OFTP2

A New Communications Protocol

for the Automotive Industry

Mark Morley, Industry Marketing Director

Bob Heidish, Global Product Manager

 Today‟s Agenda

• Introduction

• How Does OFTP2 Work?

• Benefits of OFTP2

• Overview of GXS‟ OFTP2 Service

• Moving Forward with OFTP2

• Q&A

Slide 2
© Copyright 2010, GXS
 Introduction

Slide 3
© Copyright 2010, GXS
 History of OFTP2

• 1986 - OFTP defined by Odette International

• Primarily used across the European auto industry
• Deployed via secure communication lines (eg X.25, ISDN, ENX)
• No encryption of information

• 2004 - OFTP2 Odette Working Group Started

• 2007 - Odette SCX Project Started

• Security Certificate Exchange project initiated to find a way of
exchanging digital certificates between automotive companies

• 2008 - First OFTP2 pilot projects

• 2009 - First OFTP2 „Go Live‟ projects

Slide 4
© Copyright 2010, GXS
 Automotive Industry Requirements

• Globalisation has led to a need to

exchange information quickly, 24/7

• Increasing need to exchange files

securely between trading partners

• Requirement to exchange very

large files, eg CADCAM models

• Reduce network related operational

costs

Slide 5
© Copyright 2010, GXS
 Automotive Industry Requirements

• Requirement to onboard new

suppliers quickly

• Keen to adopt internet based

working practices

• Consolidation of communication
methods

• Upgrade projects underway to

replace legacy systems

Slide 6
© Copyright 2010, GXS
 Why is GXS Offering Support for OFTP2?

• GXS has supported OFTP since it was

launched in 1986

• GXS has already received many requests

from OEM/Tier1 related companies to find
out when we will be supporting OFTP2

• Tier1 suppliers are being asked by their

customers to support OFTP2

• Many older X.25 networks are being closed

down which is forcing companies to look
for alternative networking options

Slide 7
© Copyright 2010, GXS
 Volvo‟s Supplier Mandate for OFTP2

Slide 8
© Copyright 2010, GXS
 Current Status of OFTP2 Projects

• Volvo - will discontinue support for X.25 and ISDN at

the end of 2010, currently migrating suppliers to OFTP2

• Daimler – migrating to OFTP2 in Q211

• PSA – will discontinue support for OFTP over ISDN by

end of 2010, currently migrating suppliers to OFTP2

• Skoda – currently deploying OFTP2 to their suppliers

• VW, BMW, Scania – completing pilot projects and

asking suppliers to move across to OFTP2

Slide 9
© Copyright 2010, GXS
 Why is the Industry Trying to Standardise
on OFTP2?
• Many OEMs are terminating support for
X.25 and ISDN at the end of 2010
– Perceived as slow, mainly supported in Europe,
expensive to maintain, closing country by
country

• Offers a way to transfer large files quickly

to any location around the World

• Provides a way to secure sensitive design

and engineering information

• Web based nature of OFTP2 helps to

simplify supplier on-boarding

Slide 10
© Copyright 2010, GXS
 How OFTP2 Works

Slide 11
© Copyright 2010, GXS
 What Were the Original Goals of OFTP2?

• Expansion of original OFTP Standard

– Support of specific requirements of USA & Japan

– Support of the public Internet as a carrier

– Encryption and compression of data transfer

– Allow high volume of files to be sent in one package

– Transfer of large volume data files (> 10Gb)

• Ultimate aim was to develop one global standard for

batch data transfer via the internet

Slide 12
© Copyright 2010, GXS
 What are the Key Features of OFTP2?
• Can be used across various transport mechanisms
– TCP/IP over the Internet
– TCP/IP over VPN, ENX, ANX, JNX.....
– X25/ISDN
• Offers three levels of security
– Authentication & session encryption
– File encryption
– Electronic signature on files and end-to-end responses
• Provides large file transfer capabilities
– File compression
– File restart
– Meet special SASIG requirements
• Extending virtual file name
• Supporting transport of large files, typically > 10Gb
• Using international character sets, (UTF-8 & Unicode)
• Push and pull data transfer
Slide 13
© Copyright 2010, GXS
 OSCAR ID

