Adding Server Definitions

You can use server definitions to define the configuration parameters necessary to send files to and receive files from destination servers. The Getting Internet Server transfers topic discusses the process of running transfers on a *LOCAL server definition. We also briefly mentioned how to get transfers working to other server types. This section discusses in more detail, the target Servers that MFT supports and how to get transfers working to these target servers.

For more information about server definitions, see the following sections:

Server Types Supported by MFT

The MFT server supports the following server types:

Server Type Function
LOCAL Send files to or receive files from any disk that the Command Center has access to.
Platform Server Send files to or receive files from Platform Servers.
FTP Send files to or receive files from FTP servers.
SSH Send files to or receive files from SSH/SFTP servers.
JMS Send files to or receive files from JMS servers.
AS2 Send files to AS2 servers.
HTTP Send files to or receive files from HTTP servers.
Microsoft Azure Send files to or receive files from Azure File Storage, Blob storage, or ADLS Gen2 storage.
Amazon S3 Send files to or receive files from Amazon S3 storage.
Google Cloud Send files to or receive files from Google Cloud Storage or BigQuery.
HDFS

Send files to or receive files from HDFS/Hadoop servers.
FileShare Send files to or receive files from MFT FileShare folders.
Email Send a file to a user as an email attachment.
Mailbox Send a file to a user as an MFT mailbox attachment.
Custom Server Write customized code to support protocols not supported by MFT.
SharePoint Send file to or receive file from Microsoft SharePoint servers.
OFTP2 Send files to a target OFTP2 Server.
Four Eyes Send files to a user as a Four Eyes attachment.

One of the advantages of the way that MFT is designed is that MFT virtualizes access to target servers. So, clients do not know where the target files are located. This also makes it easier to give a user access to upload and download files to multiple target servers.

Note: Not all functionality is supported on all of the server types.

The following subtopics list each server type, and its function.

LOCAL

You can use the local storage to save files on any disk accessible to the MFT instance. This can be an NFS share on UNIX, a UNC drive, or mapped drive on Windows. LOCAL servers are sometimes used for testing or debugging clients.

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are supported.

  • Checkpoint Restart is supported.

  • Files can be renamed or deleted; directories can be created.
Authentication No credentials required.
Considerations

  • When using multiple Internet Server instances, each instance should have access to the defined Server File Name directories. Therefore, you should use an NFS share or a UNC drive when multiple Internet Servers need to process transfers for LOCAL storage.

  • It is a good practice not to use LOCAL storage on servers running in the DMZ unless the files are stored in an encrypted mode. The exception to this is when running on a cloud server and the data is stored on secured cloud storage.

  • If you want to disable LOCAL storage, you can configure the AllowLocalServerDefinition web.xml parameter. By setting this parameter to false, you cannot define LOCAL server definitions. If the transfer users attempt to use an existing LOCAL server, the transfer fails with an error.

  • LOCAL storage can be used as a repository for FileShare and Mailbox services. Platform Server can also be used as a repository.

Platform Server

Platform Servers enable you to upload files to and download files from target Platform Servers.

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are supported.

  • Checkpoint Restart is supported.

  • Files can be renamed or deleted; directories can be created.
Authentication

  • User ID/password credentials are required when connected to target Platform Servers.

  • Certificate authentication when TLS or Tunnel mode is used for Platform Server for UNIX or Platform Server for z/OS.
Considerations

  • When using multiple Internet Server instances, each instance can connect to the same Platform Server. Hence, all files are accessible to all Internet Server instances.

  • When configuring Platform Server for "Implicit SSL" or "TLS Tunnel", you must associate the target Platform Server SSL key with the server definition.

To associate the target Platform Server SSL key with the server definition, perform the following steps:

  1. Go to Partners > Servers > Manage Servers.

  2. Select the Platform Server.

  3. Click the Retrieve Platform Server public key.

    The public key is retrieved from the Platform Server associated with the server definition, and is stored in the database.

