Reflection for Secure IT Windows Server

Reflection for Secure IT Windows Server uses the SSH protocol to provide secure file transfer and remote administration services for Windows environments. It is part of the Reflection for Secure IT family of SSH clients and servers for Windows and UNIX—all designed to protect data in motion.

Technical Specifications

Secure Shell Access

  • Secure remote terminal connections:
    • Configurable terminal provider (i.e., cmd.exe)
    • Configurable terminal default directory
    • new Use of mapped drives to access network directories during terminal sessions
  • Secure remote command execution
Secure File Transfer

  • SCP and SFTP protocol support
  • SCP and SFTP special features:
    • Smart Copy (to eliminate redundant copying of identical source and target files)
    • File transfer resume after interrupted downloads
  • SCP1 protocol support (for compatibility with OpenSSH clients)
  • Virtual directory and chroot environment support

Access Control

  • Assignable rights (allow or deny):
    • Terminal shell access
    • Exec requests
    • Local port forwarding
    • Remote port forwarding
    • SCP1 access
    • SFTP/SCP2 access
    • SFTP activities (Browse, Download, Upload, Delete, and Rename)
  • Assignable to (sub-configurations):
    • Global
    • Groups
    • Users
    • Per client system (by IP address or domain name)
  • Deny connections to users without Windows interactive access rights
  • new Control over the number of connections allowed per user
  • new Use of alternative credentials for accessing SFTP directories (for file transfers) and mapped drives (for terminal sessions)


  • TCP port forwarding (local and remote)
  • FTP protocol (active and passive mode)
  • RDP protocol

Standards Support

  • Compliance with IETF Secsh Internet drafts and RFCs 4250–4254, 4256, 4462, 4344, 4345, and 4716

Cryptographic Library Validation

  • FIPS 140-2 Level 1 (Certificate #1027)


  • Ciphers:
    • AES (128-, 192-, and 256-bit CTR)
    • AES (128-, 192-, and 256 bit-CBC)
    • 3DES (3 56-bit key EDE)
    • Blowfish (128-bit)
    • CAST (128-bit)
    • Arcfour (128- and 256-bit)
  • MACs:
    • HMAC-MD5 (optional MD5 rejection available)
    • HMAC-MD5-96
    • HMAC-SHA1
    • HMAC-SHA1-96
    • HMAC-SHA256
    • HMAC-SHA512
    • RIPEMD160
  • Key exchange:
    • Diffie-Hellman
    • GSS-API key exchange


  • Server authentication:
    • Public key (RSA and DSA)
    • PKI X.509 certificates
    • GSSAPI/Kerberos
  • User authentication:
    • Password (local user and Windows domain user)
    • Public key:
      • RSA user keys
      • DSA user keys
      • OpenSSH public key interoperability
    • Keyboard interactive:
      • RSA SecurID
      • RADIUS
      • Keyboard-interactive password
    • PKI X.509 certificates
    • GSSAPI/Kerberos
  • Reflection PKI Services Manager:
    • Centralized configuration and management of PKI functions across multiple Reflection for Secure IT Windows servers, UNIX servers, and UNIX clients
    • Standalone service module supported on most platforms supported by Reflection for Secure IT Windows and UNIX servers
    • new DoD PKI certified
    • FIPS 140-2 Level 1-validated for most supported platforms (Certificate #1048)
    • RFCs 2253, 2560, and 3280
    • X.509 certificates for server and client authentication (X.509 versions 1-3)
    • Version 2 X.509 CRL
    • OCSP revocation checks
    • new HSPD-12 support
    • Support for LDAP and HTTP certificate and CRL repositories
    • Support for Microsoft Windows Certificate Store
    • Certificate extensions supported:
      • CDP
      • IDP
      • AIA
      • Policy constraints
      • Basic constraints
      • Name constraints
      • Extended key usage
    • Customizable configuration on per trust anchor basis
    • Fully customizable mapping of SSH user account names to certificates
    • new SOCKS proxy support
    • new PKI client command line utility for querying services availability and certificate validity


  • Configurable Windows Event Log level
  • Configurable Debug Log with local and UTC time stamps
  • Notification of exceeded maximum password attempts

Administrative Tools

  • new Customizable locations for server configuration files
  • Section 508 support in the Reflection for Secure IT Windows Server configuration utility

Operating Systems

  • new Microsoft Windows Server 2008 R2 (x86-64)
  • Microsoft Windows Server 2008 (x86 and x86-64)
  • Microsoft Windows Server 2003 (x86 and x86-64)
  • new Microsoft Cluster Service support

free online demo free 30 day trial