Features: Enhanced File Transfer Server

Business Need
The Internet has dramatically changed how organizations share data with business partners, customers, and employees. Information that used to be delivered by mail, fax, or courier is now transferred online in real time. This increased convenience and speed of delivery does not, however, come without risks; the integrity, confidentiality, auditability, and reliability of data transfers are critical business concerns.

Industry Solutions
There are numerous approaches to securing and managing data transfers, ranging from traditional paper-based or closed-network electronic data interchange (EDI) methods to modern secure applications that use the Internet or other IP-based network for secure data delivery. Typical approaches include:

	Delivery	Complexity	Cost	Scalable	Workflow	Security
Media based (CD/DVD, courier, fax)	Very slow	Moderate	High	Medium	None	Moderate
Traditional EDI (VANs)	Fast	High	High	Yes	Yes	Very Good
VPN	Medium	Moderate	Very High	No	None	Good
E-mail	Slow	Easy	Low	No	None	Good
Home-grown	Fast	Very High	Moderate	Yes	Possible	Moderate
Managed File Transfer (MFT)	Fast	Easy	Moderate	Yes	Yes	Very Good

GlobalSCAPE's Solution

GlobalSCAPE's Enhanced File Transfer (EFT) solution offers organizations a cost effective and reliable alternative to expensive leased lines and VPNs, inefficient e-mail- or courier- based transactions, or hard -to -maintain home grown solutions.

Benefits:

• Real-time data delivery
• Significant cost savings over legacy transmittal mechanisms
• Increased efficiency of business processes and worker productivity
• Reduced complexity of setup and deployment
• Minimal investment compared to traditional solutions
• Standards-compliant transport and data encryption services
• Highly scalable

EFT Server Architecture

GlobalSCAPE's strategy is to delivers its managed file transfer solution in a modular form, providing smaller companies with security and compliance requirements a low cost of entry, and a migration path for enterprise-level companies to expand product use as business needs dictate.

• Enhanced File Transfer Server – The foundation for comprehensive and integrated secure file transfer coupled with back -end data management. EFT Server listens on standard ports for incoming requests over a variety of Internet transfer protocols. If a request is authenticated, it allows access to system and directory resources.
  
  
• DMZ Gateway – Used in combination with EFT Server to create a multi-tier security solution for data storage and retrieval. The DMZ Gateway resides at the edge of the network, brokering data between EFT Server residing behind your corporate firewall and your clients in the outside world.
  
  
• Web Transfer Client – A powerful thin client that deploys automatically and can be used by any trading partner using most Web browsers.
  
  
• Auditing and Reporting Module – Captures all of the transactions passing through EFT Server. Query the data and view reports from within EFT Server's Administrative console.
  
  
• Secure Ad hoc Transfer Module – The Secure Ad hoc Transfer module allows companies to exchange files without the problems associated with having to manually create temporary FTP accounts, the size limitations and security issues of regular email, or the time delays and high costs of overnight and physical shipments
  
  
• High Security-PCI module – This module helps companies comply with the Payment Card Industry Data Security Standard (PCI-DSS) or to put in place a High Security solution for their organization. It helps create PCI DSS-compliant file-transfer services simply and easily and facilitates the continuous process of maintaining compliance.
  
  

EFT Server

EFT Server is the core of the EFT solution: a secure, reliable server with extensive automation capabilities and support for a wide range of protocols, all controlled from a lucid, logical interface, making integration with existing data exchange systems—yours or a trading partner's—easy.

Security

EFT Server provides robust security architecture for meeting business and regulatory requirements, ensures that encrypted transactions occur only with the appropriate entities, and ensures that data confidentiality and integrity are preserved during transport and storage.

Transport Security Industry- standard FTP and HTTP over: Secure Sockets Layer (SSL) Transport Layer Security (TLS) SSH2 (Secure Shell's SFTP) Create, manage, and use digital certificates and public keys Specify cipher preference and order of precedence DMZ or perimeter security* No data stored in the DMZ No authentication and directory listings stored in the DMZ No inbound holes needed in the firewall *When deployed with the optional DMZ Gateway

Data Storage Security (Overview)

Organizations transferring mission- critical or classified documents, or requiring increased data security on Internet-accessible systems, may wish to encrypt data as it is received and subsequently stored on disk. GlobalSCAPE's EFT Server can encrypt files automatically using AES 256-bit encryption (Microsoft's powerful but controversial EFS) or using the popular OpenPGP-based two-factor encryption standard.

• Encrypted File Store (EFS)
• With OpenPGP-based Encryption
• Automatic offloading of files as they arrive

General Security

• Multiple mechanisms for registering, authenticating, and authorizing users.
• User accounts isolated from network user accounts, ODBC-based or network-based authentication (NT/AD/LDAP).
• Advanced protection from Denial of Service (DoS) and flood attacks.
• Support for strong (complex) password policy enforcement for account authentication.

• SOCKS proxy support allows EFT Server to access external servers via a SOCKS proxy, such as Microsoft ISA Server, Sun Java System Web Proxy server, and Secure Shell servers.
  

Integration into Workflow

Event Rules Create powerful event triggers without any programming knowledge. Use a simple point-and-click interface to create pre- and post-processing “Event Rules” that launch pre-defined actions if certain conditions occur. Configurable event triggers for performing single or multi-step actions including: Send an e-mail notification to one or more recipients Push data to a network drive or to another server using a variety of protocols Pull data from remote inboxes located on the LAN or using FTP/S, SFTP, or HTTP/S Run a command or process, giving you virtually unlimited extensibility Encrypt, decrypt, or sign data using the included OpenPGP component Delete stale data from the server Monitor a specific folder for changes. If a file is added or modified, EFT Server will trigger a specified action Run rules on a recurring schedule Conditionally run one or more actions using IF/ELSE blocks, and AND/OR/<>=! operators

click image for larger view

Data pre- and post-processing is integral part of EFT Server's event-based trigger system. With Event Rule triggers, when a specific event occurs (the trigger), and if certain conditions are met (the criteria), then pre-defined actions can be launched.