• New users of OFTP2 will need to secure an

OSCAR ID from Odette‟s OSCAR system

• Provides a way to uniquely identify a company

• OSCAR allows the identifications of entities in

all physical and information exchanges

• Allows the use of the same coding system in

many different environments
– AutoID, EDI Messaging, File Transfer, B2B Portals

• OSCAR was designed specifically for the

automotive industry

Slide 14
© Copyright 2010, GXS
 OFTP2 Provides Three Levels of Security

• Session Security
– Utilisation of SSL/TLS encrypted TCP/IP communication links

– Encryption of each single TCP/IP packet

– Utilisation of X509 certificates and CMS format for the actual data
exchange

• Encryption of the data

– Utilisation of asymmetric encryption

• Signature and Verification

– Generating a hash of the data

– Encryption of the hash with its own private hash key

Slide 15
© Copyright 2010, GXS
 Three Levels of Transmission Security

Unencrypted Data

User 1 User 2

First Level of Security

Unencrypted Data Secure TLS

Authenticated by X509 Cryptographic Keys

User 1 User 2

Slide 16
© Copyright 2010, GXS
 Three Levels of Transmission Security
Second Level of Security

Encrypted Data Secure TLS

Authenticated by X509 Cryptographic Keys

User 1 Transmitted Data can be Encrypted
User 2

Third Level of Security

Encrypted Data Secure TLS

Attach Digital Electronic Signature

User 1 User 2
Authenticated by X509 Cryptographic Keys

Transmitted Data can be Encrypted

Slide 17
© Copyright 2010, GXS
 Example OFTP2 Configuration

Intranet DMZ
(Communications
Partner Server)
Data
OFTP2 OFTP2
Station Proxy

Port 3306 Port 6619 Internet

Data Encryption Establishing

Decryption connection for
Exchange Compression data transfer
Server Decompression

TLS (Line Encryption)

File Encryption

Slide 18
© Copyright 2010, GXS
 Exchange of Digital Certificates

• OFTP2 users have the option of exchanging digital certificates,

Odette offers a Certification Authority (CA) service

• Security certificates provide proof of identity of the partners,

allows encryption / decryption / integrity-check of files and
ensures non-repudiation of data exchange

• Trust-service Status List (TSL) established by Odette

• Odette is the trust guardian and provides this service to the

automotive industry community

• Odette TSL database contains details of the trustable security

certificate providers (CAs)

Slide 19
© Copyright 2010, GXS
 Odette Security Certificate Exchange

User 1 requests certificate from User 2

User 2 sends their certificate to User 1

User 1 User 2

Certificate
Exchange &
Authentication

ODETTE

TSL

Slide 20
© Copyright 2010, GXS
 Large File Transfer

• SASIG Meeting 2004

– How to exchange ENGDAT data
globally?

• ENGDAT involves the transfer of very

large (>10Gb) files
User 1
• ENGDAT has become a global
standard for exchanging CADCAM
files

• Fast and low cost networks are

User 2
important

Slide 21
© Copyright 2010, GXS
 OFTP2 Supports the Large File Transfer
Requirements of Today‟s OEMs

• OFTP2 allows large files to be

exchanged with ease

• Data encryption and exchange of

digital certificates addresses the data
security concerns of OEMs
User 1
• File compression (10% of original) is
used to reduce size of data transfer

• Supports check-point re-start

• Support for long file names and

User 2 international character sets

Slide 22
© Copyright 2010, GXS
 OFTP2 File Transfer Tests

Slide 23
© Copyright 2010, GXS
 Benefits of OFTP2

Slide 24
© Copyright 2010, GXS
 Benefits of OFTP2

• Only protocol that can handle older

network services such as X.25/ISDN, ENX,
as well as TCP/IP over the internet

• OFTP2, as with OFTP, has functions for

restarting and acknowledgement of receipt
of files

• Company‟s can implement the appropriate

security method to suit their needs, ie
session security, encryption and signature
verification

Slide 25
© Copyright 2010, GXS
 Benefits of OFTP2

• OFTP2, as with OFTP, is the only protocol

that is designed for handling product data
exchange using the latest Version 3 of the
global ENGDAT EDI Message

• Uses comprehensive file compression

techniques to ensure efficient exchange
of very large files

• Offers truly global connectivity to trading

partners located anywhere in the world

Slide 26
© Copyright 2010, GXS
 Comparison With Other Internet Protocols

Slide 27
© Copyright 2010, GXS
 Comparison With Other Internet Protocols

OFTP2 AS2 SFTP

X.25 Yes No No
Internet Yes Yes Yes
ISDN Yes No No
File Restart Yes In Process No
Security High High Medium
Certification Cost Low High None
Implementation Cost Medium High High
Availability EU Centric US Centric Global
Source : Based on Data Interchange Presentation at Odette 2008

Slide 28
© Copyright 2010, GXS
 Overview of GXS OFTP2 Service

Slide 29
© Copyright 2010, GXS
 An Important Customer has Requested
OFTP2…
… and you’re already connected to GXS for
trading with other partners:

And… GXS Solution

You don‟t want to make any • GXS OFTP2 Outsourcing

changes internally. Service

You want a direct OFTP2 • Direct connect to partner

connection to your using OFTP2
customer however you don‟t • OFTP2 Connectivity to
want to maintain multiple GXS to standardise on
connectivity options in OFTP2
house.