  • When configuring Platform Server for "Implicit SSL" or "TLS Tunnel", the certificate associated with the MFT private key must be added to the Platform Server "Trusted Authority File" on UNIX/Windows, or the RACF keyring on z/OS.

  • Platform Server storage can be used as a repository for FileShare and Mailbox services. LOCAL can also be used as a repository.

FTP

FTP servers enable you to upload files to and download files from target FTP, or FTPS servers.

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are supported.

  • Checkpoint Restart is supported.

  • Files can be renamed or deleted; directories can be created.
Authentication

  • User ID/password credentials are required when you are connected to target FTP servers.

  • Certificate authentication when using FTPS explicit or implicit SSL mode.
Considerations

  • FTP/FTPS servers do not work well in the cloud due to the requirement for data and control connections. We recommend using SFTP when Internet Server is running in the cloud.

  • When using multiple Internet Server instances, each instance can connect to the same FTP Server. Hence, all files are accessible to all Internet Server instances.

  • FTP Transfer requires the following TCP connections:

    Connection Description
    Control Used to authenticate, change directories, and initiate transfers.
    Data Used to return list command responses and to perform uploads and downloads.
Note: Load balancers must be configured to send data connections to the same FTP server as the control connections.

  • Local TCP ports numbers are typically required when going through firewalls.

To define local TCP ports, complete the following steps:

  1. Go to Configuration > System Configuration > Global FTP Settings.

  2. Configure the following parameters:

    Parameter Instruction
    Limit Local Ports Set to Yes.
    Starting Port Set to the desired port or use the default.
    Number of Ports to Use Set the number of ports that can be used.

  • PORT and PASV mode are both supported. We suggest using PASV mode when communicating with target FTP/FTPS servers.

  • When configuring FTPS for "Implicit SSL" or "Explicit SSL", you must associate the target FTPS SSL key with the server definition.

To associate the target FTPS SSL key with the server definition, perform the following steps:

  1. Go to Partners > Servers > Manage Servers.

  2. Select the desired FTPS server.

  3. Click Retrieve FTP public key.

    The public key is retrieved from the FTPS server, associated with the server definition and stored in the database.

SSH

SSH servers enable you to upload files to and download files from target SSH servers. When used by MFT, SSH means SFTP. SFTP means transfers over SSH. This is different from FTPS, which means FTP transfers over SSL.

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are supported.

  • Checkpoint Restart is supported.

  • Files can be renamed or deleted; directories can be created.
Authentication

  • User ID/password credentials are required when connected to target SSH servers.

  • Certificate authentication is required.
Considerations

  • When using multiple Internet Server instances, each instance can connect to the same SSH server. Hence, all files are accessible to all Internet Server instances.

  • When configuring an SSH server, you must associate the target SSH server key with the server definition.

To associate the target SSH server key with the server definition, perform the following steps:

  1. Go to Partners > Servers > Manage Servers.

  2. Select the desired SSH server.

  3. Click Retrieve SSH public key.

    The public key is retrieved from the SSH server, associated with the Server definition and stored in the database.

JMS

JMS Servers enable you to upload files to and download files from target JMS servers. Currently, files are transferred using JMS queues, data written to JMS queues is written as JMS messages and not as files.

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are not supported.

  • Checkpoint Restart is not supported.

  • Files cannot be renamed or deleted; directories cannot be created.
Authentication

  • User ID/password credentials are optional when connected to target JMS servers.
Considerations

  • JMS configuration can only be configured by the MFT Command Center.

  • When using multiple Internet Server instances, each instance can connect to the same JMS server. Hence, all JMS queues are accessible to all Internet Server instances.

  • The JMS Server URL is configured globally for all Internet Server and Command Center instances. It can be overridden by selecting the "Override JMS Service Configuration" checkbox and defining the JMS Server URL in the "IP Address or fully qualified IP Name" text box.

