• IBM® Sterling Connect:Direct®—Point-to-point file transfer software optimised for high-volume, assured data delivery of files within and between enterprises.
• IBM® Sterling Connect:Direct® Secure Plus—An add-on that provides configurable authentication and encryption.
• IBM® Sterling Control Center—A management solution for all your file transfer activity.
• IBM® Sterling File Accelerator—High-speed TCP alternative that can increase transfer speed by up to four times.
• IBM® Sterling File Gateway—An SOA based solution which allows you to incorporate your file transfer communities into all your business processes and incorporates Web-based interfaces for customer self- services and rapid onboarding.
• IBM®Sterling External Authentication Server - allows you to implement extended authentication and validation services for Sterling Commerce products, referred to as client applications.
• IBM® Sterling Secure Proxy—An application proxy for securing file transfers across your organisation's demilitarised sone (DMZ).

• Sterling Integrator's Advanced File Transfer (AFT) feature provides reliable, secure, scalable B2B content distribution and Web services across business boundaries, communication modes, and document formats.
• AFT is a centralized and dynamic file exchange platform for secure transfer of files within and between organizations. It provides end-to-end visibility of file movement in an event-driven, process-oriented, highly scalable framework. These capabilities enable you accelerate new product introduction, improve customer service, rapidly enable AFT partners, and improve operational efficiencies.
• Sterling Integrator's AFT is built on an extensible Java and J2EE-based architecture that supports comprehensive Internet protocols, document-oriented and stream-oriented processing, advanced application integration, mailboxing, and complete integration with Connect:Direct and Connect:Enterprise UNIX server products. AFT supplies a reliable and secure operational data exchange environment by implementing a policy-based automation and file transfer routing infrastructure.

• Within Sterling Integrator, you can configure the monitoring capability of the AFT Router. Routing enables a producer of data to direct a file to a particular consumer of that data. In this scenario, the producer and consumer are AFT partners of the router. Partners can be external, such as customers or suppliers, or internal, such as business units of the entity hosting the router.
• Administrators organize partners into AFT communities for ease of administration and to tailor the set of protocol choices that different AFT partners can employ. Every AFT partner belongs to a defined AFT community.
• An AFT partner with a mail box accessed over a protocol that is set up by the administrator initiates protocol connections. Alternatively, AFT partners can listen for connections from the router. AFT partners can be either consumers or producers of data. If they initiate connections to their own mail box, they are both a consumer and a producer.

• A Partner still belongs to exactly one community but it can belong to more than one partner group, which is a way to combine partners for business purposes.
• An Integration Architect can configure the Sterling File Gateway mailbox hierarchy to match that which Partners are already familiar with.
• The structure for mailboxes is flexibly defined.
• Sterling File Gateway can perform format unwrapping and wrapping for the ZIP, GZIP and PGP formats.
• Sterling File Gateway can extract facts from file names and use them for routing and delivery, and as input for generating the file name the consumer sees.
• Producer and consumer mailboxes are no longer tightly constrained as they were with AFT. Both producer and consumer mailbox patterns can be built from facts available when a routing channel is provisioned; consumer mailbox patterns can also include facts that are only available when a file is being routed.

• When on-boarding a partner in Sterling Community Manager, a series of questions will be asked for both the sponsor and partner that when answered, produces an agreement between the two parties. The agreement represents the information exchanged and agreed upon by both parties in the form of an XML document (the Agreement XML document) or a PDF file.
• The Agreement XML document consists of all of the pertinent information regarding a single sponsor or partner relationship. This information is processed in Sterling Integrator and referenced from the XpathResponse and XmlTag attributes. The XpathResponse attribute is an identifier that is recognized by Sterling Integrator and allows it to process information from the questionnaire data. The XmlTag attribute is a unique identifier for each questionnaire question block that is used to organize information in the questionnaires.

• The Agreement XML document processes through a communication channel that securely connects the Sterling Community Manager and Sterling Integrator together. Each time Sterling Community Manager processes trading partner information by way of creation or update, an event is triggered containing the contents of the Agreement XML. An event handler receives the Agreement XML from Sterling Community Manager and transfers the Agreement XML content to the Communication Channel. The Communication Channel consists of a Topic and Queue hosted by a JMS Server. When an Agreement XML is posted to the Communication Channel, it is filtered through the Topic and placed on the Queue for storage until Sterling Integrator is ready to receive the messages.
• Sterling Integrator provides a JMS Server (ActiveMQ) and has a built-in JMS adapter. The JMS Server and adapter are used to receive agreements from the Queue. When the JMS adapter picks up the agreements, a Sterling Integrator system business process will processes the agreement against a set of converters.
• The converters parse out the Agreement XMLs and processes them into the Sterling Integrator trading partner data tables. After the application converters are complete, Sterling Integrator will create all the necessary objects to represent the Sterling Community Manager agreement inside of Sterling Integrator. Once Sterling Integrator has processed these records, they are viewable from the Trading Partner > Setup > Advanced > Identities list page (all advanced trading profiles have this option).

