CreationDirect via VPN User Manual
Contents
1. 6 Select the remote user entry and click on Properties to display the Edit User Proxy dialog box Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual LA CreationDirect via VPN Edit User Proxy cdabcO1 PN_S R_PRD for cOnnectadm El E Main Directories Permission Copy Send User be Copy Receive User Directories Upload C Clearsteam Banking Instructions eI Download C AClearstream Banking Reports Process C Clearstream Banking Processes Program C Clearstream Banking Programs Cancel Help 7 Select the Directories tab to display and update the Directories as follows Upload C Clearstream Banking Instructions Download C Clearstream Banking Reports Process C Clearstream Banking Processes Program C Clearstream Banking Programs optional 8 Select OK and close all dialog boxes Checking the User Authority configuration 1 Select Functional Authorities PHE Functional Authorities User Authorities Group Authorities Properties New Admin New Genusr Delete Cancel Help 2 Select user COnnectadm 3 Select Properties February 2010 Clearstream Banking Luxembourg 2 30 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect 4 Click on the Directories tab 5 Click on the Browse button and select the following directories Edit User COnnectadm for2. Feature Description E E v Server SS Hear My SOL om E Requester Imetalsmield 4 Highlight the Secure item use the associated dropdown list to ensure that the icon is not a red X and click on Next to go to the Secure Information dialog box Clearstream Banking Luxembourg CreationDirect via VPN User Manual February 2010 CreationDirect via VPN i Connect Direct for Windows InstallShield Wizard Secure Plus Information D Tf this is a new installation you must imtialize Securet by launching the Securet Admin Tool after completing installation Reter to the help tor assistance 2 The Securet SSL protocol uses the Sterling Certificate Wizard to generate Certificate Signing Requests SE and verity Feey Certticate fles The Certificate Wizard is shipped with this product on a separate CD ROM 4 This software is subject to Us Export Adrunistration Regulations EAR EAR governs the manner in which certain encryption alet ree TAL T he need Installshield E Cancel 5 Read the information as necessary and click on Next to complete the installation of the Secure Option and go to the Configure CONNECT Direct Server dialog box i Connect Direct for Windows InstallShield Wizard Configure Connect Direct for Windows Server Select a configuration option Default j x Use the default installation settings
3. February 2010 Clearstream Banking Luxembourg Z CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect Checking the configuration of CONNECT Direct You check the configuration of CONNECT Direct by submitting two sample processes e Sample cdp to check that you can submit a process on your computer Welcome cdp to check the communications between your computer and Clearstream Banking Submitting the Sample process This test is to submit the process called Sample cdp that copies a file and shows that you can successfully submit a process To start CONNECT Direct 1 Select Start Programs Sterling Commerce Connect Direct v4 4 00 CD Admin Tool to display the Admin Tool dialog box T Admin Tool Ee O x Server View Active Directory Help e 2 EEE Local Machine me SNODENAME v4 4 00 Build 063 51370739 For Help press Fl 2 If your server has a red traffic light icon to the left of it click on the green traffic light on the toolbar The server traffic light will change from red to green indicating that the CONNECT Direct service has started To submit the sample process 1 Select Start Programs Sterling Commerce Connect Direct v4 4 00 CD Requester to display the CONNECT Direct window 2 Select File Open and browse to folder C Program Files Sterling Commerce Connect Direct v4 4 00 Server process and open file sample cdp It will be opened in the Client Area of the Requ
4. 207 862 7100 Fax 352 243 638110 49 69 211 61 40 69 44 0 207 862 7254 Email connectivitysupport cbldclearstream com Before contacting CBL please ensure that you have the following information to hand e Your organisation name and account number with Clearstream Banking e Your telephone number fax number and email address e The CONNECT Direct version number and the operating system on which it has been installed e Details of the problem please have full details available e fyou have received an error message full details of the error with the error message number Customers should note that as is normal practice within financial organisations CBL has implemented telephone line recording to ensure that the interests of CBL and of its customers are protected against misunderstandings or miscommunications Areas subject to telephone line recording include Customer Services the Treasury Dealing Room and back office operations The recorded lines are the subject of an ongoing formal maintenance and quality control programme to ensure their continued effective and appropriate deployment and operation February 2010 Clearstream Banking Luxembourg IV CreationDirect via VPN User Manual DEUTSCHE BORSE clearstream croup Contents FOr CWO panini aOR ER i IA EN EEEE O A A A ETE AT E E EE T A T EE PSO T T II What features does CreationDirect Off 6 oo eee li What benefits does CreationDirect offer eee lil a ae Se yy E T I
5. CONNECT Direct on the following operating systems Platform Hardware Operating system Windows version 4 4 00 or later 512MB RAM minimum 200MB disk space e Microsoft Windows XP Professional SP2 e Microsoft Windows 2003 Server 32 bit version 64 bit version on Itanium e x64 64 bit version on Xeon Pentium with EM64T e Clustered environment e Microsoft Windows Vista Enterprise e Virtualization software All of the above options running under VMware Infrastructure 3 VMware ESX server UNIX Linux version 3 8 00 or later 64MB RAM minimum 50MB disk space HP PA RISC HP UX version 11i or 11iv2 HP Integrity system with HP UX version 1 liv2 Intel Itanium processor IBM System po AIX 5L version 5 2 or 5 3 Sun SPARC system Solaris version 9 or 10 including Solaris 10 Zones Sun x64 system with Solaris version 10 including Solaris 10 Zones AMD Opteron processor x86 system e Solaris version 9 or 10 including Solaris 10 Zones e SuSE SLES version 9 or 10 e Red Hat Advanced Server version 3 or 4 Linux zSeries e SuSE SLES version 9 or 10 e Red Hat Advanced Server version 3 or 4 HP Alpha Tru 4 UNIX Tru64 version 9 1 A z OS version 4 6 00 or later z OS Refer to the web site of Sterling Commerce Inc for more information For other operating systems please refer to the web site of Sterling Commerce Inc Note Use of the Secure module is mandatory for connecting with the Clearstream Banking ba
6. Kennedy L 1855 Luxembourg Postal address Clearstream Banking L 2967 Luxembourg February 2010 Document number 5534