The transfer definition defines the following JMS information:

  • Queue used for file transfers

  • Input Selectors

  • Output JMS Type and property Types

  • Max Message Size

AS2

AS2 servers enable you to upload files to target AS2 servers. Downloads are not supported from AS2 servers.

Point Keep in mind
Capabilities

  • Only uploads are supported.

  • File or directory lists are not supported.

  • Checkpoint Restart is not supported.

  • Files cannot be renamed or deleted; directories cannot be created.
Authentication

  • Credentials are optional when connected to target AS2 servers.

  • User ID/password credentials are not used when communicating to the target AS2 servers.

  • AS2 servers typically use public or private keys when communicating to AS2 servers.

  • Certificate authentication can typically be configured by setting the server definition to AS2 Options > HTTPS System Key parameter.
Considerations

  • For more information about AS2 Configuration, see the Configuring AS2 Transfers section.

  • When using multiple Internet Server instances, each instance can connect to the same AS2 Server. Hence, all AS2 servers are accessible to all Internet Server instances.

  • Since AS2 is encrypted using public or private keys, AS2 servers typically use the HTTP protocol. However, AS2 can be configured to use HTTPS communication.

  • By default, the AS2 protocol does not allow you to define the file name of the incoming data. However, MFT does support the AS2 file name extension. This allows MFT to perform the following tasks:

    • Extract the file name on incoming transfers.

    • Define the file name on outgoing transfers.

HTTP

HTTP servers enable you to upload files to and download files from target HTTP servers.

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are not supported.

  • Checkpoint Restart is not supported.

  • Files cannot be renamed or deleted; directories cannot be created.
Authentication

  • Credentials are optional when connected to target HTTPS servers.

  • User ID/password is supported.

  • Certificate authentication is supported.
Considerations

  • When using multiple Internet Server instances, each instance can connect to the same HTTP server. Hence, all HTTP servers are accessible to all Internet Server instances.

  • When configuring HTTPS, you must associate the target HTTPS server SSL key with the server definition.

To associate the target HTTPS server SSL key with the server definition, perform the following steps:

  1. Go to Partners > Servers > Manage Servers.

  2. Select the desired HTTP server.

  3. Click Retrieve HTTP public key.

    The public key is retrieved from the HTTPS server, associated with the server definition and stored in the database.

  • Uploads and downloads use standard HTTP transfer modes. Transfer definitions define whether to use Stream mode or Form/Post mode for uploads and downloads.

Microsoft Azure

Microsoft Azure Servers enable you to upload files to, and download files from target Azure Storage. The following Azure storage is supported:

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are supported.

  • Azure File, Blob, ADLS Gen2 support FTP/SFTP client Restart

  • Platform Server client Checkpoint Restart is supported for Azure File; it is not supported for Blob or ADLS Gen2

  • Files can be renamed or deleted; directories can be created.
Authentication

  • Credentials are required when connected to target Azure servers.

Azure Access Key

  • The Storage Account name is stored in the Account Name field.

  • The Access Key is stored in the Access Key field.

Azure Active Directory

  • The client ID is stored in the Client ID field.

  • The client secret is stored in the Client Secret field.

  • The tenant ID should be stored in the Tenant Id field.

  • The account name should be stored in the Account Name field.

Azure Managed Identities

MFT extracts authorization tokens from Azure and uses these tokens when accessing Azure Blob or ADLS Gen2.This type of authentication only works when MFT is running on an Azure virtual machine.

Use the Server Credentials Server definition to define the Account name, Object Id, and Access Key.
Considerations

  • When using multiple Internet Server instances, each instance can connect to the same Azure Server. Hence, all Azure Servers are accessible to all Internet Server instances.

  • By default, Microsoft Azure does not return the file "last modified date/time" for Blob or File storage. Individual calls must be made to get the file "last modified date/time", but this can delay directory lists. By default, the current date/time is displayed. If you want to get the actual "last modified date/time", set the "Microsoft Azure Options: Retrieve Last Modify" to "Yes". But this could slow down processing of directories with many files in it.

