communication protocol adapters in sterling integrator of communications adapters in sterling...

© 2009 IBM Corporation

Communication Protocol Adapters in Sterling Integrator


Agenda

■ Overview of communications adapters in Sterling Integrator (SI)■ Important concepts

–Perimeter Server–Mailbox–Key management

■ HTTP(S) related adapters■ SFTP related adapters■ FTP(S) related adapters■ Related concepts

–Communication events visibility–Adapter Policies

■ IBM Sterling Managed File Transfer Solutions–Sterling File Gateway (SFG)


Overview

■ Server adapters receive data from trading partner and bootstrap a BP or store it in mailbox. Partners can also retrieve data from SI.

■ Client adapters connect to trading partner systems and send / receive data


Integration with various aspects of SI


Value-add in a B2B integration scenario■ Both client and server adapters are available for most commonly used

communication protocols (HTTP, FTP, SFTP, Web Services, OFTP, Connect:Direct, Raw Socket etc)

–Clients can actively connect and send/receive data–Servers can wait for data to be pushed into or pulled from the system

■ Adapters are integrated with Trading Partner Management system (in-built and Sterling Community Management (SCM) product)

–Trading partner (TP) on-boarding allows TP specific configuration (Eg: certificates) to be used with adapters

■ Adapters are integrated with Workflow / Business Process (BP) engine–This can be used for automation of data processing–Other adapters can be used in the BP to route the data to internal systems–You can build a complex application on top of the basic protocols – Eg: AFT,

Web Services, AS2, Sterling File Gateway use the adapter integration with BP engine extensively

■ Communication events visibility and data visibility are integrated into the UI –Used for tracking the flow of data in SI–helps in audit scenarios


Agenda







Perimeter Server■ Perimeter server is a software for communications management that

–manages the communications flow between outer layers of your network and the TCP-based transport adapters

–can be installed in a DMZ (De-Militarized Zone – the zone between a trusted internal network and an untrusted external network Eg: internet)

–Provides security and scalability


Mailbox■ Mailbox is a virtual file system in Sterling Integrator that provides structure to the

'Document' based storage in SI–A 'document' in SI represents a basic unit of storage that contains business

data (could contain KBs to TBs of data)–Mailbox has a tree like folder structure similar to a file system where

documents can be placed–A document in a mailbox is called a message–Mailboxes can be tied to users and authorization controlled accordingly

■ Mailbox has store-and-forward communication infrastructure–Adapters can store incoming data as mailbox messages–Routing rules can bootstrap BPs automatically whenever a new message is

added to a mailbox–Mailbox can be used in situations where it is necessary to stage data for

processing at a later time Eg: When data is produced by internal systems when trading partner systems are unavailable

■ Mailbox has a web UI named Mailbox Browser Interface (MBI) that can be exposed to trading partners

–The trading partner can upload and download data directly–requires user interaction


Key stores in SI

■ SI provides different type of key stores–System certificates store contains private keys and corresponding certificates–CA certificate store contains certificates belonging to Certificate Authorities.

These can be used for authenticating a trading partner in SSL communications–Trusted certificate store contains public certificates that can be used for

cryptographic operations like encryption and signature verification–Different types of SSH keystores that can store private and public SSH keys

■ All communication adapters that support secure communication (SSL and SSH based) are integrated with these key stores

–System certificates are used as private keys in SSL security–CA certificates are used to verify the authenticity of the partner's certificate that

is used in SSL (could be client or server's certificate)–Known host keys and Authorized user keys are public SSH keys–User Identity keys and Host Identity keys are private SSH keys

■ Trading partner management system is integrated with the key stores–While creating trading partner profile, you can configure certificates or keys to

be used for SSL/SSH communications


Agenda







HTTP Server Adapter■ The HTTP Server Adapter is based on jetty http engine and provides support for

HTTP protocol in the following way–You can run a full fledged web application from a WAR file–You can run a Business Process with the incoming data as primary document

■ It provides a URI based configuration for routing data–The adapter listens on a configured port and can accept simple TCP or secure

SSL/TLS connection based on how it is configured–The incoming HTTP request is routed to configured BPs or WAR applications

based on URI


HTTP Client Adapter■ HTTP Client Adapter provides client capabilities in the following way

–Scriptable using Business process (BPML) in SI and available in the GPM–Connects to the configured host and sends/receives business data using the