7. New Work List weed 7 Process Monitor iH Select Statistics Ee Nodes SS Fies B3 Metmap for S alidating nodes Metmap Validation Successful r ial 4 ey elt Output Work List Status A Activity Loy lal gt NODENAME COnnectadm 7 Netmap Updated 4 Within the window area for the node right click and select Insert to display the Netmap Node Properties dialog box 9 In the Node area do the following Set the name of the node to VPN _SVR_PRD Set the operating system to UNIX Note The table below recaps the node names and IP addresses for production and test environments Check these addresses with your network team as they may have been translated to other values for local security reasons Node name IP address Clearstream Production VPN RVR GRU 194 235 205 177 Clearstream Test VPN_SVR_SEB 194 235 205 166 In the Options area do the following Set the sessions values as follows depending on whether CONNECT Direct is installed on a workstation or server Windows XP Vista Windows server Max Pnode Sessions 1 1 Max Snode Sessions 2 at least 4 Note The Pnode and Snode values must correspond with the values in the Netmap on Clearstream Banking s UNIX server the Pnode corresponds to Clearstream Banking s Snode and the Snode corresponds to Clearstream Banking s Pnode Set the Default Class to 1 February 2010 Clearstream Banking Luxembourg 2 24 CreationDirect via VPN User Manua
8. Process Tools Admin window Help la x aedasa eelan Ik SIG ES BE CREATION CP K CREATION HUB ls SSC APPL Mh CALLSSC AUN TASK SNODE PGM UNIX SYSUPTS ls SSC_SERVER1 F End PEND 3 Hesr Submit Process pE Send Receive File T Run Task J Run Job BE nitparms ER Tracing E By User Authorities fff Proxies mg Netmap S JE Translation Table cAi Stop Mode oo Mew Process New Work List Lon Lid Process Monitor Ape Select Statistics d WOLUHS195 SSC SERVERAT 3 With the process in the Statement View right click in the Client Area and select Validate to check the process syntax and display the result of the validation in the Output Window at the bottom of the window You will see the text PDE Validation Successful displayed as shown Submitting the Sample process on page 2 51 If the validation is not successful double check your configuration before repeating this check 4 With the process in the Statement View right click in the Client Area and select Submit to display the Submit process dialog box 9 Select OK to submit the process and for the process to be run February 2010 3 10 If successful the post process procedure will then be run and on completion the reports can be found in folder C Clearstream Banking Processes or your customised report download folder Otherwise the error process
9. Wizard Generate SSH Keys Verify Certificate Self Signed Certificate Import To Trust Store Generate CSR Generate Key Certificate Generate CA Certificate Chain Welcome to Certificate Wizard Version 1 3 00 This application can be used to generate the following files Certificate Signing Request CSR Self Signed Certificate Key Certificate PACS 12 or Java Keystore file CA Certificate Chain SSH Keys Java Trust Store Also this can be used to view and verify a certificate or a key certificate Click the proper tab to proceed Copyright 2001 2009 Sterling Commerce Inc All rights reserved 2 Select the Generate CSR tab to display the following dialog box Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual E CreationDirect via VPN E Certificate Wizard Generate SSH Keys Verify Certificate Self Signed Certificate Import To Trust Store Welcome Generate CSR Generate Key Certificate Generate CA Certificate Chain Please enter the following information about your site Common Name NODENAME coms reta T7 State Province STATE lt City Locality lety Organization Company Name COMPANY OL Organization Unit s Email Address EMAIL MAIL COM 3 Complete all the following fields that provide the information about your organisation Common Name Enter the name of your CreationDirect node for example NODENAME Country Select
10. all details and settings are as required and select OK to return to the Client Connection Utility where the new user will now be listed for the NODENAME server gt COnnectadm Client Connection Utility Of x File Edit View Options Help feil x SAF FNODENAME lS COnnectadm For Help press F1 Do not forget to use File Save to save your changes 1 The node name NODENAME is used for illustration purposes in this document Please use the node name provided by Clearstream Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual EA CreationDirect via VPN Checking the CONNECT Direct installation To check that CONNECT Direct has been installed correctly 1 Return to the Admin Tool dialog box or re open it by selecting Start Programs Sterling Commerce Connect Direct v4 4 00 CD Admin Tool 2 Select the node and click on the red traffic signal on the toolbar to restart CONNECT Direct Then restart the server the traffic signal will change from red to green and the Connected to NODENAME message in the status bar will indicate that the connection is established 4 2 ik Nodes Fil 3 Select Start Programs Sterling Commerce Connect Direct v4 4 00 CD Requester to display the CONNECT Direct window hae Connect Direct E H NODENAME E Z Submit Process fel Send Receive File E vee T Run Task T Run Job a Initparms San Trac
11. is 0 or 100 indicates your request has been accepted and will be processed continue from Return code equal to 0 or 100 on page 4 3 e A value that is over 100 indicates a problem identified by CreationDirect continue from Return code greater than 100 on page 4 3 February 2010 Clearstream Banking Luxembourg 4 2 CreationDirect via VPN User Manual 4 roubleshooting Return code between 1 and 99 A return code that is between 1 and 99 indicates a problem with CONNECT Direct or your process In this case locate the associated error message in the Statistics Report as described below and take the appropriate action Using the Statistics Log In general the instruction validation report file should be returned to your system within five minutes Whenever a report has not arrived within the expected time check your CONNECT Direct statistics As a CONNECT Direct process executes it creates statistics records that indicate the outcome of each step of the process On a Windows NT platform display the Statistics Report to see the history of processes that are executing or have executed or are executing You can access statistics by choosing Select Statistics in the Control Pad area of the CD Requester for Windows Check the statistics to see if the error process was run for any subsequent process with the same task ID Return code equal to 0 or 100 A return code of 0 or 100 indicates that your request has been accepted by Creati
12. not change this statement Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual J CreationDirect via VPN Processes provided with CreationDirect This section describes the processes provided with CreationDirect and their associated parameters A process is designed to perform one of the following functions Post processing action to be taken when a process completes either successfully or unsuccessfully Submit instructions File handling The following processes are provided with CreationDirect Post processing processes LOGMSG to write a date and time stamped message to a text file when a process completes successfully LOGERROR to write a date and time stamped message to a text file when a process does not completes successfully Submit instructions process TRANSEND to send a file of instructions File handling processes FILELIST to request a listing of all the files in your Filestore at Clearstream Banking FILERETR to request the transfer of a file from your Filestore at Clearstream Banking to your CreationDirect server How to submit a post process Two post processes are provided with CreationDirect LOGMSG is to be run when a process completes successfully This process is associated with variable amp PPROC in the processes supplied to you by Clearstream Banking This process writes a date and time stamped message to a text file when a process completes suc