There are server parameters to speed up transfers to target Azure storage:

  • Upload Chunk Size

  • Number of Upload Threads

  • Number of Upload Buffers

Setting the "Upload Chunk Size" or the "Number of Upload Buffers" to high values can cause timeouts when the Client FTP or SFTP connection is faster than the connection to the Azure server.

Amazon S3

Amazon S3 servers enable you to upload files to and download files from target Amazon S3 storage.

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are supported.

  • Checkpoint Restart is not supported.

  • Files can be renamed or deleted; directories can be created.
Authentication

MFT supports the following authentication methods when transferring files with Amazon S3 storage:

  • Secret Key: Access Key ID is stored in the Server Credential Access Key ID, Secret Access Key is stored in the Server Credential Secret Access Key.

  • EC2 MetaData: MFT extracts authorization tokens from the Amazon EC2 image and uses these tokens when accessing S3 storage. This only works when MFT is running on an Amazon EC2 image and the EC2 image has been configured with rights to Amazon S3 storage.

  • SAML IDP Form: Extracts authorization assertions by simulating a log in to Amazon.
Considerations

  • When using multiple Internet Server instances, each instance can connect to the same Amazon S3 Server. Hence, all Amazon S3 Servers are accessible to all Internet Server instances.

There are server parameters to speed up transfers to target Azure storage:

  • Upload Chunk Size

  • Number of Upload Threads

  • Number of Upload Buffers

Setting the "Upload Chunk Size" or the "Number of Upload Buffers" to high values can cause timeouts when the Client FTP or SFTP connection is faster than the connection to the Amazon S3 server.

Google Cloud

Google Cloud Servers enable you to upload files to, and download files from defined buckets or datasets. The following Google Cloud products are supported:

Google Cloud Storage

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are supported.

  • Checkpoint Restart is not supported.

  • Files can be renamed or deleted; directories can be created.

  • Renaming directories are not supported.
Authentication

MFT supports the following authentication methods when transferring files with Google Cloud servers.

Google creates the JSON Service Account field that defines the credentials required to access Google Cloud products. Enter this information on the server definition "Google Cloud Options: Json Service Account File Content" field.

The Server Credentials tab is ignored for Google Cloud Server Type.
Considerations

  • When using multiple Internet Server instances, each instance can connect to the same Google Cloud Server. Hence, all Google Cloud Services are accessible to all Internet Server instances.

There are server parameters to speed up transfers to target Google Cloud servers:

  • Upload Chunk Size

  • Number of Upload Buffers

Setting the "Upload Chunk Size" or the "Number of Upload Buffers" to high values can cause timeouts when the Client FTP or SFTP connection is faster than the connection to the Google Cloud server.

BigQuery

Point Keep in mind
Capabilities

  • Uploads are supported.

  • Downloads are not supported.

  • File or directory lists are supported.

  • Checkpoint Restart is not supported.

  • Files can be deleted.

  • Renaming files or directories are not supported.

  • Creating or deleting directories is not supported.

HDFS

HDFS Servers enable you to upload files to and download files from target HDFS or Hadoop Servers. HDFS support is limited and supports only basic upload and downloads.

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are supported.

  • Checkpoint Restart is not supported.

  • Files can be renamed or deleted; directories can be created.
Authentication

MFT supports the following authentication methods when transferring files with HDFS Servers:

Authentication Method Description
Simple Only the user ID is validated. Passwords are not validated. This server is typically used for testing. If this is used, then some other mechanism should be defined for validation, such as limiting transfers to specific IP Addresses.
Kerberos A keytab is defined and is used to authenticate to a Kerberos server.

The Server Credentials tab is ignored for HDFS Servers.
Considerations

  • All HDFS Servers must use either Simple authentication or Kerberos Authentication. You cannot define some HDFS servers as Simple and some as Kerberos.

  • When using multiple Internet Server instances, each instance can connect to the same HDFS Server. Hence, all HDFS Services are accessible to all Internet Server instances.

