Connect Direct (C:D)

Connect Direct (C:D) category
Mirjana's picture

FTP vs CD

The majority of companies exchange essential and non-essential files using FTP (File Transfer Protocol), which has inherent security risks.
The reason FTP has been used in all of these applications is because of its availability -- FTP exists for all operating systems from mainframes down to PCs and it is routinely included in many commercial and open source applications.
 
Wide availability is a liability
 
However, this wide availability is also a liability. Because FTP is supported on numerous systems, there is a greater knowledge of the protocol, its operation, and implementations. For example, some companies never change the default passwords of FTP software so their FTP servers are subject to easy manipulation. Careless processes and human error provide an unintentional open door to malicious users who frequently hack into FTP servers and steal data.
 
In fact, the Sterling Commerce MFT solutions, which Connect:Direct is part of, have never been breached. This ensures information will be protected when a company does business electronically.
 
Maintaining and patching problem
 
Since FTP is available on many platforms, many operating systems and with many applications, companies must be particularly vigilant to ensure that security is airtight for all of the impacted servers and applications. They must respond quickly to any newly discovered vulnerabilities and make certain that they are rapidly patched. Since a company may not have control over all of the systems that come into play and might not be able to ensure that all systems meet security mandates, hackers have multiple points of attack to compromise data on scattered FTP servers.
 
Connect:Direct as a proprietary protocol is not so publicaly known and easy to hack at all.
 
Encryption and security
 
Another vulnerability of FTP is that alone it does not provide encryption. Files are sent as is and the content and FTP usernames and passwords are transmitted in clear text, all of which can be intercepted by someone eavesdropping on a communications link.
As security concerns are not a part of the FTP model and a client must supply an ID and password upon opening the connection to the server, this security information is transmitted in open text.
 
The Connect: products offer multiple choices, ranging from securing FTP traffic to robust security, that allow the data movement operation to fit naturally within enterprise security policies. If support of FTP traffic is required, the data flow can be encrypted. If higher security levels are required, proxy-based security, coupled with authentication and configurable encryption, can be implemented within the Connect: deployment.
 
The Connect:Direct Secure+ Option for Windows application provides enhanced security for Connect:Direct and is available as a separate component. It uses cryptography to secure data during transmission.
 
Cryptography provides information security as follows:
 
  • Authentication verifies that the entity on the other end of a communications link is the intended recipient of a transmission.
  • Non-repudiation provides undeniable proof of origin of transmitted data.
  • Data integrity ensures that information is not altered during transmission.
  • Data confidentiality ensures that data remains private during transmission.
 
Management, tracking, logging and auditing
 
Furthermore, as FTP use grows, management, tracking and auditing burdens also grow. Most often, file transfers are part of a larger workflow where completion of a task is predicated on the receipt of a file and then some action being taken on the information in that file. Lacking suitable tracking and auditing tools, an IT manager or corporate executive would be hard pressed to determine whether a transaction was completed or why one failed.
 
The statistics file stores information about all events that take place within the Connect:Direct server for a specific period of time. Each record within the statistics file consists of fields that contain general information about the record and a field that contains the statistics or audit information to log.
 
Handling movement workload (Queuing and scheduling capabilities)
 
FTP provides no way to control critical data movement or balance it against lower-priority work that can impact processing windows. Massive, unmanaged data movement can delay and slow critical deliveries. FTP places all control in the hands of the client, and the first job usually wins. FTP also lacks the ability to create an enforceable policy for workload execution. Over time, this frequently results in chaos.
Connect:Direct gives each process a work-queue priority and a session class. Priorities are used to determine when processes run, and session classes are used to reserve transmission channels for critical transfers. These can be set up and enforced in accordance with business requirements. Users’ requests are always accepted, but the actual operation of the request is scheduled according to the business policy that drives the priority and class structure.
This accomplishes the goals of the user as well as those of the business.
 
Without queuing, scheduling and management capabilities, it is impossible to control the data movement workload.
 
As Connect:Direct Processes are submitted, they are placed in one of the four TCQ logical queues: Execution, Wait, Timer, and Hold. As sessions are available, the TCQ releases Processes to begin execution according to the Process class and priority.
 
Connect:Direct Processes could be scheduled to execute in the future.
 
Notification
 
In addition to consistent management, organizations need a structured level of notification that enables real-time adjustments to the data movement infrastructure. The enterprise requirements for notification are:
 
  • Instantaneous notification of critical exception and error conditions
  • Flexibility in the routing of notifications
  • Integration of data movement notification with the Enterprise Systems Management (ESM) structure
  • Historical logging of data movement activities
 
Connect: answers all these requirements by providing notification and logging as a natural part of the data movement operation. Notification can be routed, using a variety of platform capabilities, to operation and monitoring staff. Alerts represented by SNMP traps can be directed to ESM systems for proactive action at the network level. And all Connect: activity, including finely grained operational detail, is logged continuously.
FTP provides none of these capabilities. It is very difficult, if not impossible, to determine previous FTP activity. Any action that is required must be performed by the client/user. This makes for an inconsistent and unresponsive data movement infrastructure. Therefore, the cost associated with the use of FTP must include the inherent delays in exception discovery.
 
Connect:Direct for Windows provides two notification methods:
 
  • NT Broadcast—NT Broadcast notification is performed using the Windows net send command.
  • SMTP—E-Mail notification is performed using Simple Mail Transfer Protocol (SMTP) notification, a simple ASCII protocol.
 
Recovery
 
FTP does not provide an automated way to recover from network errors. Any outage that occurs with FTP operations must first be discovered and then handled manually. This generally means restarting the failed operation from the beginning.
 