13. of the CreationConnect suite of connectivity products all of which are designed to run either independently or together as an integrated package for our customers CreationDirect offers bi directional high volume data transfer and is 15015022 compliant CreationDirect is a highly secure and reliable system to system connectivity solution that enables extensive data exchange between Clearstream Banking and its customers and can be seamlessly integrated with customers in house systems CreationDirect is fully automated making it an ideal component in a straight through processing STP environment CreationDirect improves productivity and enables STP since it is controlled by business applications with no requirement for manual intervention as shown in the following diagram Customer environment N woje LAT L Scheduled reports delivery CreationDirect instruction submission Instructions CreationDirect supports the transfer of all instructions at high speed over Clearstream Banking s secure IP based Virtual Private Network 1 Clearstream Banking s VPN is managed by Orange Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual CreationDirect via VPN Reporting CreationDirect provides immediate distribution of scheduled reports to customers supporting printable formats as well as other processing formats for integration with standard desktop applications Customers can schedule the repo
14. rere a 7 Enter the passphrase that you specified when you generated the keys as entered in Step 5 on page 2 37 and select OK to populate the Certificate File field with the certificate file name and location 8 Select Yes for Enable Client Authentication 9 Enable the cipher suite SSL_RSA WITH _3DES_ EDE CBC SHA as shown above Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 2 47 CreationDirect via VPN 10 Select OK to close the Edit Record dialog box and update the parameters file which will be similar to H Secure Admin Tool C Program piles Sterling Commerce C File Edit key Management Help Mode Mame Filter b et RPO wa H a H o ae o o o o H NODENAME Ro Fo F WPNSVRPRD RF onnect Direct 4 4 00 ServerSecure nodes February 2010 Clearstream Banking Luxembourg 2 48 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect Configuring the remote nodes for the TLS SSL protocol After you have configured the local node you need to configure Secure Option for each remote node entry including the remote node entry for your own node name NODENAME in this manual To customise a remote node record iF From the Secure Option Admin Tool Main Window double click the remote node record to display the Edit Record dialog box 2 Select the TLS SS Protocol tab and click on the TLS SSL Options tab eS 2 ot EP Clearstream Banki
15. site to the CreationDirect server at Clearstream Banking In this way you maintain control over the information submitted while leaving control of the information flow to Clearstream Banking Note It is recommended that the CONNECT Direct Process Monitor displaying the TCQ is checked periodically to ensure that all requests to Clearstream Banking have been processed This procedure can be automated if required Please refer to the CONNECT Direct SDK Programmer s Guide for your platform Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual CreationDirect via VPN Contacting Clearstream Banking If you cannot resolve a problem as described in this chapter please contact the Clearstream Banking Connectivity Help Desk as described in Where to get assistance on page iv Before contacting the Help Desk please ensure that you have the following information at hand e Your organisation name and account number with Clearstream Banking e Your telephone number fax number and E mail address e The CONNECT Direct version number and the operating system where it has been installed e Details of the problem please have full details available e If you have received an error message full details of the error with the error message number If you have this information at hand we can respond with more efficiency to solve your problem as quickly as possible Identifying the type of problem Nearly all proble
16. sll n Hun Task CALLSSC HUN TASK SNODE PGM UNI SYS0PTS F End FEND YR CREATION_CP wi E CREATION HUB Yk SSC_APPL G R SSC_SERVER1 Submit Process Fe Send Receive File aed K Run Task J Run Job EES nitparme E Tracing BY User Authorities fff Proxies mg Netmap JE Translation Table cAi Stop Mode iE Mew Process New iWork List jG Process Monitor Arn Select Statistics d LA WOLUH91 95 ee PE S Bz Nodes IZ Fies E ceotrans 3 Right click in the Client Area and select Edit View to display the process in Edit View 4 Amend the parameters as appropriate for your business needs 5 Save the process Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual J CreationDirect via VPN How to submit a process This section shows you how to submit a process The process shown is the TRANSEND process that produces the instruction validation report To submit the TRANSEND process 1 55 Nodes BA CEDTRANS Select Start Programs Sterling Commerce Connect Direct v4 4 00 CD Requester to display the CONNECT Direct window Select File Open and browse to folder C Clearstream Banking Processes or your customised report download folder and open file TRANSEND CDP It will be opened in the Client Area of the Requester window in the Statements View as shown CONNECT Direct CEDTRANS cdp I File Edit View Node
17. submit processes the processes folder To run programs the program folder optional If you define a programs folder and you attempt to run for example the DOS echo command you will need to make sure that the appropriate DOS files are available within this folder or the CONNECT Direct restriction will prevent you from running the echo command If you do not define specific folders as suggested above CONNECT Direct will use the default folders as specified in the Initparms initialisation parameters settings Clearstream Banking supplies its own CreationDirect processes that are to be stored in the process folder To define folder restrictions 1 Create the following folders C Clearstream Banking Instructions C Clearstream Banking Reports C Clearstream Banking Processes C Clearstream Banking Programs if required Copy the CreationDirect processes supplied by Clearstream Banking from the CreationDirect Processes folder on the CreationDirect CD ROM to folder C Clearstream Banking Processes Select Start Programs Sterling Commerce Connect Direct v4 4 00 CD Requester to display the CONNECT Direct window as shown on page 2 20 Select Window Workbook mode Double click the Proxies option from within the Control Pad to display the User Proxies dialog box User Proxies El Ea Remote User Remote Node Local User Uploa YVPN_SVA_PROD cUnnectadrm User lnsert Delete Help 4 Close
18. the appropriate country from the list State Province Enter the appropriate information or type NA if not applicable City locality Enter the appropriate name Organization Company Name Enter the appropriate name Organization Unit s Enter the appropriate name Email Address Enter the appropriate email address Note The Organization Company Name and Organization Unit s details may be used for verification purposes with Clearstream Banking 4 Select Next to input more details Certificate Wizard Generate SSH Keys f Verify Certificate Self Signed Certificate Import To Trust Store Welcome Generate CSR Generate Key Certificate Generate CA Certificate Chain Private Key Length 1024 Type the passphrase tom b Tp 255 characters long used to encryptthe contents of the private key Passphrase sssrssssses Confirm Passphrase ssssssssss February 2010 Clearstream Banking Luxembourg 2 36 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect 9 Do the following Set the Private Key Length to 1024 Enter a password also referred to as passphrase and re enter the password to confirm it 6 Select Next to input more details E Certificate Wizard Generate SSH Keys Verify Certificate Self Signed Certificate Import To Trust Store Welcome Generate CSR L Generate Key Certificate Generate CA Certificate Chain Specity the cipher to encrpt th