FileShare

FileShare enables MFT clients (FTP, SFTP, HTTP, Platform Server) to send files to or receive files from the File Share component of MFT.

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are supported.

  • Checkpoint Restart is not supported.

  • Files can be renamed or deleted; directories can be created based on the FileShare rights the user has for the defined folder.
Authentication

MFT does not require authentication to the FileShare server. The user that initiates the transfer must be a FileShare user with the following folder rights:

  • Edit or Admin rights to allow uploads, renames, and deletes.

  • View, Edit or Admin rights to allow downloads.

The Server Credentials tab is ignored for FileShare servers.
Considerations

  • Transfer definitions that use FileShare servers must configure the FileShare user folder to point to the position in the FileShare where files can be transferred.

  • When using multiple Internet Server instances, each instance can connect to the FileShare Server. Hence, all FileShare Services are accessible to all Internet Server instances.

  • You can use this capability to automate sending files to or receiving files from FileShare folders.

Email Server

MFT Clients (FTP, SFTP, HTTP, Platform Server) can use Email Server to send files to target recipients as email attachments.

Note: When customers want to restrict files from being sent as email attachments, you can use the AllowEmailServerDefinition web.xml parameter to disable the ability to define email servers or initiate transfers to an email server. The default value true allows Email transfers; false does not allow Email transfers.
Point Keep in mind
Capabilities

  • Downloads are not supported.

  • File or directory lists are not supported.

  • Checkpoint Restart is not supported.

  • PGP is supported.
Authentication Depending on the target SMTP Server, authentication might be required. Use the Server definition "Server Credentials" to define the user ID/password for the defined SMTP Server.
Considerations

  • You can set limits for the attachment file size. We recommend using this capability for small files only.

  • Any server that can access the defined SMTP Server can send files as email attachments.

  • Only one attachment can be sent to a recipient as an email attachment.

  • PGP encryption can be used to encrypt attachments so that only the defined recipients can decrypt the attachment.

  • PGP is supported only for defined MFT users that have a PGP associated with the recipient.

  • Emails can be sent to defined MFT users or to any email address. The server definition "Email Options: Send only to defined users" parameter defined whether email attachments can be set to any email address or only to defined MFT users.

  • Tokens can be used to override email parameters on Transfer definition email Options: Recipients, Subject, and Message Text.

  • You can use this capability to automate sending files to target email users.

Mailbox

MFT Clients (FTP, SFTP, HTTP, Platform Server) can use Mailbox to send files to target recipients as mailbox attachments.

Note: With the AllowMailboxServerDefinition web.xml parameter, you can disable the functionality to define email servers or initiate transfers to an email server. This is required when customers want to restrict files from being sent as email attachments. The default value true allows Email transfers; false does not allow Email transfers.
Point Keep in mind
Capabilities

  • Downloads are not supported.

  • File or directory lists are not supported.

  • Checkpoint Restart is not supported.

  • PGP is not supported.
Authentication

Authentication is not required. Client users must be defined as FileShare or mailbox users.
Considerations

  • You can set limits for the attachment file size. We suggest using this capability for small files only.

  • Any Internet Server instance files as Mailbox attachments.

  • Only one attachment can be sent to a Mailbox attachment.

  • Mailbox attachments can be sent to defined MFT users or to any email address, depending on the Client user type.

  • Power users can send Mailbox attachments to Full, Power, or Guest users and can create Full and Guest users.

  • Full users can send Mailbox attachments to Full, Power, or Guest users and can create Guest users.

  • Guest users can send Mailbox attachments to Full and Power users.

  • Tokens can be used to override email parameters on Transfer definition email Options: Recipients, Subject, Message Text.

  • You can use this capability to automate sending files to target mailbox users.

Four Eyes

MFT Clients (for example, FTP, SFTP, HTTP, and Platform Server) can use Four Eyes to send files to target recipients as Four Eyes attachments.

Point Keep in mind
Capabilities

  • Downloads are not supported.

