Connected to host. If this prompt is detected, the firewall connection is considered to be complete and the Telnet negotiation begins.
|
|
Security tab
The BlueZone VT emulator supports the SSL v3, TLS v1 or SSH v2. BlueZone VT can be pre-configured for distribution with encryption
configured and enabled eliminating the need for any end user intervention in the installation or configuration process.
Security Options
|
• |
Enable Secure Sockets Layer: Specifies whether the TCP connection to the host must be encrypted using SSL.
Encryption Type
Specifies which type of encryption must be used:
|
♦ |
SSL v3: (Default) Specifies that SSL version 3 must be used.
|
|
♦ |
TLS v1: Specifies that TLS version 1 must be used.
Note SSL v3 and TLS v1 are nearly identical. TLS v1 is preferred.
|
|
♦ |
SSH v2: Specifies that SSH version 2 must be used.
|
Invalid Certificates
Specifies how to handle an invalid server certificate. Options include:
|
♦ |
Always Reject: Specifies that an invalid server certificate must always be rejected.
|
|
♦ |
Ask Before Accepting: (Default) Specifies that the user must be asked whether to accept an invalid server certificate.
|
|
♦ |
Always Accept: Specifies that an invalid server certificate must always be accepted.
|
|
|
• |
Preferred Cipher Suite: Specifies a specific SSL/TLS or SSH cipher suite (encryption algorithm) to use. The Preferred Cipher Suite list changes
depending on whether SSL/TLS or SSH is selected. In SSL/TLS, you can allow the client and server to negotiate the cipher
suite by selecting None which is the default. In SSH, a Preferred Cipher Suite must be selected. AES is the default.
|
Certificate tab
Client Certificate
These parameters specify the type of client certificate to use if any.
Enable Secure Sockets Layer on the
Security tab must be enabled in order for client certificate support to be active.
|
• |
No Client Certificate: Specifies that a client certificate must not be presented.
|
|
• |
Client Certificate in Disk File: Specifies that a client certificate must be presented.
|
♦ |
Certificate File: Specifies the path to the certificate file.
|
§
|
View: Click to view the certificate.
|
|
§
|
Browse: Click to locate the certificate file.
|
|
|
♦ |
Private Key File: Specifies the path to the private key file.
|
§
|
Browse: Click to locate the private key file.
|
|
|
|
• |
Client Certificate in Certificate Store: Specifies that a client certificate must be presented that is located in the certificate store.
|
♦ |
Common Name: Specifies the path to the common name file.
|
§
|
View: Click to view the certificate.
|
|
§
|
Browse: Click to display a list of certificates in the certificate store.
|
|
|
|
• |
Client Certificate in Certificate on Smart Card: Specifies that a client certificate stored on a Smart Card must be presented.
|
Root Certificates
These parameters specify the root certificate store to use: the one provided by OpenSSL, or the one that is provided by Windows.
|
• |
Use OpenSSL Root Certificates: (Default) If selected, the root certificates provided by OpenSSL is used.
|
|
• |
Use Windows Root Certificates: If selected, BlueZone looks for a file called rootcerts.pem in the end user's bluezone\certs directory. If it doesn't exist, it automatically exports the root certificates from Windows and stores them there, giving
a message such as 109 root certificates were exported.
|
♦ |
Update Root Certificates: Click to manually export the certificates. If you connect and are presented with an untrusted host root certificate, and
check the box to add it to the trusted list, it imports it into the Windows root store (which can produce a Windows message
asking for confirmation), and then exports the root store again to disk producing a message such as 109 root certificates were exported. When this is performed one time, subsequent connections connect without messages.
|
|
Kerberos tab
Kerberos Authentication Protocol is an optional component that must be selected during the BlueZone installation process.
If you do not see a Kerberos tab in your Connection dialog, it means that your BlueZone administrator did not enable the Kerberos
component when BlueZone was installed on your machine.
Refer to the BlueZone Desktop Administrator's Guide in Chapter 2: Installing BlueZone - Optional installation features - Enabling Kerberos for information about installing the
Kerberos Authentication feature.
Kerberos options
|
• |
Enable Kerberos Authentication: To enable Kerberos Authentication for this session, place a check in this check box.
|
|
• |
Use Windows Credentials: If enabled, your Windows credentials (User Name and Domain) are used in lieu of Principal and Realm. Your User Name is
used as the Principal name and your Domain name is used as the Realm name.
|
|
• |
Forward Credentials: If enabled, your credentials are forwarded to the remote session. The credentials are passed as a Kerberos message which
includes, among other things, the forwarded Kerberos ticket and a session key associated with the ticket.
|
|
• |
Principal: If you are not using your Windows credentials, type your Principal name here.
|
|
• |
Realm: If you are not using your Windows credentials, type the Realm name here. The Realm name must be typed entirely in uppercase.
|
|
• |
Target: Type the name of the Kerberos database.
|
|
• |
Manage Tickets: Click Manage Tickets to manage Kerberos tickets. The Network Identity Manager opens:
|