19. will be run Clearstream Banking Luxembourg CreationDirect via VPN User Manual 3 Using CreationDirects business functionality Creating a schedule of regular operations Once you have created and configured CreationDirect processes to meet your business requirements you can schedule processes to be run automatically The scheduling facility enables you to retrieve a report or send instructions at a set time for example each day at 09 00 It is more suitable for use where you have a fixed timetable for example when retrieving reports at set times Note You create a separate schedule for each report retrieve process To schedule a process 1 o pe 8 Select Start Programs Sterling Commerce Connect Direct v4 4 00 CD Requester to display the CONNECT Direct window Select File Open and browse to folder C Clearstream Banking Processes or your customised report download folder and open the file containing the process to be scheduled to display the CONNECT Direct window With the process in the Statement View right click and select Process Properties to display the Process Properties dialog box Select the Control tab in the Process Properties dialog box Process Properties El E Main Control Security Accounting Variables Comment Start Date Today RT E Date 37470 lt C Day Execution Options Hold Retain 9 Start Time Ie Immediate Scheduling Optio
20. 0 0 127 access list 110 permit ip any 194 235 205 64 0 0 0 31 dialer list 1 protocol ip list 100 l line con 0 exec timeout 0 0 line aux 0 line vty 0 4 password login local l end Integrating with firewalls The TCP port 1364 should be opened for inbound and outbound traffic February 2010 Clearstream Banking Luxembourg 1 4 CreationDirect via VPN User Manual DEUTSCHE BORSE clearstream croup Installing and maintaining CreationDirect This chapter describes how to install CreationDirect on the Windows 2003 and Windows XP operating systems The procedure will be similar for other operating systems Note You are recommended to use the English International version of the operating system Before you begin Before starting the installation please ensure that your hardware software and communications equipment for example modems routers etc meet the specified requirements see Installation requirements on page 2 1 Ensure that you have received these items from Clearstream Banking e The CreationDirect Installation CD which contains all necessary software and documentation e CreationDirect processes e CreationDirect Customer Specification Sheet If you have already installed CONNECT Direct 1 Ensure that you are using at least the release of CONNECT Direct recommended by Clearstream Banking 2 Define a new netmap for use with Clearstream Banking as described in Setting network map paramete
21. Clearstream It contains the public key of the Clearstream International Root CA and the public key of the Clearstream Banking Sub CA The following messages are displayed to confirm successful verification of the key certificate file i Info of the Certificate 0 in the Keycert file Active date is Mon Sep 271 14 47 59 CEST 2009 Expiration date is Wed Sep 21 14 47 58 CEST 2011 issuer Common Name Clearstream Banking CA Issuer Org Trust Root Issuer Org Unit Clearstream Banking Issuer Org Unit PKI Entity Certificate Information Country State City Locality Organization Unit Clearstream Banking Organization Unit Creation Direct Organization Trust Root Email Address Common Name EFEUNIT Serial Number 1131638675 Signature Algorithm SHATwithRSA Version Number 3 February 2010 Clearstream Banking Luxembourg 2 40 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect 15 Click on OK Cert chain from certificate file contains 1 valid certificate s certo 16 Click on OK Certificate Info Info of the Certificate 0 in the Cert file Active date is Mon Sep 21 14 47 59 CEST 2009 Expiration date is Wed Sep 271 14 47 58 CEST 2011 issuer Common Name Clearstream Banking CA Issuer Org Trust Root Issuer Org Unit Clearstream Banking Issuer Org Unit PHI Entity Certificate Information Country State City Locality Organization Unit Clearstream Banki
22. Custom j dd Review and customize settings Recommended T Upgrade L 2P Use the location and settings of an existing installation Installshield E Cancel 6 Ensure that the Custom option is selected and click on Next February 2010 Clearstream Banking Luxembourg 2 10 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect es ie Connect Direct for Windows InstallShield Wizard Enter Local Node Name Enter the name that will identify this node NODENAME Imstalsmield Note For illustration purposes the node name NODENAME is used in this document The node name will be provided to you by Clearstream and must be entered in upper case characters 7 Enter the name that will identify the CONNECT Direct node and click on Next to go to the License Management dialog box c Connect Direct for Windows InstallShield Wizard License Management Select a License File Instalsnieid 8 Use the Browse button to locate and select the appropriate license file then click on Next Note The license file must be stored locally If the file is on a network drive the install will fail with the error message Cannot copy the license file Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 2 11 CreationDirect via VPN fe Connect Direct for Windows InstallShield Wizard Configure MySQL Server Configure the MySQL database Statistics TO
23. DEUTSCHE BORSE clearstream croup CreationDirect via VPN User Manual February 2010 CreationDirect via VPN User Manual February 2010 Document number 5534 This document is the property of Clearstream Banking S A Clearstream Banking No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical including photocopying and recording for any purpose without the express written consent of Clearstream Banking Information in this document is subject to change without notice and does not represent a commitment on the part of Clearstream Banking or any other entity belonging to Clearstream International S A This document does not constitute a Governing Document as defined in Clearstream Banking s General Terms and Conditions This manual is only available in electronic format Clearstream Banking allows customers to print the manual locally for their own use Copyright Clearstream International S A 2010 All rights reserved Clearstream CreationDirect and CreationOnline are registered trademarks of Clearstream International S A Microsoft and Windows are registered trademarks of Microsoft Corporation Java is a registered trademark of Sun Microsystems Intel and Itanium are registered trademarks of Intel Corporation Clearstream International S A is a Deutsche Borse Group company DEUTSCHE BORSE clearstream croup Foreword CreationDirect forms part
