Managed File Transfer Versus Middleware

Managed File Transfer Versus Middleware

Managed File Transfer and Middleware have both undergone a period of evolution in the past few years. Historically speaking, the early days of both can be easily traced back to the need to move data between various parts of a computer network, generally over simple protocols like FTP or RCP. As a consequence and especially as organisations began to move away from legacy environments, many networks contained an inordinate number of FTP servers, frequently with an unknown array of FTP clients pushing and pulling data in an often uncontrolled fashion.

Middleware stands up…

This became a standard argument for switching to using a middleware product – taking back control of your network and the data that crossed it. Most early middleware systems used a hub and spoke affair and provided a central point where all data would arrive and depart from. Additionally, the notion of data transformation during transit became popular, rather than the more traditional manipulation during processing at source or target system. A ‘code once use many times’ approach appeared for interfaces, allowing for a reduction in development costs, and the only limitation appeared to be the ever-growing range of available connectors.

The beginning of MFT…

FTP servers didn’t go away however; instead organisations began to centralise their FTP sites and a newer smarter generation of FTP server software began to appear. These early versions of Managed File Transfer quickly developed a common set of standard features – encryption, automation, protocol support and user management.

Which is which?

As both middleware and Managed file transfer systems matured, the boundaries between them began to diminish somewhat, with Managed file transfer performing some middleware functions and vice versa. Now we have reached a point where the practical differences have become a little fuzzy, however it shouldn’t be impossible to follow some simple guidelines to decide upon whether an architect should be following a middleware or a managed file transfer approach.

A good starting point is data transformation. Traditionally this falls squarely within the realms of middleware; however there are Managed file transfer solutions which can offer this feature well enough to be considered. In contrast, most middleware does not provide an FTP interface for end-users, relying instead on web services for input or FTP clients for output. An organisation therefore has to review its requirements – do they need an Managed file transfer solution with some middleware functionality, or middleware with some Managed file transfer?

Managed File Transfer Functionality

Middleware Functionality

While trying to avoid generalisations, here are some things to consider that Managed File Transfer solutions provide and middleware ones generally don’t (or at least not well):

  • Enterprise File Sync and Share – the process of sharing data by sending a hyperlink via email is not well supported by middleware
  • Large File Transfer – Very large files are not suitable for transformation and therefore are not often considered by middleware vendors
  • File repository – Managed file transfer systems normally provide a repository of data for download, often encrypted
  • Home folder management – mostly, if a middleware system permits users to have home folders, these have to be manually created
  • Development and Deployment – on the whole, managed file transfer allows for faster design and rollout of interfaces than middleware, which often requires full development teams

Conversely, Middleware can provide functionality that Managed file transfer often struggles with, for example:

  • Mapping, database lookups and transformation – middleware supports complex mapping operations, either custom or using internationally recognised templates.
  • Customisable interfaces – middleware provides a framework for development, meaning bespoke designs can be implemented.
  • Peer-to-peer relationships – generally only available in specialised Managed file transfer products (using agents for example), peer-to- peer interfaces are becoming more popular, especially when making use of cloud technology.
  • Adapter support – most middleware products provide adapters which allow connections to just about any kind of system. Managed file transfer systems are generally limited to a handful of transfer protocols
  • Realtime support – with the exception of AS2 transfers, most MFT transfer products are not well suited to synchronous transfers, whereas middleware will generally handle synchronous transfers without problem

In Summary

When considering simple automation, large file transfers or user initiated transfer, Managed File Transfer is better suited than middleware. When looking to introduce complicated interfaces, message transformations or realtime processing, consider using middleware.

The best solution however must come when there is a symbiosis of the two; traffic passes through a Managed file transfer system and is handled by the middleware product. From an automation perspective the flexibility of Managed File Transfer represents a tactical solution, whilst more persistent interfaces are developed using middleware.

If your company is considering implementing a system for securely exchanging data and integrating it into your internal network, you’ll need to know whether the features you require are provided by the leading managed file transfer solutions, or middleware systems. Download our free managed file transfer comparison guide, which provides an ‘at a glance’ list of features and much more:

Download a Comparison of 8 Leading Managed File Transfer Solutions!

