WIXLIB

GlobalSCAPE Enhanced File Transfer ServerTechnical Overview of GlobalSCAPE Enhanced File Transfer ServerPublished: May, 2007AbstractThis paper gives IT professionals a technical overview of EFT Server, DMZ Gateway, EFT Web TransferClient, Audit and Reporting module and Secure Ad Hoc Transfer module. EFT Server and its associatedmodules leverage cost-effective Internet-based data transfer and encryption technologies to providesecure and reliable file transfers.

Table of ContentsINTRODUCTION. 3Industry Solutions .3The EFT Solution .4Flexible client connectivity options . 4Confidentiality and security . 4Secure DMZ data exchange . 4Advanced Auditing and Reporting. 4Secure Ad Hoc file transfers . 5Data transfer reliability and integrity . 5Automated data management . 5EFT Architecture .5EFT SERVER . 5EFT Server Security.6Registration and Authorization . 6Authentication . 7User Account Management . 8Data Transport Security. 9Data Storage Security. 9Reliability. 10Guaranteed Delivery.10Data Integrity Checking .11Accelerated Transfers.11Auditability .11Automation. 12Event Rules & Actions .12Component Object Model (COM) Interface SDK .13CLIENT CONNECTIVITY. 14Enhanced File Transfer Web Transfer Client. 14CuteFTP Professional. 15Third Party File Transfer Clients . 15DMZ GATEWAY . 15Peer Notification .16DMZ Security.16AUDITING AND REPORTING MODULE . 16Auditing .16Reporting .17SECURE AD HOC TRANSFER MODULE . 17GlobalSCAPE Enhanced File Transfer Server2

IntroductionThe Internet has dramatically changed how organizations share data with business partners, customersand employees. Information that used to be delivered by mail, fax or courier is now transferred online inreal time. This increased convenience and speed of delivery does not; however, come without risks: theintegrity, confidentiality, auditability, and reliability of data exchange are critical business concerns.Corporate information managers must protect business assets, ensure that policies and processes meetregulations governing the management of sensitive information, and ensure that the right people haveaccess to the right information at the right time. Global operations, diverse business partners andnetworks further emphasize the need for common standards to ensure compatibility, scalability and costeffective integration.Organizations that use the Internet for data transfer are also faced with a daunting array of securitychallenges stemming from various regulatory and business requirements for data privacy andconfidentiality. Regulatory and privacy requirements include legislation such as the Health InsurancePortability and Accountability Act (HIPAA), California Senate Bill (SB) 1386, and the Gramm-Leach-BlileyAct (GLBA) in the US, and the European Union's Privacy Directive, some of which impose severe penaltiesfor improper disclosure of confidential information. Additionally, industry best-practices and self-imposedbusiness requirements include intellectual property and trade secrets protection and controls regardingdisclosure of proprietary information to minimize corporate risk from the devastating consequences ofsecurity breaches.EFT Server meets these needs and more. Thousands of organizations use GlobalSCAPE’s secure serversto transfer and manage the enterprise data that drives their business.Industry SolutionsThere are numerous approaches to securing data transactions, ranging from traditional paper-based orclosed-network electronic data interchange (EDI) methods to modern secure applications that use theInternet or other IP-based network for secure data delivery. Typical approaches to secure data deliveryand their limitations include: Paper-based (courier, fax, overnight mail-delivery)o Slow deliveryo No data-on-demando More expensive per MB transferred (under typical scenarios)Traditional EDIo Expensive (leased lines, VAN charges)o Complex new partner setupo Too costly for smaller partnerso Limited or non-existent access for customersVPNo Protects transport but offers no post-transfer data protectiono No inherent post-transfer management or automationo Not scalable for extranet useo Allows login to operating system accountso No industry standard logging of transactionsSecure E-mailo Severe data (attachment) size limitationso No post transfer management or automation capabilitieso Not real-time (depends on recipient checking e-mail)Home Grown Solutionso Costly to maintain and extendo Additional costs for platform coverageo Difficult to ensure securityGlobalSCAPE Enhanced File Transfer Server3

