1 / 28

Managed File Transfer: Insights and Best Practices

Managed File Transfer: Insights and Best Practices. by David Butcher, CSDP Sr. Solutions Architect. Agenda. Axway Snapshot A Brief History of File Transfer What is Managed File Transfer? Use Patterns for Managed File Transfer Best Practices Q&A. Customers. Multi-Nationals. Government.

montgomery
Télécharger la présentation

Managed File Transfer: Insights and Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managed File Transfer:Insights and Best Practices by David Butcher, CSDP Sr. Solutions Architect

  2. Agenda • Axway Snapshot • A Brief History of File Transfer • What is Managed File Transfer? • Use Patterns for Managed File Transfer • Best Practices • Q&A

  3. Customers Multi-Nationals Government Financial Services Fortune 500 About Axway • Serves 11,000+ Customers Globally • 1,700 Employees • Global Presence, With Key Offices in • Phoenix, AZ • Redwood City, CA • 24x7 Global Support in US, Europe and India • Acknowledged Innovator and leader in integration, connectivity, compliance and value chain solutions. • Leaders Quadrant – Gartner Managed File Transfer (MFT) • Leaders Quadrant – Gartner Business to Business Integration (B2Bi) • Leaders Quadrant – Gartner Email Encryption

  4. FTP – The De Facto Standard • Most Common Internet File Transfer Method • Client / Server Architecture • Client initiates all connections • Many Variations Of FTP, (Vendor Customizations) • FTP Problems • No Encryption • User Names and Passwords Are In The Clear • No Integrity Checking • No Checkpoint Restart • No Tracking • No Management • FTP Scripting

  5. Homegrown FTP Users Pick-up Files Staged in the DMZ Have to Stage files to the DMZ FTP server DMZ Internal FTP Users Drop-off Files in the DMZ Have to Retrieve the files from the DMZ FTP server • Often uses two FTP servers • User credentials and files stored in the DMZ • Files maybe left unprotected for long periods of time • Scripted jobs move the files between FTP servers • Coordination nightmare

  6. Axway 2010 MFT Survey Results 88% - concerned about violation of security mandates and preventing data loss via human driven data exchange Axway interviewed 150+ IT Executives that manage file transfer operations ...here are some key findings 83% - still use FTP for external data exchange 78% - concerned about internal/external visibility and monitoring of data file exchanges 44% - currently use unmanaged methods for sending files too big for corporate email exchanges

  7. Files are being transferred everywhere Partner System Partner System External Vendor External Customer External Partner ftp SMTP Physical Media DMZ ftp server ftp server Application server Internal User ftp server Application server Application server Rogue ftp server

  8. Managed File Transfer ( MFT )According to Gartner • The Gartner “Managed File Transfer Suites: Technology Overview” report identifies a managed file transfer suite as having the following functionality: • Secure Communications: This entails a collection of commonly used protocols and technologies used for transporting and ensuring the authentication, privacy, non-repudiation and authorization of data between two or more entities. • Management: This is the ability to monitor and control the data (regardless of size) throughout the file transfer. • Integration functionality: Adapters or exposed application programming interfaces. • Streaming input /output: This capability enables the MFT Suites to overcome physical hardware limitations and operating environment limitations. • Checkpoint/restart capabilities: This capability lets the user resume incomplete file transfers as a result of interrupted transmissions, accidental or otherwise.

  9. Security / Visibility / Governance MFT Use Patterns Systems Automated Humans Interactive

  10. Application Integration Pattern • Internal File Movement Between Systems • Peer-to-Peer / File Bus • Hub and Spoke • Automated and Process Driven • Centralized Governance • Multi-Platform Considerations

  11. Multi-Site Integration Pattern • File movement between systems across sites • Hub and spoke • Peer to peer • Centralized governance and site management • Automated and process driven • Broadcast/Collect • Multi-platform considerations

  12. Business to Business (B2B) Pattern • Connecting with other organizations • Standards driven • Context aware • Community and partner lifecycle management are essential • Automated and process driven • Flexible security • Often requires data services • Validation • Transformation • Routing

  13. Portal File Services Pattern • Connecting the human web experience and MFT • Web portal exposing a business service • User access and management • LDAP/AD • SSO • On-boarding • Transparent integration with end user workflow and backend systems