 

MFT_Comparison Guide Img

In this essential pack you’ll also find…

 

  • Key features and frequently asked questions

  • Other business policies that will need to be considered

  • Access to additional resources

  • Side by side comprehensive comparison

    * Updated to include new vendors (October 2015)

The Pitfalls of Using IIS as an Internet Facing FTP Service

The Pitfalls of Using IIS as an Internet Facing FTP Service

microsoft-iisIIS (Internet Information Services) is the Microsoft product integral to Windows which provides web, email and FTP services. Many organisations make use of the FTP server component to transfer files to application servers inside their networks, relying on more dedicated secure file transfer servers for their public FTP services.

IIS as an SSL secured FTP server…

With the introduction of IIS 7.5, it became possible to use IIS as an SSL secured FTP server – until this time, IIS only ran in non-secure mode. Each successive version of IIS has increased its functionality to bring it closer to mainstream products; this raises the question of why not use it as a free alternative to more costly File Transfer Systems?

No SFTP though…

Let’s first consider the security that IIS provides; IIS allows the use of SSL encryption up to 128 bits. This is sufficient to meet most compliance criteria, however at this time it is not easy to improve upon without serious technical tinkering.
IIS FTP cannot provide (nor is it ever likely to) an FTP platform supporting SSH transfers. SFTP (SSH File Transfer Protocol) is a binary protocol using keys rather than certificates, and was developed on and for Unix. SFTP is very popular for internet based file transfers thanks in part to it being firewall friendly (only requiring a single port to function)ftp-server

Possible administration headaches…

Files and folders hosted by IIS FTP are protected by granting limited permissions to users, groups or roles via the IIS Manager (Read, Write, Nothing). The IIS manager does not contain the users or groups however – these are normal local or domain entities. This unfortunately means administration through two separate systems, increasing administration overheads. IIS does not check for existence of users or groups, which can lead to administration headaches from unintentional typos.

Permissions that are set are inherited down from server to site to folder; you can break inheritance and overwrite with your own permissions at each level, however you cannot restore the inheritance without losing all of your changes.

You cannot find all of the permissions set for a single user without checking every folder or exporting the configuration; unlike a more sophisticated solution, it is not possible to simply “grant the same access as Bob has”.

Administration of IIS FTP sites cannot be delegated or devolved, meaning either all administration is centralised, or else everyone has the ability to make any changes they desire in IIS. Configuration changes are logged to the event log (if enabled), however you will require a separate tool to generate reports from the event log.

On the subject of logging, an area of concern is the logging of regular FTP activities. This is done through standard W3C logging in the same way as a website would be logged.

 

2016-04-22 09:49:26 127.0.0.1 – 127.0.0.1 10020 USER FTPUser 331 0 0 1b3083fe-67a9-461d-926f-795946f267d8 –

2016-04-22 09:49:31 127.0.0.1 RichardWin7\FTPUser 127.0.0.1 10020 PASS *** 230 0 0 1b3083fe-67a9-461d-926f-795946f267d8 /

2016-04-22 09:49:38 127.0.0.1 RichardWin7\FTPUser 127.0.0.1 10020 CWD transfer 250 0 0 1b3083fe-67a9-461d-926f-795946f267d8 /transfer

2016-04-22 09:49:43 127.0.0.1 RichardWin7\FTPUser 127.0.0.1 10020 PORT 127,0,0,1,189,113 200 0 0 1b3083fe-67a9-461d-926f-795946f267d8 –

2016-04-22 09:49:43 127.0.0.1 RichardWin7\FTPUser 127.0.0.1 10019 DataChannelOpened – – 0 0 1b3083fe-67a9-461d-926f-795946f267d8 –

2016-04-22 09:49:43 127.0.0.1 RichardWin7\FTPUser 127.0.0.1 10019 DataChannelClosed – – 5 1 1b3083fe-67a9-461d-926f-795946f267d8 –

2016-04-22 09:49:43 127.0.0.1 RichardWin7\FTPUser 127.0.0.1 10020 STOR test.txt 550 5 1 1b3083fe-67a9-461d-926f-795946f267d8 /transfer/test.txt

 

Unfortunately, you cannot select the logging level – only the fields to be recorded into the log file. This means that effectively you will always run the FTP site at full logging.

In the same way as permissions are handled, IP Restrictions are placed at the server level and filter down to site level, then the folder/virtual folder level. Similarly, any changes made to inherited restrictions cannot be reverted on a granular level – it’s all or nothing.

IIS offers the notion of “user isolation”…

Finally, IIS offers the notion of “User Isolation”. This allows you to switch between having all users share a common root folder, or have an individual folder per user. Isolating users means locking a user into a single directory (and any subdirectories); the user can never reach someone else’s folder. Unless you select to use the users home directory as specified in Active Directory however, you will still have to manually create the home directory before the user can log on.

