Creating BlueZone VT Display connections

Prior to establishing a host system connection, you must define a host connection.

Click Start → All Programs → BlueZone 6.2 → BlueZone VT.
The first time that you create a BlueZone VT Display session, the Define New Connection window opens.

To open this window on subsequent connections, click Session → Configure, and then click New or Edit.
In the Connection tab, complete the following fields:
Telnet Connection
- Connection Name: A unique name used to identify this collection of Connection settings.
- Host Address: Specifies the computer name (in Internet format, known as DNS Name) or the IP address in either IPv4 or IPv6 format, of the host system.
- TCP Port: Specifies the TCP port number. The default is 23.
- Backup Host: Specifies the backup host to which BlueZone connects if the primary host is not available. Backup hosts are selected from the Connection List.
In the Emulation tab, complete the following fields:
Emulation Options
- Terminal: Select the Terminal Type that you want to emulate from the list.
- Terminal ID: The Terminal ID automatically changes with the chosen Terminal setting above; however, you can override this value with the setting of your choice.
- Auto-Login UserName: Type the desired user name in this field if you want BlueZone to automatically send this information to the host upon connect. Otherwise, leave it blank.
  Note: Not all Telnet hosts support this feature.
- Answerback: Type the desired answerback in this field, if any.
- Received DEL(^?): Select an option from the list to change how BlueZone VT handles the DEL control character.
  - Ignore (Default)
  - Backspace / Non-Destructive
  - Delete / Destructive
- Local Echo: If enabled, BlueZone VT displays the characters (locally) pressed by the user for hosts that do not echo back the characters that are sent to it. If you see double characters, then clear this check box.
- Force Auto Wrap: If enabled, BlueZone VT forces word wrapping of any characters that normally extend off the right hand side of the screen. This overrides the setting that is sent down from the host.
- Disable Dimming Colors: If enabled, the BlueZone VT character dimming feature is turned off. This can be useful when it is difficult to distinguish dim characters on the screen. Refer to Colors tab for more information on selecting color options for Bold and Dim intensities.
- Disable 8-bit Control Characters: If enabled, BlueZone VT disables the use of 8-bit control characters.
- Use ANSI Colors: If enabled, BlueZone VT uses ANSI Colors for VTXXX connections.
- Use ANSI Locator: If enabled, a DEC feature, DECELR - DEC Enable Locator Reports, will report where and how the user clicks on the screen.
  Note: The ANSI options do not apply to any other host type.
Default Screen Size
- Rows: Sets the number of viewable rows used by the host.
- Columns: Sets the number of viewable columns used by the host.
In the Firewall tab, you can configure the firewall and proxy server sign on systems. Complete the following fields:
Firewall Options
- Use Firewall/Proxy Server: Check to enable this feature.
- Use Browser Settings: Select to use the firewall settings in your default web browser.
- Firewall Type: Select the firewall type from the drop-down list:
  - SOCKS4 Proxy
  - SOCKS4A Proxy
  - SOCKS5 Proxy
  - NVT Proxy or Firewall
  - HTTP Tunnelling Proxy
- Firewall Address: Type the IP address of the firewall.
- Port: Type the port number used by the firewall.
- Timeout: Type the appropriate time out value.
- User Name: Type the appropriate user name.
- Password: Type the appropriate password.
  Note: If you selected NVT Proxy or Firewall, then you must provide the following prompts:
  
  Host Name Prompt: Type the firewall prompt, or a unique portion of the prompt, of the host name that BlueZone is expecting. For example, Enter host name. If this prompt is detected, the Host Address from the Connections tab is sent.
  
  User Name Prompt: Type the firewall prompt, or a unique portion of the prompt, of the user name that the firewall is expecting. For example, Enter user name. If this prompt is detected, the User Name Prompt field is sent.
  
  Password Prompt: Type the firewall prompt, or a unique portion of the prompt, of the password that the firewall is expecting. For example, Enter password. If this prompt is detected, the Password Prompt field is sent.
  
  Connected Prompt: Type the firewall prompt, or a unique portion of the prompt, of the connection message. For example, Connected or Connected to host. If this prompt is detected, the firewall connection is considered to be complete and the Telnet negotiation begins.
In the Security tab, configure the SSL, TLS, or SSH options. BlueZone VT can be preconfigured for distribution with encryption configured and enabled eliminating the need for any end user intervention in the installation or configuration process.
Complete the following fields:
Security Options
- Enable Secure Sockets Layer: Specifies whether the TCP connection to the host will be encrypted.
- Encryption Type
  
  SSL v3: Specifies that SSL version 3 must be used.
  Note: SSL v3 has numerous vulnerabilities and is no longer considered secure. This setting is NOT RECOMMENDED. We strongly recommend using TLS v1 instead.
  
  TLS v1 (Default): Specifies that TLS version 1.0, 1.1, or 1.2 is used. The highest version supported by the client and the host will be used.
  Note: TLS v1.1 and 1.2 are not available on operating systems prior to Windows 7.
  
  SSH v2: Specifies that SSH version 2 must be used.
  Note: When SSH is selected, a Tunneling tab will appear at the top of this dialog. Please refer to step 8 for information on how to configure Tunneling.
- Invalid Certificates: Specifies how to handle an invalid server certificate. Options include:
  
  Always Reject: Specifies that an invalid server certificate must always be rejected.
  