  14. Ad-Hoc File Transfer Pattern • Unplanned processes between humans • Two models • Repository based (persistence for sharing) • Recipient based (targeted to individual or group) • User access and management • LDAP/AD • SSO • On-boarding • Policy based control of file access and transfer

  15. Support multiple protocols – avoid client side changes HTTP/HTTPS – browser clients FTP/FTPS SFTP/SCP AS2 Proprietary – Large files (checkpoint restart, integrity) Best Practices Flexible Protocol Support AS2 • FTPS Clients • RFC2228-Compliant • Windows, Unix, AS/400, z/OS, etc. FTPS Internet SFTP SCP Internet Firewall MFT Server • SSH Clients • SFTP Protocol • SCP Protocol AS2 HTTPS • AS2 Servers • EDI Trading Partners • Signing/Encryption • Standard Web Browser • Universal • Easy Setup • Customizable UI

  16. Best PracticesAutomation Support • Back end automation – getting the data to the systems that are consuming it and from the systems that produce it • File moves and copies • File level encryption • PGP during transport • Encrypted file system during storage • Email notifications on successful transfers and failures • Framework for custom transforms – event drive File Dropped off At the Server PGP Decrypt File Transformation Services Transfer File To Application

  17. Best PracticesMFT Enterprise Gateway External Partners Enterprise DMZ FTP MFT Internal User FTP Server HTTP(S), FTP(S) SFTP, SCP, AS2 Application Servers MFT Server User • All file movement is centralized through MFT services • Firewalls are locked down to prevent circumventing the services

  18. Best PracticesTwo Tier Deployment External Partners Enterprise DMZ FTP Internal User FTP Server HTTP(S), FTP(S) SFTP, SCP, AS2 MFT Proxy MFT Server Application Servers User • Nothing stored in the DMZ • No user data or credentials • Eliminates data staging and retrieval issues

  19. Best PracticesHigh Availability MFT Proxies MFT Servers DMZ External User Shared Storage HTTP(S), FTP(S) SFTP, SCP, AS2 Load Balancer Load Balancer Remote File Transfer Server • Provide for Scalability and Failover Support • Avoid Single Points of Failure

  20. Best PracticesMultiple Authentication Methods • Authentication • Single factor • Passwords • Certificates • Multi factor • Authentication database local to solution • Integrating with existing authentication databases (LDAP/AD/SSO) LDAP SSO User ID / Password Client X.509 Certificate SSH Key MFT Server Multi Factor Client Client

  21. Best PracticesRecord Keeping • Logging • Granular • All file transfers recorded – who, what and when • All access recorded • Integrity • Protected from outsiders – out of the DMZ • Protected from insiders – digitally signed Access Log Transaction Log HTTP(S), FTP(S) SFTP, SCP, AS2 External Partner or Customer Audit Log MFT Proxy MFT Server

  22. Best PracticesInternal Transfer Architecture Ap Server AS/400 Ap Server Windows MFT Gateway Ap Server Solaris Ap Server Linux • Point to point transfers – mesh, hub and spoke • Support for diverse platforms

  23. Best PracticesVisibility Throughout the Lifecycle of the Transfer Ap Server Process #1 Ap Server Process #2 Ap Server Process #3 MFT Gateway External Partner • Status Portal • Multiple views • Business • IT • Partner Where is the customer file?

  24. Best PracticesMapping Services for B2B Integration Mapping Services MFT Gateway Ap Server External Partner • Translation • From/to standards (X.11 Oasis etc.) • From/to proprietary for application integration

  25. Best PracticesAutomated Provisioning Ap Server AS/400 Ap Server Windows MFT Gateway Ap Server Solaris Ap Server Linux • Centralized partner management • Create credentials, folders, workflow quickly

  26. Best PracticesEase of Use and Policy Control for Ad-Hoc Transfers User composes message with large attachment Message sent to recipient via SMTP Message sent to Exchange Attachments picked up via HTTPS Exchange Message sent back to plug-in Outlook User Recipient Message sent to FT Direct FT Direct Gateway Message sent to policy engine for analysis Policy & Virus Engine

  27. Best PracticesInvestigate MFT Solutions • Ask your trading partners what solutions they are using with their other vendors • Seek third-party recommendations on MFT solutions • Gartner • SC Magazine • Etc. • Go to the source • Explore MFT vendor websites • Review informative white papers, webinars, etc. • Request a demo / eval • Ask for references

  28. Questions/Discussion For more information visit: www.axway.com

More Related