560 likes | 2.58k Views
Managed File Transfer: Insights and Best Practices. by David Butcher, CSDP Sr. Solutions Architect. Agenda. Axway Snapshot A Brief History of File Transfer What is Managed File Transfer? Use Patterns for Managed File Transfer Best Practices Q&A. Customers. Multi-Nationals. Government.
E N D
Managed File Transfer:Insights and Best Practices by David Butcher, CSDP Sr. Solutions Architect
Agenda • Axway Snapshot • A Brief History of File Transfer • What is Managed File Transfer? • Use Patterns for Managed File Transfer • Best Practices • Q&A
Customers Multi-Nationals Government Financial Services Fortune 500 About Axway • Serves 11,000+ Customers Globally • 1,700 Employees • Global Presence, With Key Offices in • Phoenix, AZ • Redwood City, CA • 24x7 Global Support in US, Europe and India • Acknowledged Innovator and leader in integration, connectivity, compliance and value chain solutions. • Leaders Quadrant – Gartner Managed File Transfer (MFT) • Leaders Quadrant – Gartner Business to Business Integration (B2Bi) • Leaders Quadrant – Gartner Email Encryption
FTP – The De Facto Standard • Most Common Internet File Transfer Method • Client / Server Architecture • Client initiates all connections • Many Variations Of FTP, (Vendor Customizations) • FTP Problems • No Encryption • User Names and Passwords Are In The Clear • No Integrity Checking • No Checkpoint Restart • No Tracking • No Management • FTP Scripting
Homegrown FTP Users Pick-up Files Staged in the DMZ Have to Stage files to the DMZ FTP server DMZ Internal FTP Users Drop-off Files in the DMZ Have to Retrieve the files from the DMZ FTP server • Often uses two FTP servers • User credentials and files stored in the DMZ • Files maybe left unprotected for long periods of time • Scripted jobs move the files between FTP servers • Coordination nightmare
Axway 2010 MFT Survey Results 88% - concerned about violation of security mandates and preventing data loss via human driven data exchange Axway interviewed 150+ IT Executives that manage file transfer operations ...here are some key findings 83% - still use FTP for external data exchange 78% - concerned about internal/external visibility and monitoring of data file exchanges 44% - currently use unmanaged methods for sending files too big for corporate email exchanges
Files are being transferred everywhere Partner System Partner System External Vendor External Customer External Partner ftp SMTP Physical Media DMZ ftp server ftp server Application server Internal User ftp server Application server Application server Rogue ftp server
Managed File Transfer ( MFT )According to Gartner • The Gartner “Managed File Transfer Suites: Technology Overview” report identifies a managed file transfer suite as having the following functionality: • Secure Communications: This entails a collection of commonly used protocols and technologies used for transporting and ensuring the authentication, privacy, non-repudiation and authorization of data between two or more entities. • Management: This is the ability to monitor and control the data (regardless of size) throughout the file transfer. • Integration functionality: Adapters or exposed application programming interfaces. • Streaming input /output: This capability enables the MFT Suites to overcome physical hardware limitations and operating environment limitations. • Checkpoint/restart capabilities: This capability lets the user resume incomplete file transfers as a result of interrupted transmissions, accidental or otherwise.
