Más contenido relacionado La actualidad más candente (20) Similar a Ftp: 40 Years Of History (20) Más de Jean-Claude Bellando (7) Ftp: 40 Years Of History1. FTP – 40 Years of Moving Files
Why it’s time to move on
Your questions via email to:
vsibue@axway.com
2. Agenda
• FTP in the beginning
• FTP used with partners – B2B
– How it has been used
– Problems with FTP
– How Secure Transport improves B2B file transfers
• FTP used in the datacenter – A2A
– How it has been deployed
– Issues in the datacenter
– How Transfer CFT improves A2A file transfers
• Managed File Transfer
• Webinar take away
| © 2011 Axway | All rights reserved.
3. FTP Over the Years
1980
RFC 765
FTP over TCP
1997
1971 1985 RFC 2228
RFC 114 RFC 959 FTPS
1970 1980 1990 2000 2010
| © 2011 Axway | All rights reserved.
4. FTP – Missing Some Key Ingredients
• Client / Server Architecture
ü Client initiates all connections
• Many Variations Of FTP, (Vendor Customizations)
• FTP Problems
ü No Encryption – Data Confidentiality
ü User Names and Passwords Are In The Clear
ü No Integrity Checking
ü No Checkpoint Restart
ü Reciprocal Non-Repudiation
ü Data Compression
5. Files Contain Business Information
High
Funds
Credit Card Data
Over 80% of all business and
organizational information is
Confidential / Critical
Transfer Source Code /
Software
Legal
Sales Data
exchanged via files
Contracts CAD Files
EDI
Sales
Collateral Media / Video
Image / Media
Application-to-application (A2A)
Low
0 MB 10 MB 1 GB 100+ GB
File Size
Large
Person
to
Volume, size, type and Person
Community Size
frequency of data exchange is
unpredictable Business
to
Business
System
to
System
Small
Structured Un-structured
© 2009 Axway - Confidential and proprietary. All rights reserved. 5
6. FTP Across the Enterprise
Internet
FTP Clients
FTP Server
Scripts
Remote Internal FTP Clients Problems:
Locations
(Store to Corporate)
Scripts
• Compliance & audit concerns
• Data “black holes”
• Limited reporting
• Change management issues
Internal to • No centralized control
Enterprise
(Shared Applications) • No centralized visibility
• Process breakdowns
• Administrative burdens
• Batch orientation
FTP Server • Security
Internal
Gateways
FTP Server
(Business Units)
• Encryption
• Authentication
• Data at rest
FTP Clients
Scripts
6 | © 2011 Axway | All rights reserved.
7. What The Analysts Say About FTP
“FTP enables file movement between disparate devices and systems,
but it doesn't provide management, monitoring, security or process
control.”
“An MFT suite helps control all aspects of data movement, ensuring
that they're fully managed and secured.“
Gartner
“Due to the stronger governance, administration, and security features
that they provide, MFT products are replacing FTP solutions in many
organizations. Though still widely used, FTP alternatives lack the
level of security, auditability, and governance that a growing number
of enterprises are seeking.”
Forrester
9. FTP Server for B2B Exchanges
Partner Partner
External External
System System
Customer Partner
DMZ
ftp server ftp server
ftp server
Application Application Application Rogue ftp
server server server server
10. Traditional FTP Gateway for B2B
External FTP Infrastructure
External
FTP
Infrastructure
System benefits
• Secured Communications
Partner/Customer
• Assuming use of SFTP / FTPS
Internal Applications
DMZ
Systems
System deficiencies
FTPdaemon FTPdaemon
• DMZ files/passwords
FTPclient FTPclient • Automation/Synchronization
Scripts Scripts Directory Centric
/Application1
• End to End Visibility
/Application2 • Centralized Management
/Partner1
/Partner2 • Secured Passwords
• Minimized Scripts / Coding
• Provisioning/Tear Down
Scenario: Send to Partner • Checkpoint Restart
1. Application puts file on internal FTP server • Real Time
Scenario: Receive from Partner • Error Handling
2. Script runs, moves file to DMZ FTP server
1. Partner drops file on DMZ FTP server
3. DMZ FTP server waits for partner pickup
2. Script runs and moves file to internal FTP
server
3. Script [hopefully] cleans up file on DMZ server
4. | © 2011 Axway | All rights reserved.