So realistically, should you use IIS FTPS sites for secure access from the internet?

The answer is…it depends on your needs. If you only have a very small number of files being transferred by a very small number of users who can all use FTPS, then it makes sense to use it.
If your user base is likely to grow into double figures, your external users need to use SFTP or audit reports are a necessity, then you really need to steer away from IIS. The overheads for administration and support of IIS FTP very quickly offset the cost savings gained from selecting IIS as a secure public facing file transfer platform.

Download a Comparison of 8 Leading Managed File Transfer Solutions!

 

MFT_Comparison Guide Img

In this essential pack you’ll also find…

 

  • Key features and frequently asked questions

  • Other business policies that will need to be considered

  • Access to additional resources

  • Side by side comprehensive comparison

    * Updated to include new vendors (October 2015)

Leading UK Pharmacy Centralises & Automates Data Transfer Requirements

Leading UK Pharmacy Centralises & Automates Data Transfer Requirements

well-logo

Well, the UK’s largest independent pharmacy with 800 stores, 7000 employees and 73 million prescriptions issued per year, faced a dilemma. They had just been acquired by Bestway Group from the Co-Operative Group and needed to continue to seamlessly exchange business critical data with customers and suppliers after their split.

With a considerable list of challenges that needed to be addressed, Well’s team approached the independent managed file transfer experts, Pro2col.

Well wanted to simplify and better manage their automated and manual data transfer, especially those through financial accounting systems.

Key requirements also included:

1. Data management efficiency through one secure, centralised platform for enhanced visibility and control
2. File transfer integration within their environment for business critical applications AND between third-party applications with partners, vendors, or suppliers exchanging data
3. Automation of financial accounting data to save time, improve security and increase accuracy
4. Full audit and reporting for improved diagnostics
5. Rapid deployment of new transfers on receipt of business requirements

To read the case study in full, learn more about Well’s challenges, and find out which solution they selected, download the case study today.

 
Case_Study Button_Dark

“We worked closely with Well’s IT Project Manager to clarify which configuration best met his immediate requirements, whilst ensuring the solution could grow to address their future strategic direction. Globalscape’s scalability is a great fit for customers with evolving needs.”

James Lewis

Managing Director, Pro2col Ltd

“In the case of major organizational changes, like Well’s acquisition by Bestway Group, old IT ecosystems may not be suited to handle future challenges brought upon by a new injection of resources and processes. However, by bringing on technology from Globalscape with the help of technology partners like Pro2col, Well is able to manage their data seamlessly and handle any potential requirements that arise as the business continues to scale now and in the future.”

Matt Goulet

Chief Operating Officer, Globalscape Inc.

Manchester United and the Exploding Mobile Phone

Manchester United and the Exploding Mobile Phone

It hit me at 3.20pm on Sunday, as fans started to pour out of the stadium that the game had been cancelled. The end of season party was over and the 3,500 travelling Bournemouth fans fell silent, the inflatable beach balls were popped. This wasn’t how it was meant to end.

At 8.00 a.m. that morning we’d left Bournemouth in eager anticipation at seeing the mighty Cherries playing at the Theatre of Dreams. We’d a five-hour road trip ahead of us but it didn’t matter, Bournemouth were safe from relegation and we were going for an end of season party. Nothing could spoil our day, or so we thought!

The sun was shining in Manchester as we approached the ground just before 3.00 pm. From outside the ground all we could hear was the Bournemouth fans in full song, the stadium was ringing with, “We’ve got more fans than you”. It should have registered then that something was afoot as our fans should have been, outnumbered 20 to 1.

secure-old-trafford-pic-1

We passed through the gates with security guards searching us, our tickets checked and only then were we permitted into the ground. After a quick pint we made our way out from the bowels of the stadium to our seats. Nothing could prepare us for the sight before us. The pitch was empty, no ground staff or player’s warming up, the North and East stands in front of us were completely empty, with not a soul in sight. Only the West stand contained any United fans and of course the 3,500 noisy Bournemouth fans in the away end. Something was wrong, very wrong!

secure-old-trafford-pic-2After a couple of minutes at our seats we noticed the arrival of sniffer dogs and security personnel scouring the other side of the stadium, which suggested something serious. However the regular communications over the tannoy system and with stewards close by keeping us updated as they got news, the fans felt assured they were in good hands.