24. ECT Direct failed Submit of a process failed Required report was not generated Attempt to open the log file failed Invalid program argument list Action Check the parameters on the process Some mandatory values could not be determined for example user ID Required file was not found Action Check that the value of the destination file parameter is correct Attempt to delete a file failed Attempting to use variable that is too small Required entry not found in the configuration file Requested process not found Failure to Initialise Failed to determine new task ID Error opening log file User not found in CONNECT Direct configuration files Action Check the values of the parameters SNODE and USERID Error generating submit string Invalid report name supplied Action Check the name of the report file Attempted access to unauthorised application Action Ensure that correct application name was supplied No task name has been supplied Action Supply a task name Node not currently active Action Contact the Connectivity Help Desk as described in Where to get assistance on page lv February 2010 A 1 CreationDirect via VPN This page has intentionally been left blank February 2010 Clearstream Banking Luxembourg A 2 CreationDirect via VPN User Manual Contact www clearstream com Published by Clearstream Banking Luxembourg Registered address Clearstream Banking SA 42 Avenue JF
25. II Related publications cccccccsssceccssseeccceeseecceeseecseeseeeseaseeecseseesseaueeessasseessageeeeseueeesseeseessensenesses III WINE Togati So SING T IV le SONNECTIUIPGCE OVCIVIEW sinister aa naana 1 1 Supported 0S and CONNEC T Direct versi n S vsicnssstcncencnsssastevsecsnerscaaanianspenatestseepasdastomtececeatsneaess 1 1 CONNEC TOUT ct ICEN L eirese RE E aes E NSi nienean 1 2 EEO a E E E AEA S EE N A 1 2 Proposed router c OFT a OI serro Era EEE 1 2 FAR PA wim Ure WY SN S esec de idaan ASE E EEEE AEO A EEEE EEEE Eds 1 4 2 Installing and maintaining CreationDirect ccccccesceceeeeseeceeeeseeensenseeensenes 2 1 Sc I o pe a TTT 2 1 ee ee a a a Sarah E A E A A ian EE EATE E 2 1 UT ol the installation Procedure a r Shanon asa EE EEZ rE aaa 2 EEEE NEEE eee 2 2 Setting up the Windows environment sese eee cece eee ee eee 2 3 Creating S user account Tor CONNEC LOMECE a saa Tiana stato Tian Eao E a Hadrian rasa 2 3 CGR MO URI TS LR IP Ste T 2 5 Customer conne CTE aaa i nne ana Haa aR ETRE hE acara 2 7 istatling CONNEC T Directiromi CD ROM ocenienia ns a an nRa 2 8 SUG up CONNEC D pI a sceitse e E A SE ES TEE KRSS 2 8 Connounng CONNECT DINEO cigarro A E e En 2 16 Checking the CONNECT Direc installation cxtsvisanesarintdd sen thins theryedancclavecatierensioiiantiat earne aed 2 20 Configuring CONNECT Direct for use with CreatonUirect sss eee eee 2 21 eing RT HON Data ISLE lS sererai sameness E EEE 2 21 Setting network ma
26. ME to display a window similar to the following CreationDirect via VPN User Manual February 2010 2 49 CreationDirect via VPN Edit Record Ea Mode Name NOCENAME Base Record NOCENAME Type Remote Security Options TLS S5L Protocol STS Protocol TLS S5L Options External Authentication Trusted Root Certificate File ft Direct v4 4 00 Server Secure Certificates ttrustedprod txt Browse Key Certificate File Browse Clear key Certificate View Certificates Enable FIPS 140 2 mode C yes CNG Default to Local Mode Enable Client Authentication C Yes C Np it Default to Local Node Certificate Common Name NODENAME Cipher Suites l Default to Local Node Available Enabled TLS RSA WITH AES 256 CBC SHA TLS DHE RSA WITH AES 128 CBC SHA Add gt TLS RSA WITH_AES 128 CBC SHA SSL HSA WITH RC4 128 SHA Remove ma S55L_R5A_WITH_RC4_128_MDS 55L_DHE_R5A_WITH_3DES_EDE_CBC_SH SSL RSA WITH 2DES EDE CBC SHA Bonn ZZi BUG NMSA LLUITTU MECS CD Fu an OK Cancel Help 9 Exit the Secure Admin Tool Troubleshooting A complete listing of error messages can be found in Chapter 8 of the CONNECT Direct Secure Option for Windows Implementation Guide N B If you are using CreationDirect with both CreationOnline and Vestimat simultaneously on the Same computer all three applications must use the router connectivity option to connect to Clearstream Banking
27. NODENAME El E Main Directories Admin Overrides Director Restrictions Upload L Clearstream Bankingslnetructions Download C Clearstream Banking Reports 7 Process C Clearstream BankingsProcesses ue Prograrn C Clearstream Dank ing Prodi ams ie Cancel Help Clearstream Banking Luxembourg CreationDirect via VPN User Manual February 2010 2 31 CreationDirect via VPN Exchanging certificates with Clearstream Banking Before configuring Secure you need to exchange certificates with Clearstream Banking In summary you e Update the trusted text file by replacing the list of trusted certification authorities e Generate a cryptographic private public key pair e Generate a certificate signing request and e mail it to customeradmin dclearstream com e Receive from Clearstream Banking your certificate that will have a validity of two years e Import this certificate onto the local node e Configure your Secure security options as detailed in the next sections Replacing the list of trusted certification authorities You need to replace the default trusted txt file which assuming that you have used the default installation directory is already installed in the following folder C Program Files Sterling Commerce Connect Direct v4 4 00 Server Secure Certificates with the corresponding file on the installation CD ROM in the Certificates folder Generating keys You need to cre
28. O and Message tables Imetalsnield 9 To configure optionally the MySQL server which is used to store server logs and statistics set the MySQL Port and Password click on Next to go to the Service Account Information dialog box Service Account Information Optionally configure the Connect Direct for Windows Service to use 4 service V logon account Instance 10 Specify optionally the Service Account as defined in Creating a user account for CONNECT Direct on page 2 3 and Service Password click on Next to go to the Enter TCP IP Information dialog box February 2010 Clearstream Banking Luxembourg 212 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect iz Connect Direct for Windows InstallShield Wizard Enter TCP IP Information Enter the IP Address For Node bo Node communication and User Interface communication Fie d ee 192 168 10 2 IE Imstalsmield 11 Enter the Node to Node and User Interface details as defined above see Configuring the TCP IP stack on page 2 5 and click on Next to go to the Enter SNA Information dialog box me Connect Direct for Windows InstallShield Wizard Enter SNA Information Optionally configure SMA connectivity Imstalsmield 12 Click on Next to go to the Register with Active Directory dialog box Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual Z 2 CreationDirect via VPN Fe Con
29. Parameters File Delete Selection Delete All Skip Cancel The dialog box should be empty as shown above If there are any entries this indicates that they exist within Secure but are not defined in CONNECT Direct and such entries must be deleted 4 Select Delete All if there are any entries otherwise Select Skip to close the parameters file The Secure parameters file is populated and the Secure Admin Tool Main Window displays remote node records in the parameters file including the records you added from the network map H Secure Admin Tool C Program Files Sterling Commerce Connect Direct 4 4 00 Server Secure nodes File Edit Key Management Help Node Name Filter b pent RR Hoc y pSeAServer RO Eo o E E J na EE wE y MODENAME Ro P E E J E E E wE y ven SvR PRO RR Note You have now created the access control file cdspacf and the three parameters file as shown in the following diagram Edit View Favorites Tools Help File lt lt Rar gt z R 2 Search Folders stele Address l C Program Files Sterling Cormmerce Connect Direct v4 4 00 Server Secure Nodes Y G0 Name Size Type 29 cdspact L KB CDSPACF File S client SKB CLIENT File X Local 5KB LOCAL File SEAServer SKB SEASERVER File Sl NODENAME SKB File i VPN SVR PRD SKB File Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 2 45 CreationDirect via VPN C