10
Application needs to look for file on internal
FTP server
11. A Better B2B File Transfer
An Enterprise-Class Data Transmissions Solution
Corporate Network DMZ Internet
Axway Sentinel End-to-End Transaction Lifecycle Visibility
Business Views
Monitoring / Alerting
ST Server ST Edge World Wide Web
Windows Supported Protocols
Integration FTP(S)
Enterprise SFTP /SCP
Transfer CFT Internet
Firewall Firewall HTTP(S)
Folder Monitor MySql/Oracle
AS2
Connect:Direct Repository Encryption
FTP(S) MDN Receipting App Layer
UNIX SFTP /SCP Audit Logs Streaming
HTTP(S) PGP Encryption Standard Web Browser
No Data Stored
AS2 Full Java API Axway Endpoints
in DMZ
Mainframe 3rd Party Clients & Servers
Application
Framework
Transaction
Manager
• Secure Two Tiered Architecture
Other
• Multiple Protocols – 1 repository
Corporate Infrastructure • Push / Pull File Transfers
Databases
Users Email Servers • Event Driven / Scheduled / Ad-hoc
Directory Servers
SNMP Monitors
• Security on-the-fly and At Rest
SiteMinder Single Sign On
• Integration / Customization
11 | © 2012 Axway | All rights reserved. • Comprehensive File Tracking
12. Support of Secure Communications
Security and Compliance
" Data secured in-transit and at-rest. FIPS 140-2 compliant
HighAuthenticatedand Performancestrong audit trails
" Reliability access control and
" Most scalable and resilient MFT product on the market
Secure two-tier architecture streams data across DMZ Internet
Support for all MFT exchange patternsvolumes, all file
" Easily scalesenforcement of security policy across
Transparent to support increasing data
" businessfor activitiescustomers patterns (humans and
Support units, and exchange
movement ALL MFT
" systems) clustering for high-availability and disaster
Supports
Centralized Browser Based Administration DMZ
" recovery
Simple role-based point and click configuration data
Automated, event-driven, scheduled and ad-hoc
exchanges
management
Audit Trail and Reporting ST Edge
" End-to-endadministration distributes administrationSCP,
Robust support of open standards: FTP(S), SFTP, across
" Delegated monitoring, reporting, alerting, and KPI/SLA
ST Server
HTTP(S), Pesit
business units
management
Flexible Integration
" Full integration with corporateClient and Brand-able HTML
" Built-in Logging,Rich Internet delivery notification
Browser-based tracking and
infrastructure (e.g., LDAP/
templates etc.)
" AD, SSO, with Axway Sentinel for extended enterprise
Integrates
visibility
" Rich set of application extension capabilities custom
processing
" Interfaces for application/portal integration: scripted, Java,
Web Services
12 | © 2012 Axway | All rights reserved.
12
13. User Management
• User Accounts
– Local User Accounts
– LDAP (and account templates)
• Business Units
– Defines home folder template
– Subscription Templates
– HTML Templates
– Etc.
• Management
– Password Strength Enforcement
– Export, Import users
– Disable or lockout
• Administrators
– Delegated Administration
– Role Based Access
13 | © 2012 Axway | All rights reserved.
14. Integration and Openness
• Sentinel – cross platform visibility
• File Transfer Protocols
• Folder Monitoring
• Axway Transfer CFT
• CONNECT:Direct
• LDAP / AD
• SSO, Siteminder
• Custom Agents
– Java
– Scripts
14 | © 2011 Axway | All rights reserved.
16. Traditional Point to Point FTP Application Integration
Script Controlled Point to Point Implementation
External FTP Infrastructure
Internal
FTP
Infrastructure
System benefits
• Secured Communications
Mainframe
Unix • Assuming use of SFTP / FTPS
FTPdaemon
FTPclient FTPdaemon
Scripts FTPclient Windows
UNIX Scripts
FTPdaemon
FTPclient
System deficiencies
Other
FTP/S Scripts • Automation
SSH-FTP
• End to End Visibility
Directory Centric
/Application1
• Centralized Management
FTPdaemon Applications Call Scripts /Application2 • Secured Passwords
FTPclient 1. Put to Node /Purpose1
Scripts 2. Get from Node /Purpose2 • Minimized Scripts / Coding
• Metadata
• Checkpoint Restart
Scenario: Script Driven – Apps Call Scripts • Real Time
1. Get or Put from Remote • Error Handling
Scenario: Distributed Schedule Driven • Service Oriented
2. Scripts, Password Lists at all nodes
1. Get or Put from Remote
3. FTPd and FTPclients at all nodes
2. Scripts, Password Lists, Scheduler at all
nodes
3. FTPd and FTPclients at all nodes
16 | © 2011 Axway | All rights reserved.
17. Traditional FTP Hub based Application Integration Patterns
Hub/Spoke Implementation
External FTP Infrastructure
Internal
FTP
Infrastructure
System benefits
Unix • Secured Communications
Mainframe Windows
UNIX
• Assuming use of SFTP / FTPS
Other
FTP/S
SSH-FTP
System deficiencies
• Automation
• End to End Visibility
FTPdaemon FTP Hub Server
FTPclient • Centralized Management
Schedulerclient FTPdaemon Directory Centric
Scripts FTPclient /Application1 • Secured Passwords
Schedulerclient /Application2
Scripts
/Purpose1 • Minimized Scripts / Coding
Repository Based /Purpose2 • Metadata
• Checkpoint Restart
Scenario: Hub Driven, Hub triggers all transfers • Real Time
1. Get from Remote • Error Handling
Scenario: Distributed Schedule Driven • Service Oriented
2. Put to Remote
1. Get or Put from Remote
Scenario: Script Driven – Apps call scripts
2. Get or Put from Hub
1. Get or Put from Remote
3. Scripts, Password Lists, Scheduler at all nodes
2. Get or Put from Hub
4. FTPd and FTPclients at all nodes
3. Scripts, Password Lists, Scheduler at all nodes
4. | © 2011 Axwayand FTPclients at all nodes
17
FTPd | All rights reserved.