The costs associated with FTP recovery are:
 
  • Retransmission due to networking resource failure. On average, FTP will need to retransmit half the overall data movement volume per failure. Connect: recovers the network connection and requires no retransmission.
  • During a network-resource failure, FTP use requires discovery of the failure. This delay in restart represents cost. Connect: will automatically sense network failures and retry the operation. In most cases the recovery will be automatic. In the case of a permanent outage, notification is provided to enable rapid resolution.
 
Several facilities are provided for Connect:Direct process recovery after a system malfunction. The purpose of Process recovery is to resume execution as quickly as possible and to minimize redundant data transmission after a system failure. The following Connect:Direct facilities are available to enable Process recovery:
 
  • Process step restart
  • Automatic session retry
  • Checkpoint/restart – resume for check point
  • Intelligent session restart -permits a session retry on only the first Process (others ar eplaced in Timer queue) submitted
  • Short-term and long-term retry – restart in specific time periods
 
Automation
 
Through the use of scripting, scheduling, and application integration, automation can ensure that proven business processes can continue to be successful by eliminating human error. With processes that require human interaction, errors and unintended activity can be introduced into a process flow. Many times such an error will not be discovered until much time has passed.
 
The cost involved with the lack of FTP automation include:
 
  • Operations that complete successfully but are not usable since there is no way to validate user selected (or defaulted) options.
  • No central control of scheduled activities. Clients can initiate FTP activity regardless of its importance or impact on schedule.
 
Connect:Direct File Agent provides monitoring and detection capabilities that enhance the
automation you accomplish with Connect:Direct Processes.
 
Mirjana's picture

Connect Direct protocol

Necessity for secure file movement must ensure data delivery to the right destination within the right time window, so the receiving application can process and act upon it consistently—day after day, and year after year. The problem is many existing file transfer “solutions” built on FTP do not have the necessary mechanisms for management, monitoring, or advanced security.
 
Connect:Direct is the point-to-point file transfer software optimized for high-volume, secure, assured delivery of files within and among enterprises. It’s the industry-leading solution worldwide for assured, secure delivery of files, especially in the demanding financial services and telecommunications industries.
For those who need added security, Connect:Direct Secure+ is an add-on that provides configurable authentication and encryption
 
Connect:Direct can deliver your files with:
 
  • Predictability – assures delivery via automated scheduling, checkpoint restart, and automatic recovery/retry
  • Security – ensures that your customer information stays private, and that your file transfers are auditable for regulatory compliance via a proprietary protocol, authorization, and encryption (FIPS 140-2, and Common Criteria certified)
  • Performance – handles your most demanding loads, from high volumes of small files to multi-gigabyte files
 
For reliable and secure file transfer, file transfer provided must be near real-time integration needed for applications as diverse as convergence billing in telecommunications, synchronization of central and disaster-recovery sites, secure transfer of check image files, and consolidation of credit card transactions.
 
The Sterling Commerce Connect:® product line provides the
 
  • management capability,
  • auditing features,
  • security enforcement and
  • workload balancing
 
that organizations need to address the inherent complexity and unreliability of networks.
 
Connect: products have the ability to enforce security, balance the use of network resources, and automatically recover from the interruptions that invariably occur. FTP, by comparison, does none of these.
 
 
Improve productivity
 
Connect:Direct provides script-based automation, scheduling and alert notifications for 24x7 unattended operations. Unlike FTP implementations, Connect:Direct eliminates the need for manual intervention in data delivery, improving the productivity of your people and the reliability of your business processes.
 
Gain unprecedented scalability
 
Event-based architecture enables high volumes and large files—with no product-defined limits on file sizes. Scalability ensures that you can handle peak demand and keep pace as your business volumes grow, whether you operate mainframes or distributed/clustered servers.
 
Count on reliable file delivery
 
An acid test for any file transfer system is how it responds when there is a failure. Connect:Direct, which also supports various clustering technologies and IBM Sysplex on the mainframe, provides built-in automation and checkpoint restart to ensure lights-out operations.
 
Move files with confidence
 
The proprietary and secure Connect:Direct protocol has never been breached. That solutions help customers satisfy regulatory and industry requirements within their file transfer operations, including compliance with Sarbanes-Oxley, Payment Card Industry (PCI) and healthcare (HIPAA) requirements. Today, Sterling Commerce is the world’s most trusted collaboration partner and the leader in secure file transfer, with over 48 percent market share.
 
 
Capability
Description
Automation and Management
Supports 24x7 unattended operations
Schedules jobs on a one-time, recurring, or continuous basis
Assigns and manages file transfer workload
Event driven alert notification
Process language builds scripts to provide integration with back-end systems
API and SDK for programmatic access by other applications
Assured File Delivery
Support Check point restart
Automatic recovery from network interruptions
Automated alert notifications for success/failure
Security and Compliance
Interfaces with operating system security for user authentication
Provides a complete audit trail of data movement through extensive statistics logs
User authentication
x.509 certificates for authentication
Data encryption (SSL/TLS)
Certificate and Certificate Revocation List (CRL) checking
FIPS 140-2 and Common Criteria certification
Demilitarized Zone (DMZ)-based authentication, • session break and SSL termination
Ensure that no file is stored in the DMZ
No inbound ports opened in the firewall
Validation of the Connect:Direct protocol
Multiple Platform Support
z/OS, z/VM, and z/VSE
OpenVMS
i5/OS (OS/400
UNIX and Linux
Windows
HP NonStop
Connect:Direct Select (Java version that can run on multiple platforms)
Network Protocols Support
TCP/IP SNA
Syndicate content