Auditability

Non Repudiation of Receipt
EFT Server tracks and reports on transactions throughout their life cycle, providing non repudiation of receipt through granular transaction auditing and reporting

Guaranteed Delivery
EFT Server includes mechanisms for ensuring file delivery using Automatic Retry, which completes the transfer if a remote connection is interrupted, and Checkpoint Restart, which allows transfers in progress to be paused and restarted at any time.

Data Integrity Checking
EFT Server can optionally validate the Cyclical Redundancy Check (CRC) checksums of transferred files.

Easy Deployment and Management

COM API

EFT Server's programmatic interface (component object model (COM) application programming interface (API)), allows you to programmatically manage EFT Server, performing unattended maintenance automatically (as opposed to manually using EFT Server's Administrator console).

• COM (Component Object Model) for automating time-consuming tasks or integrating into your custom application

Flexible Authentication & Account Management

Authorize partners by creating accounts in EFT Server's built-in database, or reference external directory services including Active Directory, LDAP, or proprietary data stores that support ODBC. Flexible Authentication Choices include:

• NT user accounts with NTLM
• Active Directory (AD) authentication
• EFT Server authentication (virtual users)
• ODBC authentication against ODBC data source
• LDAP authentication

Manage Access to Resources Limit clients and partners to designated “home” folders, assign permissions in those folders, and limit access to resources such as bandwidth and files. Assign fine-tuned settings to reusable templates, and create permission “groups” for easier control over multiple users. Folder permissions (read, write, exec, list, create, rename, delete, etc.) Bandwidth settings Connection limits, restricted IPs, max uploads/downloads, etc. Disk space allowed (quotas) Allowed commands, password types, protocol types, and more Types of files allowed

Life-Cycle Management

Quickly and efficiently remove users such as a departing employee or ex-partner, manage temporary accounts, and address the revocation and if necessary re-issuance of public-keys or certificates if they expire or are compromised.

• Set an account expiration date
• Set a certificate expiration date
• Manually disable accounts
• Temporarily or permanently disable accounts based on improper or suspicious activity

Administration

Manage Multiple Servers
Manage multiple physical servers running on systems across the world or within your LAN/WAN using a Windows-based Administrator Interface.

Manage Virtual Sites
Operate multiple sites with unique directory structures and user accounts from one location using the Administrator console.

Multiple Administrator Capability
Multiple administrators can connect and manage the servers with full or limited access.

Business Continuity

Business continuity requirements typically require that an organization's outward-facing business-to-business or business-to-consumer services are highly available, meaning that interruptions are kept to an absolute minimum, and that those services are restored quickly should a disruption occur.

General failure handling

EFT Server mitigates failures caused by temporary network connectivity loss by:

• Manual or automatic checkpoint restart - guaranteed delivery
• Cyclical Redundancy Check (CRC) checks performed after transfer - data integrity validation
• Accelerated transfers using segmented (multi-part) and concurrent delivery – maximize available bandwidth

Server outage

Possible deployment options for Disaster Recovery (DR) and in the case of unplanned downtime:

• Can be configured in a fail-over (Active-Passive) cluster
• Can provide scheduled backups (archival) for easy data backup and DR

Performance

Accelerated Transfers

Organizations with partners or clients that are geographically dispersed can benefit from EFT Server's remarkable Accelerated Transfer feature.

• Multi-part* Accelerated Transfers (Segmented Delivery) – This cutting-edge approach to transferring large files can accelerate transfers by over 400%. A file is segmented (split) into multiple equally sized parts, and each part is then transferred simultaneously over a separate thread. Once all segments are received, the resulting parts are recombined into a whole file.

EFT Server *requires file transfer client that supports this feature

Expand EFT Functionality with Modules

EFT Server is part of GlobalSCAPE's modular solution, which allows small- to medium-sized companies with security and compliance requirements a low cost of entry and a migration path for enterprise-level companies to expand their functionality as their business needs grow. The following modules can be added to EFT Server:

High Security-PCI module
This module helps companies comply with the Payment Card Industry Data Security Standard (PCI-DSS) or to put in place a High Security solution for their organization. It helps create PCI DSS-compliant file-transfer services simply and easily and facilitates the continuous process of maintaining compliance.

Secure Ad Hoc Transfer Module
The Secure Ad Hoc Transfer (SAT) module allows companies to exchange files without the problems associated with manually creating temporary FTP accounts, size limitations and security issues of regular email, or time delays and high costs of overnight and physical shipments.

DMZ Gateway Server
For added security, GlobalSCAPE’s optional DMZ Gateway module acts as an intermediary proxy server to broker all data, user authentication, and session information between your partners and EFT Server. EFT Server actively manages the actual authentication, data storage, and retrieval along with post transaction workflow.

Web Transfer client
EFT Server supports a wide variety of industry standard Internet file transfer protocols, which allows your trading partners and customers to connect to EFT Server with their choice of client. GlobalSCAPE also offers EFT Web Transfer Client, which provides thin or "clientless" connectivity with exceptional flexibility.

Auditing and Reporting Module
The Auditing and Reporting Module (ARM) captures all the transactions passing through EFT Server and then allows you to query the data and view reports (preconfigured and customer-defined) from EFT Server administrative console.

If you would like more information regarding evaluating or purchasing EFT Server, please call us at 1-800-290-5054 (U.S.) or 1-210-308-8267 (international), or submit a request for a product trial and a representative will contact you shortly.