VA Technical Reference Model v 26.1

The following reference(s) are associated with this entry:

Note: This list may not be complete. No component, listed or unlisted, may be used outside of the technology in which it is released. The usage decision for a component is found in the Decision and Decision Constraints.

• Red Hat Enterprise Linux (RHEL) - Authorized w/ Constraints
• Windows Client - Authorized w/ Constraints
• Windows Server - Authorized w/ Constraints

Runtime Dependencies:

• Microsoft .NET Framework - Authorized w/ Constraints

Optional Dependencies:

• No optional dependencies have been identified.

Comparable Technologies:

• Glink - Unauthorized, Conditions Required (Divest)
• Secure Computer Remote Terminal (CRT) - Authorized w/ Constraints
• Serengeti 3770 C LINK Client - Unauthorized, Conditions Required (Divest)
• X Window System Remote Desktop Protocol (xRDP) - Authorized w/ Constraints

Companion Technologies/Supported Standards:

• Citrix Virtual Apps and Desktops (CVAD) - Authorized w/ Constraints
• Internet Protocol Version 6 (IPv6) - Authorized w/ Constraints
• Microsoft Visual Basic for Applications (VBA) for Microsoft Office Suite of Products - Authorized w/ Constraints
• Secure File Transfer Protocol (SFTP) - Authorized w/ Constraints
• Secure Sockets Layer (SSL) - Unauthorized
• User Datagram Protocol (UDP) - Authorized
• Virtualization and Consolidation of Servers (Server Virtualize First) - Authorized w/ Constraints
• VMware Workstation Pro - Authorized w/ Constraints

Adoption Benefits

• The vendor for this technology offers extended support beyond the standard End-of-Support date.

• At the time of writing, no National Institute of Standards and Technology (NIST) vulnerabilities had been reported and no VA Cyber Security Operations Center (CSOC) bulletins had been issued for the latest versions of this technology.

• This is a well-documented technology.

• This technology may improve productivity for specific staff whose responsibilities include terminal emulation.
• The use of this technology may help improve the security posture of the organization.

Adoption Risks

• IPR/SAR Adoption Risk - The vendor has published multiple security alerts for Reflection Desktop.
• IPR/SAR Adoption Risk - While vendor documentation states that Reflection Desktop supports and is compliant with Federal Information Processing standards (FIPS) 140-2, there is no indication that it is FIPS 140-2 certified.
• This technology is available as freeware. If commercial support is not purchased, the product will be without clearly defined support options which may result in suboptimal enterprise level support

• The potential exists to store Personally Identifiable Information (PII), Protected Health Information (PHI) and/or VA Sensitive data and proper security standards must be followed in these cases.

• There are other authorized solutions that provide similar functionality available on the TRM. The use of several similar solutions may increase organization requirements for support and maintenance.

• This technology has a free trial period, which carries the potential for the disruption of service delivery and inaccurate financial planning.

• This technology can potentially use File Transfer Protocol (FTP), an unapproved protocol.

• Due to the rapid release schedule of this technology, the VA may be unable to update to the most recent patch and may require a deployment model requiring the use of specific versions.

• This technology can potentially use Secure Sockets Layer (SSL), an unapproved protocol.

Architectural Benefits

• This technology is compatible with virtual machines, therefore consistent with the enterprise Server Virtualize First Policy (VAIQ 7266972 08-27-2012).
• This technology is portable as it runs on multiple TRM-authorized operating systems.