18. Typical Internal File Transfer
Using FTP,
FTPS or SFTP
Step 1
Internal
Application Sender
GAP !
Very difficult to know: Technical Issues:
• what is connected to what • limited agility due to complex and inflexible
• which files go where, when scripting
• how to assess impact of changes • FTP servers are cheap to buy but expensive to
• how to fix things when they break maintain
• MFT Gateways do not have visibility or control
over nodes
• no centralized governance
18 | © 2011 Axway | All rights reserved.
19. Internal Managed File Transfer with
Axway Transfer CFT
Axway Transfer CFT
Step 5 Step 2 Step 1
UNIX
Step 3: ACK? Step 4: ACK?
Internal Internal
Application Step 5 Application
Transfer List/Log
Events
Captured, Stored, and Correlated
Axway Sentinel
• Sustain “Straight Through Processing” business automation
• Improve compliance and visibility
• Improve business reliability
• Improve business agility
• Reduce TCO
Gain Control, Visibility and Automation
19 | © 2011 Axway | All rights reserved.
20. Axway Internal MFT Solution
Secure, reliable, available A2A file transfer service
Corporate Network Axway Transfer CFT
• Service based
approach for Files
Central Management A2A Operations
• Full independence of
communicating
Services platforms
Configuration
Repository Orchestration A A • 22+ Platforms
Deployment A A Supported
UNIX Z/os VMS • Audit, Alerting &
Cluster CFT
Proactive Monitoring of
Operations Files
Load balancer
Monitoring • Central monitoring and
Axway Transfer CFT management
Security
File Transfer Service capabilities
Access Management • Automation
PKI • Event-oriented
• Application integration
Visibility Windows Linux OS400
End-to-end Monitoring
& Dashboard
20 | © 2012 Axway | All rights reserved.
Remote network
21. Axway Transfer CFT
Secure, reliable, available A2A file transfer service
Different modes and kinds of transfers
" peer-to-peer, client-server
Full independence of the platforms
" 1:1, 1:N (broadcast), N:1 (collect), “store & forward”, “permanent
" files” names for sites and flows
Logical
SecurityOS platforms
" 22+
" Data secure at rest and in motion
Automation PGP, SSL/TLS
" S/mime, of Mass Deployments
" Central Management Console accessing services for
" Network security (logical names)
Reliability & Performance
" configuration, operation, monitoring and visibility
" Access rights on logical objects
" Guaranteed delivery Key management
" Certificate & License
LDAP, X.509, PKI
Business automation & integration
" End-to-end acknowledgement
" Event-oriented (“just-in-time”)
" Active/Active clustering
" Exits, APIsscalability Web Services)
" Horizontal (C, Java,
" Managed Pre/Post script processing
" Transfer Acceleration
" UDT & Parallel TCP (pTCP)
" Bandwidth throttling and transfer prioritization
21 | © 2012 Axway | All rights reserved.
22. Other Historical Applications of FTP
System to
Human (S2H)
Application FTP Server
Human to
Human (H2H)
FTP Server
| © 2011 Axway | All rights reserved.
23. Take away
From the session
| © 2011 Axway | All rights reserved.
24. A file is not just a file! …
Requirement for Managing File Transfers
Retail CPG Pharma/Health Telco
Point of Sale Data Catalogs Research Data Tickets
Product Images Trend Analysis Data Clinical Trials Invoicing element
Catalogs Process Information Patient Records Orders
Trend Analysis Info Scheduling Data Scanned Images Provisionning
Bank/Finance Manufactoring High/Tech Media
Payments CAD/CAM Models CAD/CAM Models Video Files
Clearing Design Specs Design Specs Soundtrack Files
Reporting Simulation Models Test Data 3D Animations
Scheduling Data Emb. Software High Res. Images
Managed File Transfer
Data Exchange Additional Services Governance
FTP
24 | © 2012 Axway | All rights reserved.
25. MFT usage scenarii d'usage
Corporate Network DMZ Internet
Transfer
CFT
Secure
Secure
Client
Applica5on
Transport
B2B
Integra5on
Mul5site
Integra5on
Portal
Ad
hoc
File
Transfer
Direct
25 | © 2012 Axway | All rights reserved.
26. Axway Transfer CFT + SecureTransport
Supporting the 5 uses cases
Corporate Network DMZ Internet
Central Management A2A Operations B2B Operations
Services
Configuration
Repository Orchestration A A
Deployment A A
UNIX Z/os VMS
Cluster CFT
Operations Load balancer
Monitoring
Axway Transfer CFT
Security
File Transfer Service
Access Management
PKI
Visibility Windows Linux OS400
End-to-end Monitoring
& Dashboard
26 | © 2012 Axway | All rights reserved.
Remote
27. Questions?
Contact us at: sales@axway.com
Your questions via email to:
vsibue@axway.com
| © 2011 Axway | All rights reserved.