Primeur Spazio MFT/s

AGENDA

• MFT needs
• Primeur MFT/S Solutions
• Primeur Spazio MFT/S
• Primeur DMZ

2016 Primeur © 2
 HOW DO MOST ORGANIZATIONS MOVE FILES TODAY?
Most organizations rely on a mix of homegrown code, several legacy products
and different technologies … and even people!
FTP
Typically File Transfer Protocol (FTP) is combined
with writing and maintaining homegrown code
to address its limitations
Why is FTP use so widespread?
• FTP is widely available – Lowest common
denominator
• Promises a quick fix – repent at leisure
• Simple concepts – low technical skills
needed to get started
• FTP products seem “free”, simple, intuitive
and ubiquitous
2016 Primeur ©
Legacy File Transfer products
• A combination of products often used to provide
silo solutions
• Often based on proprietary versions of FTP
protocol
• Can’t transport other forms of data besides files
• Usually well integrated with B2B but rarely able
to work with the rest of the IT infrastructure –
especially with SOA
People
• From IT Staff to Business staff and even Security
Personnel
• Using a combination of email, fax, phone, mail,
memory keys…
3
SHORTCOMINGS OF BASIC FTP
Limited Reliability Limited Security

• Unreliable delivery – Lacking • Often usernames and

checkpoint restart – Files can be lost passwords are sent with file – as
• Transfers can terminate without plain text!
notification or any record – corrupt or • Privacy, authentication and
partial files can be accidentally used encryption often not be
• File data can be unusable after available
transfer – lack of Character Set • Non-repudiation often lacking
conversion

Limited Limited visibility and

Flexibility traceability

• Transfers cannot be monitored and managed

• Changes to file transfers often require updates to
many ftp scripts that are typically scattered across
machines and require platform-specific skills to alter
• All resources usually have to be available concurrently
• Often only one ftp transfer can run at a time
• Typically transfers cannot be prioritized
centrally or remotely
• Logging capabilities may be limited and may only
record transfers between directly connected
systems
• Cannot track the entire journey of files – not just
from one machine to the next but from the start of
its journey to its final destination

2016 Primeur © 4
PRIMEUR VISION : THE HYPERCONNECTION CHALLENGE
Cloud Cloud Cloud Cloud
Provider 1 Provider 2 Provider 3 Provider 4

Customers Suppliers, Partners,

Counter-parties
E.g., SaaS, E.g., SaaS, Shared E.g., Contact E.g., SaaS
Sales VMI App Verification Community
Automation Service Management

Your business
processes increasingly
Internet of
span all these Mobile
Things Devices

LOB 2
LOB Headquarters
1

ESB (IT
Organizati
on)

Apps
(Line of Business)

The organisations have the challenge to integrate different application pillars,

Business Partners, Internet of Things, Cloud and Mobile and must create Secure
Data Flows
2016 Primeur © 5
PRIMEUR SPAZIO MFT/S AT A GLANCE
Addressing Companies’ needs for ...

• Flexiblity
• Security
• Manageability
• Efficency
• Integration

2016 Primeur © 6
PRIMEUR SPAZIO MFT/S - COMPONENTS
• Synchronous or Asynchronous File
Transfer based on File Repository
• Decoupling between Senders (humans or
applications) and Receivers
• Multi-platform & Multi-protocol
• Event Management
• File Versioning, Acknowledgement,
Priority
• No Loss, No Replication, Checkpoint
Restart
• Bandwidth Flow Control
• Security Standards Compliance
• Data Mediation
• Data Compression
• Integration with File Governance
• Management with Proprietary and
Standard protocols (i.e.SNMP)

2016 Primeur © 7
PRIMEUR SPAZIO MFT/S 2.5.1 - HIGHLIGHTS
- Centralized Metadata Registry
- New authentication architecture
(A3SP)
- Security (CAdES)
- Integration of Ebics
- Integration of new “High
Performance” protocols
• Reduction in z/OS consumption of up
to 30%
• Performance equivalent to FTP
• Use of JAVA in z/OS environment
- Pesit
• French Market
• Dissatisfaction with Axway (UK)
• Participate in integration projects of
diverse FT/MFT projects
2016 Primeur ©
- Improvement of WMQFTE integration
- Improvement of Connect:Direct integration
AS2
• Drummond certified (Using /N Software)
• All optional profiles included (CEM)
- Improvement of FTOM (File Transfer over MQ)
• Non-persistent messages
• Full checkpoint restart
- OFTP and OFTP2 Support
- Spazio Clients
- Archiving for z/OS
- Management Console
8
ASYNCHRONOUS FILE TRANSFER
De-coupling the application from the transport

2016 Primeur © 9
PRIMEUR SPAZIO MFT/S TRANSPORTS

Features and Functions

• Guaranteed delivery
• Checkpoint & Restart depends on the capabilities of the transport
• Distribution Lists
• Predefined, Dynamic, Multi-hop
• A full series of Ack Handling:
• On Put, Moved to Destination, Read by the Target Application
• Negative Acknowledgement
• File Priority
An extensible framework allows the integration and management of ‘new’ data mover
transports
2016 Primeur © 10
REGISTRY & REPOSITORY

METADATA

Contains the File Descriptors

• A very rich set of File metadata
• Attributes related to the file content
• Attributes related to the file life cycle
• They can be extended with User Defined Data

Management of File Versioning according to various criteria

• Order of arrival, CorrelationID, Sender, consultation Flag

Based on a Data Store mechanism

• It allows Regulatory Compliance
• It simplifies the implementation of complex retention schemes
• Various persistence options