30. RON PNODE OSS Windows NT SSNODE SSC_SVR_BAT2 SSNODE OS UNIX SOPTIONSS WDNO WDOS END REQUESTER COMMENTS TRANSND PROCESS amp TRNFILE gal ins amp APPLICATION CREATION HUB amp USERID sscbat9 amp RFILE gal SNODE SSC_SVR_BAT2 CLASS 1 PRTY 10 RETAIN No HOLD No SNODEID snode9 CALLSSC RUN TASK SNODE PGM UNIX SYSOPTS transaction send d amp APPLICATION TRANFILE amp TRNFILE USERID amp USERID RCVFILE amp RFILE txt PEND Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual a3 CreationDirect via VPN 4 Task execution statement maximum of 100 characters Clearstream Banking recommends that you do not change this statement Refer to How to edit a process on page 3 9 for details on how to update the parameters in a process Once you have customised the process you can schedule it as described in Creating a schedule of regular operations on page 3 11 You would create a separate schedule for each instructions file to be sent on a regular basis Using the Push on call option To receive reports using the Push on call option a connection to the Clearstream Banking CreationDirect server must be established If you use CreationDirect to send instructions to Clearstream Banking any reports that are available will be sent to you automatically because a connection has been established when you send the instructions Otherwise you need to establish a connection by
31. S GL Initparms AR Functional Authorities SHODE HODEHANE ff Proxies og Netmap STEP1 COPY of FE Translation Table FROM i allt Stop Node FILE C Program Files Sterling Commerce Connec L B New Process Process Sample html 2 S New Work List HE Process Monitor TO MR Select Statistics FILE C Program Files Sterling Commerce Connec L_Process Verify html DISP RPL EH SAMPLE Ln 5 Col 27 ovr NODENAME Conn 2 Return to Statement View right click in the Client Area and select Validate to check the process syntax and display the result of the validation in the Output Window at the bottom of the window Check that the text PDE Validation Successful is displayed as shown below If the validation is not successful double check your configuration before repeating this check Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual Z CreationDirect via VPN Connect Direct SAMPLE Bis x lf File Edit view Node Process Tools Admin Window Help e eask aesan FACAR BE NODENAME Z Submit Process pE Send Receive File Statement Description Copy COPY PNODE C Program Files Sterling Commerce Ca F End PEND AR Functional Authorities ff Proxies ads mal Netrmap EZ Translation Table po afl Stop Mode ee tE New Process 7 New Work List or Process Monitor px Select Statistic
32. able called amp TASKID In this way a comprehensive record is maintained that can be used as an audit trail and also for diagnostic purposes Monitoring processes in the TCQ When a process is submitted for execution It is checked to ensure that Its syntax is correct and then placed in an appropriate work queue depending on process parameters such as priority class and start time The CONNECT Direct work queues are jointly referred to as the Transmission Control Queue TCQ or the process queue A process will be in one of the following queue states e Execution indicating that the process is executing e Wait indicating that the process is waiting until a connection with the target node SNODE is established or is waiting execution s Hold indicating that the process was submitted with a process HOLD or RETAIN parameter This queue state also applies to a process when an error HOLDERROR occurs e Timer indicating that the process was submitted with a process STARTT parameter indicating when the process Is to begin execution A queued process can be queried and certain controlling parameters of the process can be changed When you submit a CreationDirect process on your CONNECT Direct server then provided that a physical link exists a session is established with the CreationDirect server at Clearstream Banking In a session with Clearstream Banking information is passed as symbolic variables on a Run Task statement from your
33. anges just made 12 Right click again and select Apply to action your Netmap changes This information will be applied to the Windows registry Note If you have entered an incorrect node name and have applied the changes as described above you must delete the node and then re enter all the information If you amend the name of the node for example by editing a text file the CONNECT Direct system will not be updated correctly Adding user proxies You need to add a local proxy user to automatically link the remote user ID to the local user ID for inbound sessions that is when receiving files from Clearstream Banking You should also ensure that this user is matched to a local user with sufficient authority to copy files run processes and programs For example the administrator account CONNECTADM account could be used To set up a new user proxy 1 Select Start Programs Sterling Commerce Connect Direct v4 4 00 CD Requester to display the CONNECT Direct window as shown on page 2 20 2 Select Window Workbook mode 3 Double click the Proxies option from within the Control Pad to display the User Proxies dialog box Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 2 2 CreationDirect via VPN User Proxies Ei E Remote Node Local User Uploa Insert Delete Help 4 Close 4 Select Insert to display the New User Proxy dialog box New User Proxy E x Main Dire
34. are running on the installation machine The installation procedure from CD ROM comprises the following stages e Setting up CONNECT Direct below e Configuring CONNECT Direct on page 2 16 e Setting initialisation parameters on page 2 21 Setting up CONNECT Direct Note To install CONNECT Direct you must have a valid CONNECT Direct licence The licence is linked with your server hardware or domain name This is a mandatory condition for the setup 1 Double click on Connect Direct for Windows4 4patch063 msi i Connect Direct for Windows InstallShield Wizard E Se x Welcome to the InstallShield Wizard for Connect Direct for Windows The InstallShieldiRi Wizard will install Connect Direct For Windows on your computer To continue click Nest WORKING This program is protected by copyright law and international treaties i Cancel 2 Click on Next to go to the Setup Type dialog box and ensure that the Custom option is selected Back February 2010 Clearstream Banking Luxembourg 2 8 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect iis Connect Direct for Windows InstallShield Wizard Setup Type Choose the setup type that best suits your needs Imstalsmield 3 Click on Next to go to the Custom Setup dialog box E lt Connect Direct for Windows InstallShield Wizard Custom Setup Select the program Features you want installed y