HTTP protocol–Supports GET and POST Http methods and secure SSL connections (https)–Supports connecting through a HTTP proxy

■ The client adapter supports big payloads (tested up to 2 GB) and supports more than 150 concurrent transfers


Agenda







SFTP Server Adapter■ SFTP Server adapter provides secure file transfer support with SFTP protocol

–Works on top of Secure SHell (SSH) protocol for transport security–Uses SSH Host Identity keystore (private keys) and Authorized User key store

(public keys) in SI for SSH keys–Capable of exposing a Mailbox or an actual (native) file system directory as the

SFTP file system to the connected user–Supports restrictions via Virtual Roots and adapter policies (more on policies

later)


SFTP Client Adapter■ SFTP Client Adapter provides client capabilities in the following way

–Scriptable using Business process (BPML) in SI and is available in the GPM–Connects to the configured host and executes specified SFTP commands–Supports SFTP commands like cd, list, get, put, delete, pwd, mkdir, rmdir,

move that help in sending/retrieving/organizing business data in the partner's SFTP server

–Supports connecting through a HTTP proxy


Agenda







FTP Server Adapter■ FTP Server adapter provides support for sending/receiving files using the the FTP

protocol–Exposes a Mailbox or an actual (native) file system directory as the FTP file

system to the connected user–Supports a large set of FTP commands (rfc 959)–Supports secure SSL/TLS connections (FTPS)–Supports restrictions via Virtual Roots and adapter policies (more on this

later)–Supports User Exits (custom code execution on FTP events)


FTP Client Adapter■ FTP Client Adapter provides client capabilities for the FTP protocol in the following

way–Scriptable using Business process (BPML) in SI and is available in the GPM–Connects to the configured host and executes specified FTP commands–Supports FTP commands like cd, list, get, put, delete, pwd, site, quote, move that

help in sending/retrieving/organizing business data in the partner's FTP server–Supports FTPS (FTP over SSL) for transport security

■ Tested with large files up to 15 GB


Agenda







Visibility■ All communication adapters fire events about success or failure of different types

of communication events like–Connection establishment and authentication (start of a user session)–File transfer start / progress / end / DB persistence–End of a user session or connection

■ The events can be searched and tracked by an administrator using different visibility related UI menus in SI administrator console ( in “Business Processes → Monitor → Advanced Search” menu)

–Data Flows page can track any SI document (from any adapter/service)–Communication Sessions page tracks communication adapter specific events–Current activities UI can show the ongoing communication sessions–Reports (under Operations menu) page can generate reports about these

events in html, pdf, xls, xml formats


Adapter policies■ Administrator can configure adapter policies to apply following type of restrictions

(currently supported in SFTP and FTP Server adapters only)–Restrict a user/IP from executing selected commands- this gives ability to give

read-only or write-only access to the system–User/IP based bandwidth limiting for (inbound) file transfers – this gives ability

to allocate bandwidth based on priority–Limit the amount of data a user/IP can put into the system (per day) – this is to

prevent a single partner from using up storage space–Lock a user Id if configured number of invalid log-in attempts are made. The

lockout can be time-based (user gets unlocked after given time) or permanent (i.e until an administrator explicitly unlocks the user)

■ The policies can be applied at a global level for a given protocol (FTP/SFTP) or applied per configured server instance level (individual server configurations)

■ These policies give flexibility in allocating resources based or partner priority and in restricting partners from accessing unauthorized data


Agenda







IBM Sterling Managed File Transfer (MFT) solutions


Sterling File Gateway Overview


Sterling file gateway■ An MFT solution designed on top of Sterling B2B foundation for transferring files

between partners using different protocols, file naming conventions, and file formats.

■ Has following features–Scheduled high volume - high frequency file transfers–File and File name Transformations–File Transfer Visibility (file route and events reports)–Replay / Re-delivery–Notifications (partners and operators)–Broad Communications Protocol Support (FTP, FTP/S, SSH/SFTP, SSH/SCP,

and Sterling Connect:Direct)–Dynamic Routing–Easy-to-use Partner Onboarding UI–Flexible Mailbox Structures (to support pattern matching)

■ Works on the basis of predefined business processes■ Has a web browser based Partner interface named myFileGateway

–The partner can upload files using this UI which can then be routed using protocol adapters like FTP/SFTP

–Partner can subscribe to notifications


Questions

communication protocol adapters in sterling integrator of communications adapters in sterling...

Documents