Security / Visibility / Governance MFT Use Patterns Systems Automated Humans Interactive
Application Integration Pattern • Internal File Movement Between Systems • Peer-to-Peer / File Bus • Hub and Spoke • Automated and Process Driven • Centralized Governance • Multi-Platform Considerations
Multi-Site Integration Pattern • File movement between systems across sites • Hub and spoke • Peer to peer • Centralized governance and site management • Automated and process driven • Broadcast/Collect • Multi-platform considerations
Business to Business (B2B) Pattern • Connecting with other organizations • Standards driven • Context aware • Community and partner lifecycle management are essential • Automated and process driven • Flexible security • Often requires data services • Validation • Transformation • Routing
Portal File Services Pattern • Connecting the human web experience and MFT • Web portal exposing a business service • User access and management • LDAP/AD • SSO • On-boarding • Transparent integration with end user workflow and backend systems
Ad-Hoc File Transfer Pattern • Unplanned processes between humans • Two models • Repository based (persistence for sharing) • Recipient based (targeted to individual or group) • User access and management • LDAP/AD • SSO • On-boarding • Policy based control of file access and transfer
Support multiple protocols – avoid client side changes HTTP/HTTPS – browser clients FTP/FTPS SFTP/SCP AS2 Proprietary – Large files (checkpoint restart, integrity) Best Practices Flexible Protocol Support AS2 • FTPS Clients • RFC2228-Compliant • Windows, Unix, AS/400, z/OS, etc. FTPS Internet SFTP SCP Internet Firewall MFT Server • SSH Clients • SFTP Protocol • SCP Protocol AS2 HTTPS • AS2 Servers • EDI Trading Partners • Signing/Encryption • Standard Web Browser • Universal • Easy Setup • Customizable UI
Best PracticesAutomation Support • Back end automation – getting the data to the systems that are consuming it and from the systems that produce it • File moves and copies • File level encryption • PGP during transport • Encrypted file system during storage • Email notifications on successful transfers and failures • Framework for custom transforms – event drive File Dropped off At the Server PGP Decrypt File Transformation Services Transfer File To Application
Best PracticesMFT Enterprise Gateway External Partners Enterprise DMZ FTP MFT Internal User FTP Server HTTP(S), FTP(S) SFTP, SCP, AS2 Application Servers MFT Server User • All file movement is centralized through MFT services • Firewalls are locked down to prevent circumventing the services
Best PracticesTwo Tier Deployment External Partners Enterprise DMZ FTP Internal User FTP Server HTTP(S), FTP(S) SFTP, SCP, AS2 MFT Proxy MFT Server Application Servers User • Nothing stored in the DMZ • No user data or credentials • Eliminates data staging and retrieval issues
Best PracticesHigh Availability MFT Proxies MFT Servers DMZ External User Shared Storage HTTP(S), FTP(S) SFTP, SCP, AS2 Load Balancer Load Balancer Remote File Transfer Server • Provide for Scalability and Failover Support • Avoid Single Points of Failure
Best PracticesMultiple Authentication Methods • Authentication • Single factor • Passwords • Certificates • Multi factor • Authentication database local to solution • Integrating with existing authentication databases (LDAP/AD/SSO) LDAP SSO User ID / Password Client X.509 Certificate SSH Key MFT Server Multi Factor Client Client
Best PracticesRecord Keeping • Logging • Granular • All file transfers recorded – who, what and when • All access recorded • Integrity • Protected from outsiders – out of the DMZ • Protected from insiders – digitally signed Access Log Transaction Log HTTP(S), FTP(S) SFTP, SCP, AS2 External Partner or Customer Audit Log MFT Proxy MFT Server
Best PracticesInternal Transfer Architecture Ap Server AS/400 Ap Server Windows MFT Gateway Ap Server Solaris Ap Server Linux • Point to point transfers – mesh, hub and spoke • Support for diverse platforms
Best PracticesVisibility Throughout the Lifecycle of the Transfer Ap Server Process #1 Ap Server Process #2 Ap Server Process #3 MFT Gateway External Partner • Status Portal • Multiple views • Business • IT • Partner Where is the customer file?
Best PracticesMapping Services for B2B Integration Mapping Services MFT Gateway Ap Server External Partner • Translation • From/to standards (X.11 Oasis etc.) • From/to proprietary for application integration
Best PracticesAutomated Provisioning Ap Server AS/400 Ap Server Windows MFT Gateway Ap Server Solaris Ap Server Linux • Centralized partner management • Create credentials, folders, workflow quickly
Best PracticesEase of Use and Policy Control for Ad-Hoc Transfers User composes message with large attachment Message sent to recipient via SMTP Message sent to Exchange Attachments picked up via HTTPS Exchange Message sent back to plug-in Outlook User Recipient Message sent to FT Direct FT Direct Gateway Message sent to policy engine for analysis Policy & Virus Engine
Best PracticesInvestigate MFT Solutions • Ask your trading partners what solutions they are using with their other vendors • Seek third-party recommendations on MFT solutions • Gartner • SC Magazine • Etc. • Go to the source • Explore MFT vendor websites • Review informative white papers, webinars, etc. • Request a demo / eval • Ask for references
Questions/Discussion For more information visit: www.axway.com