  Ask Before Accepting: Specifies that the user must be asked whether to accept an invalid server certificate.
  
  Always Accept: (Default) Specifies that an invalid server certificate must always be accepted.
  
  Check for Certificate Revocation: When checked, a revocation check is performed on the server certificate chain at connect time, which will result in a connection failure if a certificate has been revoked; if the revocation server cannot be contacted; or if revocation information is not listed in the certificate.
- Preferred Cipher Suite: Specifies a specific SSL/TLS or SSH cipher suite (encryption algorithm) to use. To allow the client and server to negotiate the cipher suite, select Strong only.
  Note: The cipher suite choices will change depending on if you are using SSL/TLS or SSH.
  Strong only is not available in SSH.
- Alternate Principal Name: Type a valid address in this field to use to validate the server certificate.
  When a host site's server certificate's Common Name (CN) or AltSubjectName does not match the address used to connect to the host, a certificate error occurs, stating that the host address does not match the common name. If it is not possible to connect to the host address listed in the certificate, the address from the certificate can be typed into the Alternate Principal Name field. This address, rather than the host connection address, is used to validate the server certificate.
- Remote Command: Remote Command will take the place of Alternate Principal Name when SSH is selected. You can use this text box to send remote commands to your SSH connected host. This feature is popular with Linux hosts.
In the Certificate tab, complete the following fields:
Client Certificate
These parameters specify the type of client certificate to use if any. Enable Secure Sockets Layer on the Security tab must be enabled in order for client certificate support to be active.
- No Client Certificate: Specifies that a client certificate must not be presented.
- Client Certificate in Disk File: Specifies that a client certificate must be presented.
- Client Certificate in Certificate Store: Specifies that a client certificate must be presented that is located in the certificate store.
- Client Certificate in Certificate on Smart Card: Specifies that a client certificate stored on a Smart Card must be presented.
  - Certificate File: Specifies the path to the certificate file.
    
    View: Click to view the certificate.
    
    Browse: Click to locate the certificate file.
  - Private Key File: Specifies the path to the private key file.
    
    Browse: Click to locate the private key file.
Root Certificates
These parameters specify the root certificate store to use: the one provided by OpenSSL, or the one that is provided by Windows.
- Use OpenSSL Root Certificates: (Default) If selected, the root certificates provided by OpenSSL is used.
- Use Windows Root Certificates: If selected, BlueZone looks for a file called rootcerts.pem in the end user's bluezone\certs directory. If it doesn't exist, it automatically exports the root certificates from Windows and stores them there, giving a message such as 109 root certificates were exported.
  - Update Root Certificates: Click to manually export the certificates. If you connect and are presented with an untrusted host root certificate, and check the box to add it to the trusted list, it imports it into the Windows root store (which can produce a Windows message asking for confirmation), and then exports the root store again to disk producing a message such as 109 root certificates were exported. When this is performed one time, subsequent connections connect without messages.
In the Kerberos tab, you can configure the optional Kerberos Authentication Protocol component. If the Kerberos tab is not available, the Kerberos component was not installed. Refer to the BlueZone Desktop Administrator's Guide in Chapter 2: Installing BlueZone - Optional installation features - Enabling Kerberos for information about installing the Kerberos Authentication feature.
Complete the following fields:
Kerberos options
- Enable Kerberos Authentication: To enable Kerberos Authentication for this session, place a check in this check box.
- Use Windows Credentials: If enabled, your Windows credentials (User Name and Domain) are used in lieu of Principal and Realm. Your User Name is used as the Principal name and your Domain name is used as the Realm name.
- Forward Credentials: If enabled, your credentials are forwarded to the remote session. The credentials are passed as a Kerberos message which includes, among other things, the forwarded Kerberos ticket and a session key associated with the ticket.
- Principal: If you are not using your Windows credentials, type your Principal name here.
- Realm: If you are not using your Windows credentials, type the Realm name here. The Realm name must be typed entirely in uppercase.
- Target: Type the name of the Kerberos database.
- Manage Tickets: Click to manage Kerberos tickets. The Kerberos Ticket Manager opens.
The Tunneling tab will only appear when SSH is selected on the Security tab.
Complete the following fields:
Tunneling Options
- Allow Remote Connections: If enabled, you are allowing remote IP addresses to connect to the local listening port used in tunneling.
- Add, Edit or Delete: Used to add, edit or delete port forwarding rules.
- Add: When adding a rule, you have to choose either Local Port or Remote Port, then enter the port number you want to forward. Then you have to add the host name in the Name field with the port number on that host.
- Edit: Allows you edit an existing rule.
- Delete: Allows you delete an existing rule.
Click OK.

Note: If you enable the Direct/Modem feature in the global.ini file, you can change the connection type from Telnet to Direct or Modem using the Connection Type list that appears in the Connection tab. If you select either Direct or Modem connections, you will have the option to select your desired Baud Rate, Data Bits, Parity, Stop Bits, Flow Control, and Phone Number (modem only). For more information on enabling the Direct/Modem feature, refer to the Rocket BlueZone Desktop Adminitrator's Guide.