A Web Service is defined by the W3C as "a software system designed to support interoperable machine-to-machine interaction over a network".

Web Services and Web Applications comparison

Web Services are units of code that can be called via HTTP requests in the same way that traditional websites can. The fundamental difference between them is that web services do not normally send HTML in response to a request but instead emit XML. The use of HTTP and XML gives web services advantages of platform and technology independence and allow web services to be set up to work across any intranet or even the internet.

While there are similarities between traditional Web Applications and Web Services the main function of web services is to allow a client to perform remote method calls over the HTTP protocol rather than serve HTML content to a web browser for display. While browser-based Web applications, are loosely coupled and remarkably interoperable, web services are not web based, and as they rely on industry standards, including HTTP, XML, SOAP and WSDL, to expose application functionality on the Internet, they are independent of programming language, platform and device.

While web applications typically are HTML-based, web services are XML-based. Interactive users for B2C (business to consumer) transactions normally access web applications, while web services are employed as building blocks by other web applications for forming B2B (business to business) chains using the so-called SOA model.

Web services use the HTTP transport protocol which is perhaps the most ubiquitous in the world as it is the basis of the internet! Using HTTP means that web services can be hosted within web servers and as such can be available across a company in the same way an intranet sit. But why stop at the company boundary? HTTP is the basis of the internet so why not be available to the world!

This in fact is a key application of web services as it allows Business to Business (B2B) communication

Platform, system and language independence

The HTTP protocol is the main element we have to mention in the story about Web Services, and it is explained above.

The second element of web services is XML. XML in essence is just a well formed text document that can describe data structures using simple tags. Being a text document XML is therefore totally platform and technology independent. Even if you are trying to integrate a .NET application with a Java program, though XML data exchange it becomes easy because both technologies can read text and can understand what is being passed to them from the other program.

So, the 2 key advantages of web services are:

• Platform/Language independent – Because from the users point of view all that is exchanged is XML which is a text based data format. The machinery that creates this XML behind the scenes can be on any platform using any language. The ubiquity of the HTTP protocol makes it the ideal choice for integration
  

• Firewall Friendly – Because they work over HTTP web service traffic travels through port 80 on any PC machine. This means that a System Admin does not have any additional firewall management headaches with extra ports being left open on a machine.
  

These advantages mean that any machine that has HTTP access to the server and properly technology that can read XML can access the Web Service and access its methods.

Web Service features

Web Services are web-based enterprise applications that:

• interoperate between different systems
• interoperate between different software applications
• can expose any program, functionality, application, class, method, EJB, business object … as a service
• running on a variety of platforms and/or frameworks
• simple and extensible
• use open, XML-based standards and
• transport protocols (SMTP, HTTP, RMI, JMS, WebSphere MQ …) 

… to exchange data with calling clients running on a variety of platforms and/or frameworks.

Web Services use Extensible Markup Language (XML) messages that follow the Simple Object Access Protocol (SOAP) standard and have been popular with traditional enterprise. In such systems, there is often a machine-readable description of the operations offered by the service written in the Web Services Description Language (WSDL).

• Web Services effectively eliminate the need for maintaining additional hardware and software
• Web Services are available anywhere in the world an internet connection is present
• Web Services eliminate the need to learn other organization's IT Infrastructures
• Web Services can connect new possibilities to any part of an organization, using any language, or any operating system
• Web Services can be implemented in hours or days compared to months using traditional implementation methods

WS resume: any program, functionality, application, class, method, EJB, any business object … can be exposed as a Web Service and contacted by WS client independently on system, platform and application (e.g. a Web Service deployed on a J2EE server can be invoked using a C++ client).

Protocols such as FTP, SFTP, HTTP, C:D are all divided into suite adapters that can be used to create a client that then connects to the trading partner and transfer the document, enforcing any security specifications from the business process

 Client components for B2B in GIS include FTP, SFTP, HTTP, JMS, MQ, SMTP, POP3, SOAP, C:D, C:E.