Slide 30
© Copyright 2010, GXS
 OFTP2 Outsourcing Service
Enables OFTP2 Trading Without Adding Infrastructure

®
Internet

GXS OFTP2
Your Company Outsourcing Service OFTP2 Trading Partner

• Suppliers comply with OFTP2 mandates without adding

infrastructure, expense & expertise
– Connect the way you prefer
– NO OFTP2 software, hardware, firewalls, special skills, etc. needed!
• GXS does all the OFTP2 work
– Exchange of OFTP2 setup information
– Testing
– Help Desk
– Real-Time document exchange
• Optional Translation Services
• Often lower cost than implementing direct OFTP2 when considering
the total cost of ownership and risk-avoidance

Slide 31
© Copyright 2010, GXS
 OFTP2 Connectivity to Trading Grid®
Standardise on a Single Protocol for all your B2B Needs

OFTP2 Internet ®

Your Trading
Company OFTP2 Direct Partners
Trading Partners

• Real-time, efficient communications with

Requirements:
your entire community
• One implementation with GXS – GXS • OFTP2 Software
manages community • Internet Connection
• 24x7 Dedicated Communications
• All the value-added transaction • 24x7 Support Personnel
management services
• Leverages OFTP2 Software already in place
• Reduce risk of failed connectivity

Slide 32
© Copyright 2010, GXS
 Odette OFTP2 Software Interoperability

• h has a program for software

interoperability certification
(https://forum.odette.org/repository/OFTP2%20Software%20Products.pdf)

• Our technology partner, Data Interchange , has

OFTP2 certified interoperable products
• The version of Data interchange‟s ODEX we use
(ODEX+) is compliant with the OFTP2 RFC

Slide 33
© Copyright 2010, GXS
 You Are a Large Company, With a
Growing Business…
… a mix of direct connects and VAN connections,
… and a need to focus on core business activities

GXS Solution
GXS Options
Solution Options Considerations
Considerations
• Global connectivity for all
• Messaging Services partners including OFTP2
• Trading Partner • High Availability
Enablement Services • Full SMB enabler portfolio

• No more mapping
• No more connectivity
• B2B Outsourcing
• Focus on core business

Slide 34
© Copyright 2010, GXS
 Moving Forward with OFTP2

Slide 35
© Copyright 2010, GXS
 Considerations for Responding to
Customers Requesting OFTP2
• Deliver In-house or use a Service Provider?
– How many partners are pushing OFTP2?
– In-house may fit best when you can address substantial
volumes of data
– Service provider may fit best when partners have a variety of
connectivity requirements including OFTP2 and volumes for
OFTP2 partners are not large

• Evaluate the likely direction of your non-OFTP2

partners

• Consider future needs to support other industry

initiatives or connectivity protocols

• Keep in mind, OFTP2 is a 24x7 commitment in most

cases

Slide 36
© Copyright 2010, GXS
 Considerations for Driving OFTP2
Adoption Amongst Trading Partners

• If they come, can you build it?

– Keeping up with suppliers ready to setup and test can be a
challenge
– Widespread “hub letters” can cause concern among partners
– GXS recommends a phased approach, using automation to help
with setup and testing
• Make mandates clear, what is changing, what is
not, what options exist
– Who has to move to OFTP2? Is it acceptable to use a service
provider?
• Make key technical decisions early and
communicate like crazy

Slide 37
© Copyright 2010, GXS
 OFTP2 Community Concerns to Resolve

• Who should partners contact with questions /

problems?
• What happens when an OFTP2 server has a problem?
• How will major technical changes be communicated?
• How will document status tracking be handled?
• How will expiring certificates be handled?

Early decisions will make implementation easier, but

maintenance will grow with the community, plan for it!

Slide 38
© Copyright 2010, GXS
 In Summary

• GXS OFTP2 Service:

– Removes the complexity of on-boarding trading
partners anywhere in the world
– Provides valuable resources to implement and
manage your OFTP2 environment
– Simplifies the ongoing management of your OFTP2
community
– Provides 24/7, multi-lingual support to address any
problems that may occur
– Allows you to focus on your core competencies

Slide 39
© Copyright 2010, GXS
 Questions?

Slide 40
© Copyright 2010, GXS
 Thank You

GXS Sales: GXS Websites:

US: 1-800-334-5669, option 3 www.gxs.com

EMEA: +44 (0) 1932 776047 www.gxs.eu

Slide 41
© Copyright 2010, GXS