FileXpress® Platform Server

Managed File Transfer (MFT)
Customer Case Studies
Session Two
Malcolm Trigg
Geoffery Pfander
Meet the Presenters
•
Malcolm Trigg
Principal Sales Engineer UK
16 years at Attachmate® working as a pre-sales engineer based
out of the UK office
•
Geoffery Pfander
Senior Corporate Systems Engineer
Twenty Two years at Attachmate with a background in
Customer Support, Technical Support and Test Engineering
2
© 2014 Attachmate Corporation. All rights reserved.
Agenda
•
Brief overview of FileXpress Solutions
•
European Printing Company
®
-
•
US Health Care Industry
–
3
Creating a Web Front End to Platform Server Transfers
Linking User to User inbound transfers with Managed File
Transfer via SSH
© 2014 Attachmate Corporation. All rights reserved.
FileXpress Components
®
Internet Server
Platform Server
Automates exchange of
files with business partner
Automates exchange of files
between server or
applications
Business
Partner
Internet
Windows
z/OS
UNIX
Business
Partner
Slingshot
Command Center
Designed to allow end
users to easily exchange
files with other end users
4
© 2014 Attachmate Corporation. All rights reserved.
Centralized management
interface - based on SOA
architecture
FileXpress Internet Server
®
Internet
DMZ
Corporate Network
Internet
Corporate Servers
Business
Partner
or Client
5
Internet
Server
•
Streams data through the DMZ
•
Integrates partner clients/servers & corporate servers
•
Provides multi-protocol support and conversion
•
Runs in Tomcat platform independent
© 2014 Attachmate Corporation. All rights reserved.
Platform Server
FileXpress Platform Server
®
•
Only one Protocol CFI
Security- FIPS 140-2
IBM Mainframe
6
•
Native Code– minimal
footprint
•
Automatic Retries &
Checkpoint Restart
•
Includes both Initiator
(client) and Responder
(server)
•
Directory Named Initiation
(DNI) Monitored Folders
© 2014 Attachmate Corporation. All rights reserved.
OpenVMS Platform
Server Agent (Java)
Microsoft Windows
Linux
FileXpress Command Center
®
Command Center
FileXpress
Platform
Servers
HTTPS
IBM
Mainframe
DMZ
FTP
Internet
FTPS
UNIX
Linux
SFTP
Business
Partner or
Client
7
AS2
FileXpress
Internet
Server
•
Management: Internet Transfers, Platform
Servers, DNI)
•
LDAP integration
•
Centralized Alerts, Auditing and Reporting
•
Web Services API
© 2014 Attachmate Corporation. All rights reserved.
Microsoft
Windows
European Printing Company
Creating a Web Front End for Platform Server
Challenges
10
•
Offices throughout Europe
•
Transfers files using network shares
–
Having to grant access to servers
–
Occasionally files are corrupted during transmission
–
No audit trail of what was copied
–
Files are in clear-text over the wire
•
Need to send large images and print documents
•
Needs to be intuitive
•
Need for security
© 2014 Attachmate Corporation. All rights reserved.
European Printer – What was Proposed
Site B
Site A
• Post Processing Action
• Renames file
• No files left ½ copied
Platform Server
Platform Server
•
•
•
•
•
•
11
© 2014 Attachmate Corporation. All rights reserved.
Graphical interface for user
Can select multiple files or directories
Traffic encrypted
File progress reported
Audit trail produced
Files are not corrupted
Discussion Points
•
•
Technology
–
ASP.NET and C#
–
.NET 4 Framework
API
–
Uses the Platform Server ftmscmd.exe command line utility
–
•
12
Allows jobs to be submitted for processing by the Platform Server
User Interface
–
User selects local directory or file
–
Selects remote destination
–
Optional email address for alerting
© 2014 Attachmate Corporation. All rights reserved.
Project Details
•
•
13
Requirements:
–
Ease of installation
–
Scalable
–
Easy to configure and deploy
–
Easy for user to use
–
Secure and reliable
Solution:
–
ASP.NET web application
–
Platform Server at each site
–
Encryption and PPA for reliability
© 2014 Attachmate Corporation. All rights reserved.
Web Front End for Platform Server
14
© 2014 Attachmate Corporation. All rights reserved.
Dashboard for Current Transfers
15
© 2014 Attachmate Corporation. All rights reserved.
Application
PPA
PPA
PPA
ASP.NET C# Application
Platform Server
Ftmscmd utility used
Platform Server
16
© 2014 Attachmate Corporation. All rights reserved.