 Scenarios in which GIS can act as a client, by using any of above mentioned protocols looks like as follows:

Server components for B2B in GIS are FTP, SFTP, HTTP, WS – HTTP over SOAP, C:D Server Adapters

 FTP Server Adapter in GIS/SI

• FTP Server is tightly integrated with the Application mailbox system. An FTP client can only access the mailbox that is assigned to its user account.
• This adapter receives and processes requests from external trading partners that are submitted using the FTP protocol. This adapter is used with a Application Perimeter server.
• Use this adapter to put files into a Application mailbox or get files from a Application mailbox.
• mailbox activities can trigger routing rules
  

SFTP Server Adapter in GIS/SI

• Uses Mailbox subsystem as its repository (virtual roots)
• Receives and processes requests from external trading partners that are submitted through the SFTP protocol or SCP protocol
• Use this adapter to enable external SFTP clients or SCP clients to put files into a Application Mailbox or get files from a Application Mailbox.
• Routing rules for items placed in Mailbox can be used to trigger a business process
  

CD Server Adapter

• This adapter receives and processes requests from remote Connect:Direct nodes.
• Mediate requests originating from a business process and going to an external trading partner using a (non-application) Connect:Direct node or another Connect:Direct Server adapter.
• Accept requests from a Connect:Direct node (or another Connect:Direct Server adapter) to copy to or from a mailbox or business process
• Forward requests from one remote Connect:Direct node to another
  

HTTP Server Adapter

• Use this adapter to send documents to and receive documents from a trading partner using HTTP
• Uses Perimeter services
• Uses the same Jetty HTTP server engine as the GIS ASI console
• Able to run both WARs and BPML applications
• Runs application code inside the Application JVM for access to all Application resources
• Handles SOAP requests as well
  

Scenarios in which GIS can act as a server, by using any of above mentioned protocols looks like as follows:

• Authentication verifies that the entity on the other end of a communications link is the intended recipient of a transmission.
• Non-repudiation provides undeniable proof of origin of transmitted data.
• Data integrity ensures that information is not altered during transmission.
• Data confidentiality ensures that data remains private during transmission.

• Instantaneous notification of critical exception and error conditions
• Flexibility in the routing of notifications
• Integration of data movement notification with the Enterprise Systems Management (ESM) structure
• Historical logging of data movement activities

• NT Broadcast—NT Broadcast notification is performed using the Windows net send command.
• SMTP—E-Mail notification is performed using Simple Mail Transfer Protocol (SMTP) notification, a simple ASCII protocol.

• Retransmission due to networking resource failure. On average, FTP will need to retransmit half the overall data movement volume per failure. Connect: recovers the network connection and requires no retransmission.
• During a network-resource failure, FTP use requires discovery of the failure. This delay in restart represents cost. Connect: will automatically sense network failures and retry the operation. In most cases the recovery will be automatic. In the case of a permanent outage, notification is provided to enable rapid resolution.

• Process step restart
• Automatic session retry
• Checkpoint/restart – resume for check point
• Intelligent session restart -permits a session retry on only the first Process (others ar eplaced in Timer queue) submitted
• Short-term and long-term retry – restart in specific time periods

• Operations that complete successfully but are not usable since there is no way to validate user selected (or defaulted) options.
• No central control of scheduled activities. Clients can initiate FTP activity regardless of its importance or impact on schedule.

Differences in general:

Differences in details

SFTP does not have anything common with FTP

Encryption methods for SFTP and FTPS

SFTP vs FTPS, what to choose

 SFTP and FTPS – pros and cons

• Predictability – assures delivery via automated scheduling, checkpoint restart, and automatic recovery/retry
• Security – ensures that your customer information stays private, and that your file transfers are auditable for regulatory compliance via a proprietary protocol, authorization, and encryption (FIPS 140-2, and Common Criteria certified)
• Performance – handles your most demanding loads, from high volumes of small files to multi-gigabyte files

• management capability,
• auditing features,
• security enforcement and
• workload balancing

HTTP characteristics

• Stateless - Each transaction between the client and server is independent and no state is set based on a previous transaction or condition.
• Uses requests from the client to the server and responses from the server to the client for sending and receiving data.

 HTTP Methods

Secure HTTP (HTTPS)

SSH protocol basics

• Compression - traffic may be optionally compressed at the stream level.
• Public key authentication - optionally replacing password authentication.
• Authentication of the server - making ”man-in-the-middle” attack more difficult
• Port forwarding - arbitrary TCP sessions can be forwarded over an SSH connection.
• X11 forwarding - SSH can forward your X11 sessions too.
• File transfer - the SSH protocol family includes two file transfer protocols (SFTP and SCP)

SSH protocol security

• Password - It provides strong protection against password sniffing and third party session monitoring, better protecting your authentication credentials and privacy.
• Public key authentication - Client will check the identity of server.

Public key authentication

 

Fingerprints