Server Application for Secure Data Transfer

Document Sample
Server Application for Secure Data Transfer Powered By Docstoc
					    Managed File Transfer:
    Insights and Best Practices
    by David Butcher, CSDP Sr. Solutions Architect




1
Agenda

•   Axway Snapshot
•   A Brief History of File Transfer
•   What is Managed File Transfer?
•   Use Patterns for Managed File Transfer
•   Best Practices
•   Q&A
About Axway                                          Customers

                                                   Multi-Nationals
•   Serves 11,000+ Customers Globally
•   1,700 Employees
•   Global Presence, With Key Offices in
     •   Phoenix, AZ                               Fortune 500
     •   Redwood City, CA
•   24x7 Global Support in US, Europe and
    India
•   Acknowledged Innovator and leader in
    integration, connectivity, compliance and      Government
    value chain solutions.
     •   Leaders Quadrant – Gartner Managed File
         Transfer (MFT)
     •   Leaders Quadrant – Gartner Business to
         Business Integration (B2Bi)               Financial Services

     •   Leaders Quadrant – Gartner Email
         Encryption
FTP – The De Facto Standard


          • Most Common Internet File Transfer Method
          • Client / Server Architecture
               Client initiates all connections
          • Many Variations Of FTP, (Vendor Customizations)
          • FTP Problems
                 No Encryption
                 User Names and Passwords Are In The Clear
                 No Integrity Checking
                 No Checkpoint Restart
                 No Tracking
                 No Management
                 FTP Scripting
Homegrown FTP
         Users Pick-up
         Files Staged in
         the DMZ                                     Have to Stage
                                        DMZ
                                                     files to the DMZ
                                                     FTP server


                                                                     Internal FTP



          Users Drop-off                             Have to Retrieve
          Files in the DMZ                           the files from the
                                                     DMZ FTP server
   •   Often uses two FTP servers
   •   User credentials and files stored in the DMZ
   •   Files maybe left unprotected for long periods of time
   •   Scripted jobs move the files between FTP servers
   •   Coordination nightmare
Axway 2010 MFT Survey Results
88% - concerned about violation of security mandates and
    Axway loss via human driven data IT
preventing data interviewed 150+ exchange

   Executives that manage file
83% - still use FTP for external data exchange
   transfer operations
78% - concerned about internal/external visibility and
   ...here are some key findings
monitoring of data file exchanges


44% - currently use unmanaged methods for sending files
too big for corporate email exchanges
    Files are being transferred everywhere
               Partner        Partner                                        External
                                           External         External
               System         System                                         Vendor
                                           Customer         Partner




                                                                                  ftp
     DMZ      ftp server                   ftp server                             SMTP
                                                                                  Physical Media



Application                                                                             Internal
  server                                                                                  User


                       ftp server
                                    Application   Application    Rogue ftp
                                      server        server        server
Managed File Transfer ( MFT )
According to Gartner


•   The Gartner “Managed File Transfer Suites: Technology Overview” report identifies a
    managed file transfer suite as having the following functionality:
     – Secure Communications: This entails a collection of commonly used protocols
        and technologies used for transporting and ensuring the authentication, privacy,
        non-repudiation and authorization of data between two or more entities.
     – Management: This is the ability to monitor and control the data (regardless of
        size) throughout the file transfer.
     – Integration functionality: Adapters or exposed application programming
        interfaces.
     – Streaming input /output: This capability enables the MFT Suites to overcome
        physical hardware limitations and operating environment limitations.
     – Checkpoint/restart capabilities: This capability lets the user resume incomplete
        file transfers as a result of interrupted transmissions, accidental or otherwise.
      MFT Use Patterns
              1. Application Integration   Systems




                                                     Security / Visibility / Governance
Automated




              2. Multi-Site Integration


              3. B2B


              4. Portal File Transfers     Humans
Interactive




              5. Ad hoc & email
Application Integration Pattern

• Internal File Movement Between Systems
   – Peer-to-Peer / File Bus
   – Hub and Spoke
• Automated and Process Driven
• Centralized Governance
• Multi-Platform Considerations
Multi-Site Integration Pattern

• File movement between systems across
  sites
   – Hub and spoke
   – Peer to peer
• Centralized governance and site
  management
• Automated and process driven
• Broadcast/Collect
• Multi-platform considerations
Business to Business (B2B) Pattern

• Connecting with other organizations
   – Standards driven
   – Context aware
• Community and partner lifecycle
  management are essential
• Automated and process driven
• Flexible security
• Often requires data services
   – Validation
   – Transformation
   – Routing
Portal File Services Pattern

• Connecting the human web
  experience and MFT
• Web portal exposing a business
  service
• User access and management
   – LDAP/AD
   – SSO
   – On-boarding
• Transparent integration with end
  user workflow and backend
  systems
Ad-Hoc File Transfer Pattern

• Unplanned processes between humans
• Two models
    – Repository based (persistence for sharing)
    – Recipient based (targeted to individual or
      group)
• User access and management
    – LDAP/AD
    – SSO
    – On-boarding
• Policy based control of file access and
  transfer
Best Practices
Flexible Protocol Support

•   Support multiple protocols – avoid client side changes
     –   HTTP/HTTPS – browser clients
     –   FTP/FTPS
     –   SFTP/SCP
     –   AS2
     –   Proprietary – Large files (checkpoint restart, integrity)