The EFT SolutionOrganizations are increasingly moving away from traditional or legacy based data exchange solutions andtowards Internet-based technologies due to the many benefits they offer for data transfer and increasedsecurity. These benefits include: Increased speed of data deliverySignificant cost savings over legacy transmittal mechanismsIncreased efficiency of business processes and worker productivityReduced complexity of setup and deploymentMinimal investment compared to traditional solutionsStandards compliant transport and data encryption servicesHighly scalableAnalysts have identified a set of business requirement prerequisites that persist across industries thatneed secure data transfer and management. The solution: Reliable, cost-effective, and modularCompatible, standards compliant, and works with major global vendorsAuditable, supports industry standards and detailed loggingWell documented, includes training, and demonstrates knowledge and skillFlexible, contains security measures, access control authentication, and proof of authoritymechanismsFamiliar, encourages rapid adoption by end users, and has a minimal learning curveThe EFT solution meets these requirements and provides:Flexible client connectivity optionsConnect with: The EFT Web Transfer Client, a Java-based self-deploying thin client CuteFTP Professional Windows or Mac FTP clients Any 3rd party clients that adhere to industry standard protocolsConfidentiality and security Industry standard FTP and HTTP over:o Secure Sockets Layer (SSL)o Transport Layer Security (TLS)o SSH2 (Secure Shell's SFTP)Digital certificates and public key authentication for identity validationOpenPGP encryption for files residing on the serverMultiple mechanisms for registering, authenticating and authorizing usersUser accounts isolated from network user accounts, ODBC-based or network-basedauthentication (NT/AD/LDAP)Advanced protection from Denial of Service (DoS) and flood attacksSecure DMZ data exchange NoNoNoNodata stored in the DMZauthentication and directory listings stored in the DMZinbound holes needed in the firewallsynchronization or replication of user database needed in DMZAdvanced Auditing and Reporting Track usage and bill your clients more accuratelyEstablish trends, find out who your most active customers are, or when demand is the highest.GlobalSCAPE Enhanced File Transfer Server4

Capture all socket, protocol, authentication, and transfer information then rapidly analyze it topinpoint problemsNon-repudiation of receiptSecure Ad Hoc file transfers Send files too large for e-mail attachmentsPick-up files sent back to your organizationAdmin doesn't need to setup FTP accountsTransparently secures files sentProvides auditing complianceNon-repudiation of receiptData transfer reliability and integrity Manual or automatic checkpoint restart for guaranteed deliveryCyclical Redundancy Check (CRC) checksums for data integrity validationScheduled backup and archival for easy data backup and restorationAccelerated data transfers using segmented (multi-part) and concurrent deliveryAutomated data management Event triggers for performing post-delivery actions including:o E-mail notification to one or more recipientso Run a command or process, giving you virtually unlimited extensibilityo Encrypt, decrypt or sign data using the included OpenPGP componento Move data to a network drive or to another server using a variety of protocolsCOM (Component Object Model) for automating time-consuming tasks or integrating into yourcustom applicationSynchronization tools for mirroring content across systemsTools for monitoring and publishing content changeEFT ArchitectureEFT Server provides the enterprise with a secure and reliable file management system using industrystandard protocols and customizable automation tools. It integrates rapidly into existing electronic dataexchange processes. The complete EFT Server solution involves a client such as the built-in EFT WebTransfer Client, a DMZ Gateway Server, EFT Server, Auditing and Reporting module and Secure Ad HocTransfer Module.GlobalSCAPE’s Enhanced File Transfer SolutionEFT ServerEFT Server is the core of the EFT solution: a secure, reliable server with extensive automation capabilitiesand support for a wide range of protocols, all controlled from a lucid, logical interface, making integrationwith existing data exchange systems—yours or a trading partner’s—easy.GlobalSCAPE Enhanced File Transfer Server5

EFT ServerEFT Server SecurityEFT Server provides a robust security architecture for meeting business and regulatory requirements. Itensures that encrypted transactions occur only with the appropriate entities and that data confidentialityand integrity are preserved during transport and storage. The technology required to meet theseobjectives are: Registration & AuthorizationAuthenticationLife-cycle ManagementData Transport SecurityData Storage SecurityRegistration and AuthorizationRegistration adds new trading partner user accounts to an environment. Authorization establishes thepermissions for those accounts. GlobalSCAPE EFT Server supports multiple methods for adding, storingand controlling permissions for accounts. User profiles can be managed internally or externally throughNTLM, Active Directory (AD), LDAP, or ODBC data sources.Methods for adding new user accounts Manually – User accounts can be created from a Windows-based administrator interface (locallyor remote).Programmatically – The EFT COM (Component Object Model) interface can register andauthorize thousands of users in seconds.Implicitly – EFT Server can query of existing user domains (such as Active Directory), LDAP, orODBC data stores.Methods for storing user accounts Virtual users – EFT Server provides a proprietary database for storing user accounts andpermissions. These accounts are isolated from the operating system accounts and they are onlyauthorized to access the services provided by the server.LDAP and Windows Active Directory users – EFT Server queries the LDAP or ActiveDirectory Database on the domain of the system that is running the server or queries the PrimaryDomain Controller for the domain and adds all users. This is helpful for organizations that have alarge number of users and have already configured Active Directory or LDAP permissions.ODBC users – The server can query any ODBC compatible database. This allows usermanagement (addition, modification, removal, etc.) from any application that can communicatewith the database or through its COM interface. ODBC users also have the benefit of isolationfrom operating system users.GlobalSCAPE Enhanced File Transfer Server6