2016 Primeur © 11
 PRIMEUR SPAZIO MFT/S REPOSITORY

INFRASTRUCTURE

SNMP agents for major vendors

• Includes Tivoli, BMC, HP and Open Source solution

Management of the entire Spazio MFT/S infrastructure

• Queue Manager Status
• Queue status
• Errors in file transfer

2016 Primeur © 12
PRIMEUR SPAZIO MFT/S - EVENTS

• The triggers are activated:

• Each time a new File is delivered to Spazio MFT/S for transport
• Each time the File is moved (received/sent)
• Each time that a set of Files defined in a Table is moved

Event Management is fully integrated with schedulers

Supports Checkpoint & Restart in Triggered Applications

2016 Primeur © 13
 PRIMEUR SPAZIO MFT/S- TRANSFORMATION

• EBCDIC/ASCII and Multi-Language Code Page

• Integration with JMS providers like WebSphere MQ and TIBCO or other engines that
provide this interface
• Integration with WebSphere Message Broker enabling the broker to process files directly.
• Integration with SAP NetWeaver PI
Strategic alliance with Adeptia to provide the New Ghibli Business Integration

2016 Primeur © 14
PRIMEUR SPAZIO MFT/S - FMTJ
File-Message Transformer - Java

File to Message Message to File

• A single message • Groups Messages in a File by: specific
• One record = One message Queue, messages, Content
• Messages in one or more files

2016 Primeur © 15
SPAZIO MFT/S – FILE EXTENDER
Extends WebSphere Message Broker to manage files

Mail Server Mail Server FTP Server

HTTP Browser

File
WebSphere File
Spazio MFT/S Spazio MFT/S
File Input File Output
FTP Server HTTP Browser

XCOM C:D Spazio MFT/S

Spazio MFT/S XCOM
ISC ISC
C:D
Route
&
Transform
WMQ Input WMQ Output
Server Server

Message Message Broker Message

Message Broker

Mainframe Mainframe

2016 Primeur © 16
BUSINESS INTEGRATION & DATA TRANSFORMATION

2016 Primeur © 17
BUSINESS INTEGRATION & DATA TRANSFORMATION
External Locations, Partners, and Services

Cloud/SaaS Applications &

Customers Intermodal /3PL Partners Services

Ghibli
Business
Integrator
Dashboard / Reporting
/ Activity Monitoring

Enterprise Applications
Windows / Linux / IBM i / VMware Enterprise Data
On-premise Applications, Services, and
Data

2016 Primeur © 18
PRIMEUR SPAZIO MFT/S - SECURITY

Authentication and Authorization during access

• Defined centrally
• Supports an Authentication Server
• Can be integrated with LDAP, Active Directory, …
• Resources managed: Distribution Lists, Queues, Files

End-to-End and Point-to-Point

• Information Integrity (No Tampering)
• Information Privacy (Encryption)
• Authentication (file authentication)
• Non Repudiation
• Peer Entity Authentication
• Key Management
• PKI Compliance
• Standard Digital Signature

2016 Primeur © 19
 SPAZIO AAA (A3SP) SERVICES
Audit
• Full centralized user
activity tracing facility
• No tampering system
• Audit records protected
via HMAC algorithms.
• Pluggable audit repository
target:
• File system
• Database
• Network subsystems
• Standard external logging
facilities (e.g.. syslog)
2016 Primeur ©
AAA
Services
Authentication
Authorization
Audit
Authentication Authorization
• Central management of user • Centralized RBAC
credentials management system
• Username / Password • LDAP based policy repository
• Strong authentication
(X.509, OTP, Radius . . ) • Customer provided
authorization pluggable
• Password policy and system
account management
• Multiple Internal/Customer
provided pluggable user
repository
• Out of the box support for:
LDAP, AD, RACF credential
repository
20
 DATA SECURITY AAA
Services

Authentication

Authorization

Audit
Token Management Point-to-Point End-to-End
• Local software/hardware token • Common centralized security • Data protection and integrity
support infrastructure management guaranteed from producer to
system end consumer
• Remote Virtual security tokens
• Private keys centralized • Support for standard and • International standards
management and proprietary security format compliancy
deployment protocols • PGP
• RSA / asymmetric keys • HTTPS • PKCS7
computation offload • SFTP • CMS
• Cryptographic hardware • FTPS • CAdES
integration • Pesit over SSL • Business level protocol
• Centralized X509 certificates • Primeur proprietary support
management • EBICS
• External/embedded PKI • AS2
integration via Simple • External FIP S140-II cryptographic
Certificate Enrolment Protocol hardware tokens support
(SCEP) for X509 user certificates
management

2016 Primeur © 21
 PRIMEUR SPAZIO MFT/S – USER INTERFACES

Multiple APIs and Utilities to interact with Primeur Spazio MFT/S

• JMS Provider, an extension of the Standard JMS P2P Classes
• Batch Utilities
• Windows GUI
• .NET from the client
• z/OS – Assembler

2016 Primeur © 22
 PRIMEUR SPAZIO DMZ GATEWAY

• No data (files or configurations) in the DMZ

• The connection between the inside and the DMZ is open only from the inside
• Communication between the DMZ and the internal network is protected (encrypted) and both are
authenticated
• Applicable to all IP-type transports managed by Primeur Spazio MFT/S , such as PR5, FTP (also in
secure mode) ,HTTP,…

2016 Primeur © 23
THANK YOU
THANK YOU

www.primeur.com