35. ate a private key and a certificate signing request that you email to Clearstream Banking at customeradmin dclearstream com You must first ensure that the Sterling Certificate Wizard Is installed and then use it to create the certification request Installing the Sterling Certificate Wizard 1 Locate and double click on the CertWizard V1300 Win exe provided by Clearstream Banking YE Sterling Certificate Wizard 1 3 00 oOo 0 x Introduction Introduction InstalAnywhere will guide you through the installation of C License Agreement Sterling Certificate Wizard 1 3 00 La Choose Installation Folder La Pre Installation Summary Click the Next button to proceed to the next screen Ifyou want to Installing change something on a previous screen click the Previous button O Installation Carn Tais You may cancel this installation at any time by clicking the Cancel button lInstallAnvwhere Cancel 7 im revious February 2010 Clearstream Banking Luxembourg 232 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect 2 Click on Next to display the License Agreement dialog box Introduction License Agreement E Choose Installation Folder Q Pre Installation Summary C Installing Q Installation Complete InstallAnvwhere Cancel YT Sterling Certificate Wizard 1 3 00 15 x License Agreement Installation and Use of Sterling Cenificate Wiza
36. bjects that initiate a session with the local node must exist in the Network map Clearstream Banking recommends that the default value netmap check Y is used Refer to the CONNECT Direct documentation for more information before changing the value of this parameter To update Netmap parameters 1 Select Start Programs Sterling Commerce Connect Direct v4 4 00 CD Requester to display the CONNECT Direct window as shown on page 2 20 2 Select Window Workbook mode Double click the Netmap option from within the Control Pad to display Netmap information in the Client Area The definition of your CONNECT Direct Node NODENAME in the example is displayed in the Client Area 3 Select Netmap Validate to validate the Netmap parameters Maximise the display and in the Output window you will see the text Netmap validation Successful displayed as shown below Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual ah CreationDirect via VPN Connect Direct Netmap for NODENAME Oy x fs File Edit View Mode WNetmap Tools Admin Window Help lej x e Phas see Se Bae a o Ren Node wm sis Operating System TCPIIP Address MODEM AME 192 168 10 2 1364 H SOGENAME E ra Submit Process fe Send Receive File TY Run Task a8 T Run Job E Initparms Comm Path ai TCP CommPath Model A Functional 4uthoritie g1 Netmap hE Translation Table ov alll Stop Mode nl i
37. cessfully LOGERROR is to be run when a process does not complete successfully This process is associated with variable amp EPROC in the processes supplied to you by Clearstream Banking This process writes a date and time stamped message to a text file when a process does not complete successfully Clearstream Banking recommends that you use these processes without modification If you require alternative post processing then do one of the following February 2010 3 4 Write your own post processing processes If you require different post processing for certain processes you create post processes to meet your particular requirements For example if you wanted to Initiate actions In an in house system such as the processing of a received file you could create your own post process to do this as described in the appropriate CONNECT Direct documentation In this case in each CreationDirect process you would assign the names of your post processes to the variable parameters amp PPROC and amp EPROC as appropriate Amend the post processing processes LOGMSG and LOGERROR to meet your requirements In this case you would not need to amend the values associated with the variable parameters amp PPROC and amp EPROC in each CreationDirect process Clearstream Banking Luxembourg CreationDirect via VPN User Manual 3 Using CreationDirects business functionality How to submit instructions You use the TRANSEND procedure t
38. ck end Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 1 1 CreationDirect via VPN CONNECT Direct licensing For customers running Windows UNIX or Linux Clearstream will provide one CONNECT Direct license as part of the connectivity contract For other operating systems you must subscribe directly to Sterling Commerce for a license and support contract VPN connectivity 2s Clearstream Back end Orange VPN Customer Back end You install CONNECT Direct on your server and for Windows UNIX and Linux operating systems Clearstream provides a CONNECT Direct license and the necessary software Orange provides local access points all over the world that can be reached using ISDN dial up Clearstream will provide on request a list of worldwide access points Other connectivity options are possible and can be discussed with our Connectivity Help Desk Proposed router configuration It is recommended to access the Orange network using a CISCO router with an ISDN interface Other connectivity options are available and could be discussed with our Connectivity Help Desk The following router configuration is a proposal that could be amended to match customer needs At customer subscription Clearstream will provide an Orange VPN user ID a VPN password and a set of external IP addresses to configure the router l version 12 2 service timestamps debug datetime msec service timestamps log datet
39. ctories Remote LU send Jedabet ka Node PN_SWB_PRD ka Local Userd cOnnectadm ka HERE Password SHE Cancel Help 9 Select the Main tab and do the following Set the Userid to the value provided by Clearstream Banking Select the remote node from the Node drop down list This is the value that has previously been entered in the Network Map Enter the local Userid as appropriate for example CONNECTADM and respective password If you use CONNECTADM as the Userid note that the spelling of the name includes a 0 zero and not the letter O and the name is entered in UPPER case 6 Select OK to add the new user 7 Close all dialog boxes February 2010 Clearstream Banking Luxembourg 2 20 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect Setting folders for use with CreationDirect When using CreationDirect processes are selected from the processes folder instruction files are extracted from the upload folder and report files copied to the download folder Post processing processes such as LogMsg cdp are run from the processes folder Clearstream Banking recommends that you create special folders to be used by CONNECT Direct in conjunction with CreationDirect to be used as follows Note To store files containing instructions to be sent to Clearstream Banking the upload folder To receive report files from Clearstream Banking the download folder To
40. d access to the computer domain W Administrator E cUlnnectadm 7 Browse to the Local Computer Policy snap in and select the User Rights Assignment folder Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 2 4 2 Installing and maintaining CreationDirect fl File Action View Favorites Window Help xX ef ele Security Setting EE TT Lo g on 45 4 service PC 1 S708 cOnnectadm BHIR enlace a process level token PC 1 3708 cOnnectadm M lag Act as part of the operating system PC S708 cOnnectadm 2a Deny logon as a batch job OA40 Machine To Domain Bg Computer SS aniar Deny logon as a service DAAD Machine To Domain S Sidi te poe ee 2a Deny logon locally GAAL Machine To Domain se an abba a Deny logon through Terminal Services JAAD Machine To Domain BZ EOR Za Manage auditing and security log OAAD E5 4 Admins C44 H A Account Policies lag Adjust memory quotas For a process LOCAL SERVICE NETO SERF KOPRI Ei Generate security audits LOCAL SERVICE NETO 0 79 Audit Policy la Log on locally Guest Administrators Us a User Rights Assignment AB Access this computer From the network Everyone ASPET Admi 0 9 Security Options ag Bypass traverse checking Everyone Administrator H E Public Key Policies BREl Impersonate a client after authentication ASPHET Administrators H E Software Restriction Policies lag shut down the system Ad