When the announcement finally came that the game had been abandoned due to security concerns fans were efficiently ushered through the nearest exit and away from the stadium by the security personnel outside.

What Manchester United demonstrated on Sunday, was meticulous planning that had gone into dealing with a security breach. They had the reporting procedures in place, lines of communication open to ensure constant updates were available, resources in situ to manage developments at a local level and if needed, they knew how to quickly close down operations to avert a disaster. Whilst I was irritated spending nearly 11 hours in total travelling and not getting to watch the football, you had to wonder at the efficiency shown by Manchester United.

It begs the question, what processes, procedures, lines of communication and disaster planning does your business have in place to cater for a security breach. Can your company demonstrate Premier League standards to your customers? Does your organisation have the visibility it needs to know when there’s a problem and are your processes robust enough.

If you’re not sure, then the answer is probably no. This week we’re offering 10 free audits to assess whether your current file transfer strategies and technology is up to Premier League standards. So if you’d like to stay in the game, when all around you are trying to knock you off top spot, speak to one of our data security consultants today on 020 7118 9640.

Secure File Sharing at the Local Government Strategy Forum

Secure File Sharing at the Local Government Strategy Forum

Heythrop Park, April 12th – 13th

This month I attended my second Local Government Strategy Forum, at the beautiful Heythrop Park Resort in Oxfordshire. Invited by our partner Maytech, I was the ‘independent industry expert’ and had the pleasure of spending two days in this lovely environment, talking with senior management and C-suite executives from councils all around the UK.

heythrop-park

Before attending these events I had, what I believe to be a commonly held opinion, that council workers were underworked and overpaid. I’d read all the stories in the local press about the six-figure salaries and the cancellation of services to ensure their lavish lifestyle. However I’d never stopped to think what they actually did. Listening intently at these events has given me a small insight into the workings of councils, and whilst I’m sure there is still more efficiencies to be realised, I couldn’t have more admiration for the wide range of services they provide and the challenges they have prioritising them to balance the books.

The financial challenges being faced by councils has lead to them adopting a more business-like approach. They are looking at every aspect of their business to drive out wastage and streamline operations, and that’s where my expertise came in.

John Lynch, CEO, Maytech – presenting Quatrix on day one

Over the duration of two days I spoke with in excess of 50 delegates about their data sharing, collaboration, secure file transfer and business process automation challenges. Our experience in this area, working with council’s such as Cambridgeshire County Council, North East Lincolnshire Council and most recently Mid-Sussex Council, ensured we already had a view on some of the challenges being faced for data sharing in the public sector.

As ever there’s not one technology, which addresses the wide range of data sharing requirements of councils, our council customers are using solutions from five of our suppliers. The service we provide is to help them to fully understand their requirements and then choose the right solutions for their needs and budget.

If your council or company needs to address its file sharing, collaboration and secure file transfer requirements why not download one of our free resources below:

What is Managed File Transfer?

Managed File Transfer Starter Pack

Comparison Guide

Building a Business Case for MFT

Attachmate FileXpress Reaches End of Life

Attachmate FileXpress Reaches End of Life

It has been confirmed to Pro2col that Attachmate’s FileXpress product range listed below has been made end of life, and is no longer sold or supported by Attachmate.

  • Attachmate FileXpress LogoFileXpress Platform Server
  • FileXpress Internet Server
  • FileXpress Command Center
  • FileXpress FileShot

Attachmate FileXpress was an OEM* product from Tibco, who have now taken back full ownership of FileXpress and will continue to develop and support it under the Tibco name. Customers using Attachmate FileXpress are encouraged to engage with Tibco if they would like to continue under support.

If you’d like to take this opportunity to review other available solutions, our managed file transfer comparison guide enables you to review, at a glance eight of the leading alternatives: http://pro2col.com/managed-file-transfer-comparison-guide-download/

MFT_Comparison Guide Img

Pro2col are independent File Transfer experts, so if you require any assistance please don’t hesitate to contact one of our team on +44 (0) 1202 433415.

*Original Equipment Manufacturer

 

About Attachmate FileXpress

FileXpress is an Enterprise File Transfer solution which manages and executes the secure delivery of any-size file, across all major platforms, to any location. Amongst the FileXpress modules there is an Web Browser Portal, Windows FTP Clients and a Central Dashboard for initiating, tracking and auditing.