  • File or directory lists are not supported.

  • Checkpoint Restart is not supported.

  • PGP is supported.
Authentication Authentication is not required.
Considerations

  • You can set limits for the attachment file size. Use this capability for small files only.

  • A Four Eyes Approver must approve the request before the recipient can view and download the attachment.

  • You can automate sending files to target Four Eyes recipients along with approvers.

Custom Server

MFT customers can use custom servers to write java code to support target server protocols not supported by MFT Internet Server.

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • File or directory lists are supported.

  • Checkpoint Restart is supported.

  • PGP is supported.

Support for the above capabilities depends on the implementation created by the MFT customer.
Authentication

Authentication is up to the implementation. You can pass the user ID, password, and domain tokens to the implementation though the Server definition "Custom Server Options: Configuration data" parameter.
Considerations

  • MFT supplies sample code for the Customer Server Framework in this folder:

    <MFT-Install>/server/webapps/cfcc/example/customTransfers

    This directory includes the following steps:

  • Java Doc

  • Build procedures

  • A sample implementation that transfers files to or from a local directory.

  • It is up to the customer to write Java code for all of the required features.

  • All configuration information is defined through the Server definition "Custom Server Options: Configuration data" parameter.

SharePoint Server

SharePoint servers enable you to upload files to and download files from target SharePoint servers.

Point Keep in mind
Capabilities

  • Uploads and downloads are supported.

  • Directory navigation is supported within a document library. You cannot navigate through sites, sub-sites, and document libraries.

  • File or directory lists are supported.

  • Checkpoint Restart is not supported.

  • PGP is supported.
Authentication

Azure Active Directory

The client ID is stored in the Client Id field.

The client secret is stored in the Client Secret field.

The tenant ID should be stored in the Tenant Id field.

The account name should be stored in the Account Name field.
Considerations

  • When using multiple Internet Server instances, each instance can connect to the same SharePoint server. Hence, all files are accessible to all Internet Server instances.

  • To access SharePoint documents, you must define the SharePoint server URL for the document library. The SharePoint server URL can be defined in the following two ways:

  1. In the Server Definition > Required Server Information > SharePoint Server URL.

  2. By appending the Transfer Definition > SharePoint Properties > SharePoint Document Library Url to the Server Definition > Required Server Information > SharePoint Server URL.

  • Using the second option allows a single server definition with a single set of credentials, to access multiple sites, sub-sites and Document libraries.

 

OFTP2 Server

OFTP2 servers enable you to upload files to target OFTP2 servers.

Point Keep in mind
Capabilities

  • Uploads are supported. Downloads are not supported.

  • Directory navigation is not supported.

  • File or directory lists are not supported.

  • Checkpoint Restart is not supported.

  • PGP is supported.
Authentication

Authentication of incoming requests is performed by matching the incoming request with the following fields:

  • Partner Odette ID

  • Partner Password (optional)

  • Client TLS Server Certificate (optional)

  • Session Authentication (optional)
Considerations

When an incoming request is received, MFT matches the Partner's Odette ID against the Partner Odette ID of defined server definitions. When a match is found, the user ID used for the transfer is picked from the User ID for incoming requests server definition field. Transfer definitions for this user are used in the file transfer request from the OFTP2 client.

For more information on configuring OFTP2, see the Configuring OFTP2 Transfers section.

Creating a New Transfer Definition

Once you define the server definition, complete the following instructions to give a user access to files on that server:

    Procedure

  1. Go to Transfers > Internet Server Transfers > Add Transfer.

  2. Enter the required transfer information as described below:

    Field Name Description
    Server File Name Define the directory where you want to upload files to or download files from.
    Authorized User Id Select the client user that requires access. This can also be done through the Authorized Group Id.
    Authorized Group Id Select the Group that requires access. This can also be done through Authorized User Id.
    Transfer Direction Set to Upload, Download, or Both as needed.
    Virtual Alias Set to a Unique Virtual Alias for that user.

  3. Click Add.