Platform Server
Encrypted CFI Traffic
Encrypted CFI Traffic
Encrypted CFI Traffic
Windows
2008 R2
Server
Platform Server
Demonstration
Issues That We Had to Resolve…
Issue
Resolution
How to generate progress of file(s) being
transferred
By capturing and monitoring stderr and stdout
18
© 2014 Attachmate Corporation. All rights reserved.
US Healthcare Industry
Linking User to Business with MFT via SSH
Challenges
20
•
Our US healthcare customer provides claim
management services to healthcare industry
•
Customers need easy way to send data to our
customer’s technical support team
•
Data includes private patient Health information
•
Customers want the ease of use of email - Slingshot
•
Our customer’s security policy requires the files to
transfer over SSH protocol to back-end servers
© 2014 Attachmate Corporation. All rights reserved.
File Routing Project
•
•
21
Requirements:
–
Need to route files uploaded by Slingshot users
–
Route is determined by the user’s ID and department
–
Route destination must be an SSH server
Solution:
–
Internet Server is used as the back-end server for Slingshot
–
Internet Server invokes a PPA with each uploaded file
–
PPA is a “Routing App”
–
Routing App:
–
Uses SOAP to ask Slingshot who the user and department are
–
Uses SOAP to upload the file to an SSH Server
© 2014 Attachmate Corporation. All rights reserved.
Healthcare Routing Application
Internet
Server
Slingshot
Slingshot
Repositories
(SSH)
CFI
Https
CFI
PPA Application
CFI
SOAP
PPA
CFI
Routing
Logic
SOAP
Command Center
22
© 2014 Attachmate Corporation. All rights reserved.
Internet
Server
Platform
Server
SFTP
Server-to-Server Transfers with SOAP
SOAP Application
SOAP
Command Center
CFI
Platform Server
Any Server
Internet Server
DMZ
24
© 2014 Attachmate Corporation. All rights reserved.
Files to send
Discussion Points
Healthcare Solution – SOAP code was < 20% of the project!
•
•
•
Troubleshooting
25
Fault tolerance
–
Customer self-help tools
–
–
Getting actionable information to
Attachmate
Can it support back-up and failover?
–
Can it support clustering?
Security
–
Passwords
–
SSH Keys, SSL Certificates
Ease of use
–
•
•
•
–
•
Hand edit configuration files or a
GUI?
Service or App?
© 2014 Attachmate Corporation. All rights reserved.
Configuration
SOAP sessions
–
•
Supporting the variety of customer
needs around configuration: file,
DB, etc.
How to keep long-running processes
from timing-out and killing the session?
Upgrades and versioning of SOAP
Demonstration
Issues that we had to resolve…
Issue
Resolution
Name-space collision between Slingshot and
Internet Server.
Packaged SS and FXIS SOAP stubs in different jars and
wrote a ClassLoader to load each one separately.
Synchronization: PPA was called before transfer
data was available via SOAP.
Ran the actual PPA as a background process so the calledPPA could return and let the transfer complete, then
synchronized on the transfer completing.
Complexity:
- Four different products
- 14 configuration parameters to set
Created a configuration tool to make sure the right
parameters are configured in Command Center. It would
check for consistency and flag errors and provided a test jig
to run the PPA without Slingshot.
Troubleshooting and debugging was very difficult for
a background application.
Used Java logging and log-levels to allow debug messages
to be generated into a rotated log file.
Encrypted passwords – passwords cannot be hardcoded but cannot be stored un-encrypted.
Configuration tool encrypts passwords for the user.
Auditing – because there is handoff from Slingshot
to Internet Server, what happens if the hand-off
fails?
Every upload that goes into the PPA App is “audited” which
can be correlated with Slingshot and/or FXIS logs.
File paths – file paths through SOAP were UNIX
style even on Windows.
Had to re-normalize all file paths.
27
© 2014 Attachmate Corporation. All rights reserved.
Questions?
28
© 2014 Attachmate Corporation. All rights reserved.
This document could include technical inaccuracies or typographical errors. Changes are
periodically made to the information herein. These changes may be incorporated in new
editions of this document. Attachmate Corporation may make improvements in or changes to
the software described in this document at any time.
Copyright © 2014 Attachmate Corporation. All rights reserved.
Attachmate, the Attachmate mark, Databridge, EXTRA!, EXTRA! X-treme, FileXpress, FileShot, Luminet,
Reflection, and Verastream are trademarks or registered trademarks of Attachmate Corporation or its
subsidiaries in the United States. Some Reflection products include software developed by the OpenSSL
Project for use in the OpenSSL Toolkit (www.openssl.org). InfoConnect is a registered trademark of Unisys
Corporation. All other trademarks, trade names, or company names referenced herein are used for
identification only and are the property of their respective owners.