     FTPS Clients
                                       FTPS
     • RFC2228-Compliant                                    Internet
     • Windows, Unix,
       AS/400, z/OS, etc.
                                       SFTP                            Internet
     SSH Clients
                                       SCP                             Firewall   MFT Server
     • SFTP Protocol
     • SCP Protocol                      AS2                   HTTPS
     AS2 Servers
     • EDI Trading Partners                 Standard Web Browser
     • Signing/Encryption                   • Universal
                              AS2
                                            • Easy Setup
                                            • Customizable UI
Best Practices
Automation Support

•   Back end automation – getting the data to the systems that are consuming it and
    from the systems that produce it
     – File moves and copies
     – File level encryption
           • PGP during transport
           • Encrypted file system during storage
     – Email notifications on successful transfers and failures
     – Framework for custom transforms – event drive



                                                                           Transfer File
    File Dropped off                                   Transformation
                              PGP Decrypt File                                 To
     At the Server                                        Services
                                                                           Application
Best Practices
MFT Enterprise Gateway

    External
                                                      Enterprise
    Partners
                                               DMZ
     FTP

                                                                   Internal User
  FTP Server        HTTP(S), FTP(S)             MFT
                    SFTP, SCP, AS2

                                             MFT Server            Application
                                                                    Servers



     User
            • All file movement is centralized through
              MFT services
            • Firewalls are locked down to prevent
              circumventing the services
Best Practices
Two Tier Deployment

 External Partners                             Enterprise

                                      DMZ
  FTP

                                                            Internal User
  FTP
 Server
            HTTP(S), FTP(S)
            SFTP, SCP, AS2

                                      MFT           MFT
                                      Proxy        Server   Application
                                                             Servers
   User


          • Nothing stored in the DMZ
          • No user data or credentials
          • Eliminates data staging and retrieval issues
Best Practices
High Availability

                                     MFT                   MFT
                                    Proxies               Servers
                          DMZ
         External
          User                                                      Shared
                                                                    Storage


HTTP(S), FTP(S)
SFTP, SCP, AS2
                          Load                  Load
                         Balancer              Balancer
        Remote
          File
        Transfer
         Server
              • Provide for Scalability and Failover Support
              • Avoid Single Points of Failure
Best Practices
Multiple Authentication Methods

• Authentication
    – Single factor
        • Passwords
        • Certificates
    – Multi factor
    – Authentication database local to solution
    – Integrating with existing authentication            LDAP
                                                          SSO
      databases (LDAP/AD/SSO)

                      User ID / Password

        Client
                      X.509 Certificate
                      SSH Key                              MFT
                                                          Server
                                           Multi Factor
           Client


                                  Client
Best Practices
Record Keeping

• Logging
    – Granular
         • All file transfers recorded – who, what and when
         • All access recorded
    – Integrity
         • Protected from outsiders – out of the DMZ
         • Protected from insiders – digitally signed
                                                                         Access
                                                                          Log



                    HTTP(S), FTP(S)                                    Transaction
                    SFTP, SCP, AS2                                         Log
    External
    Partner or                                 MFT             MFT
    Customer                                  Proxy           Server      Audit
                                                                           Log
Best Practices
Internal Transfer Architecture




                                          Ap Server   Ap Server
                                          AS/400      Windows




          MFT Gateway                     Ap Server   Ap Server
                                          Solaris     Linux




   • Point to point transfers – mesh, hub and spoke
   • Support for diverse platforms
Best Practices
Visibility Throughout the Lifecycle of the Transfer



                                          Ap Server    Ap Server      Ap Server
                          MFT Gateway
                                          Process #1   Process #2     Process #3




   External
   Partner


• Status Portal
• Multiple views
    • Business                          Where is the customer file?
    • IT
    • Partner
Best Practices
Mapping Services for B2B Integration


                                          Mapping
                          MFT Gateway                   Ap Server
                                          Services




   External
   Partner



• Translation
    • From/to standards (X.11 Oasis etc.)
    • From/to proprietary for application integration
Best Practices
Automated Provisioning



                                             Ap Server   Ap Server
                                             AS/400      Windows




           MFT Gateway                       Ap Server   Ap Server
                                             Solaris     Linux




    • Centralized partner management
    • Create credentials, folders, workflow quickly
Best Practices
Ease of Use and Policy Control for Ad-Hoc Transfers


  User composes
   message with      Message sent                               Message sent to
 large attachment    to Exchange                               recipient via SMTP



                          Message sent       Exchange        Attachments
                          back to plug-in                      picked up
                                                              via HTTPS

           Outlook                                                              Recipient
            User      Message sent
                       to FT Direct                     FT Direct
                                                        Gateway


                        Message sent
                       to policy engine     Policy & Virus
                         for analysis          Engine
Best Practices
Investigate MFT Solutions


• Ask your trading partners what solutions they are using with their
  other vendors
• Seek third-party recommendations on MFT solutions
    – Gartner
    – SC Magazine
    – Etc.
• Go to the source
    – Explore MFT vendor websites
    – Review informative white papers,
      webinars, etc.
    – Request a demo / eval
    – Ask for references
Questions/Discussion




 For more information visit:
 www.axway.com

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:31
posted:8/10/2011
language:English
pages:28
Description: Server Application for Secure Data Transfer document sample