41. de snode Fune _SubmitDate Time SAMPLE 3 MODENAME NODENAME 10 6 2009 8 54 45 AM UEG Exec Status Work List Status A Activity Log K NODENAME COnnectadm 4 Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 200 CreationDirect via VPN 10 11 Look for message ID SCPAQO0i in the MSGID column It will appear twice as an SNODE statistic and as a PNODE statistic This shows that the Sample process has run successfully Close the Sample process Submitting the Welcome process The next test is to submit the process called Welcome cdp that requests a welcome message be sent from Clearstream Banking as a text file The successful completion of this test shows that communication paths have worked correctly To submit the Welcome process 1 February 2010 2 96 In the CONNECT Direct window select File Open and browse to folder C Clearstream Banking Processes and open file Welcome cdp It will be opened in the Client Area of the Requester window in Statements View With the process in the Statement View right click in the Client Area and select Validate to check the process syntax The system displays the result of the validation for example PDE Validation Successful in the Output Window at the bottom of the window If the validation is not successful double check your configuration before repeating this check With the process in the Statement View right clic
42. dmin Window Help la S PA RasE ae ae mal s a oRean BE amaaan Log Date Time 1 nel ReciD co FOBK MSGID PHame PHum Step Name i AODEN AME ra Submit Process 1 1062009 8 54 45 AM CAPR SUBP O O LECAM3 SAMPLE 3 gE Send Receive File z 10 5 2009 8 54 45 AM CAEV acex o o SAME 3 TY pun Task STREO 851 aM caPR PSTR o o emezo SAMPLE 3 ETa STRESS aN cacy smn o o Leugn o ooo A pan 5 os20s65445 am GSE mn o o amgant oo ooo Bk Trach 6 _fiomaossseasam caeViewRc ofa SS es Functional Authorities T 10 62009 8 54 45 AM CAEV SSTR jo jo Lsmiogs la Provies frome aseasam GAE ssr o o ksma 0 Subnet g _fiomaoosss445 am CAPR Pen o o LsmG200 SAME 3 Ooo AE Translation Table 10 106 2009 8 54 46 AM CAPR ILSST O O SAMPLE 3 STEP _ o S U am cap SST o o sawe a em E Hew Process 12 TORRE 86446 am CAPR cTRC o o Sana SAMPLE 3 STEP Now Work ust 13 0 82000 8 54 46 aM caPR erre 0 o Span SAMPLE 3 sp vl Tid Process Monitor d4 10672009 8 54 46 AM CAPR PRED O O LSMG2521 SAMPLE 3 L af Select Statistics d 1006 2009 8 54 46 AM CAPR PRED O O LSMG2521 SAMPLE 3 16 oeno eseas aM CAEV SEND 0 o Lswoo fo a7 ioeo Saas am CAEV SEND o o soo oo 1a fiowo0 85446 aM CAEV eme o o Lswoo oo ig__fiowon8 s445 aM cAEV sweD o o swoo o o EE Nodes SAMPLE EF SelectStatist x SI Prochame Num Step Status Queue Bytes Pro
43. during server startup Global copy parameters Global copy settings determine default checkpoint intervals translation tables and translation directories Statistics information Statistics settings specify the maximum age in days that statistics records are allowed to reach before the system automatically deletes them and which commands are logged in the statistics file Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 2 21 CreationDirect via VPN To set up initialisation parameters 1 Select Start Programs Sterling Commerce Connect Direct v4 4 00 CD Requester to display the CONNECT Direct window as shown on page 2 20 2 Select Window Workbook mode 3 Double click the Initparms option from within the Control Pad to display initialisation parameters in the Client Area Maximise the display and it will be similar to Connect Direct Initparms for NODENAME B AeH b E B ekeen Z x Local Node Characteristics a max api connects 10 icp apl inactivity timeout 00 00 00 9 SODENAME E Submit Process el Send Receive File TY Run Task conn retry stwait 00 00 10 S yi TTT conn retry stattempts 10 von Initparmms conn retry Ithyait 00 03 00 conn retry ltattempts 10 A Tracing Wo Functional Authorities contact name not specified 6 Beastie 7 contact phone not specified ce s4 Netmap descrip no description specified EZ Translation Tab
44. e Installation Summary sterling Certificate Wizard V1 3 00 Q Installing l Install Folder Installation Complete C Program FilessSterling Commerce Certificate Wizard 1 9 00 Disk Space Information for Installation Target Required 107 056 611 bytes Available 4 640 500 256 bytes InstallAnvw9here Cancel YI Sterling Certificate Wizard 1 3 00 Please Wait E Introduction ME License Agreement LE Choose Installation Folder LE Pre Installation Summary E Installing Q Installation Complete Please wait Sterling Certificate Wizard V 1 3 00 is being configured for your system This may take a moment InstallAnvw9here Cancel February 2010 Clearstream Banking Luxembourg 2 4 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect E YI Stering Certificate Wizard 1 3 00 Install Complete Inroduction Congratulations Sterling Certificate Wizard 1 3 00 has been successfuly Lizense Agreement installed to L Choose Installation Folder C Program Ples Sterling Commerce Certificate Wizard v1 3 00 Pre Installation Summary Press Done to quit the instaler kE Installing amp Installation Complete INStTallanywhere Cancel Previous 6 Click on Done to quit the installer once the installation is complete Creating a certification request 1 Select Start Programs Certificate Wizard to display the Certificate Wizard Certificate
45. e people responsible for installing and customising CreationDirect This manual contains the following chapters e _1 CONNECT Direct overview on page 1 1 e 2 Installing and maintaining CreationDirect on page 2 1 e 3 Using CreationDirect s business functionality on page 3 1 e 4 Troubleshooting on page 4 1 This manual also contains an appendix Appendix A CreationDirect return codes on page A 1 Related publications The following is a list of other Clearstream Banking publications that you will find helpful Cedcom Data Interchange Specifications Clearstream Banking proprietary formats CreationDirect Data Interchange Specifications SWIFT ISO formats CreationDirect Report Format Specifications PDF and XML CreationDirect the automated system to system interface to the Creation Platform You will also need to refer to CONNECT Direct manuals as appropriate for your operating system Note For details of scheduling reports on line for delivery via CreationDirect please refer to the Clearstream Banking CreationOnline User Manual Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual IH CreationDirect via VPN Where to get assistance For further information or if you have specific questions regarding CreationDirect and or communications with CBL please contact the Clearstream Banking Connectivity Help Desk as follows Telephone 352 243 38110 49 69 211 1 15 90 44 0
46. e private key the private key file name and a file name forthe CSR Key file name CANODENAME_pk tet CSR file name CANMODENAME_c sr tet Set the Cipher to 3DES SHAT Set the Key file name Set CSR file name Note This file is to be stored on your computer and must not be sent to Clearstream Banking Do not disclose your private key to any third parties 7 Select Next to display a dialog box for you to check the information entered If details of the information are incorrect select Back to make the necessary amendments 8 When you are satisfied that all the information is correct select Next to generate the CSR The following dialog box will be displayed Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual Zo CreationDirect via VPN Certificate Wizard 10 February 2010 2 38 Generate SSH Keys i Verify Certificate Self Signed Certificate Import To Trust Store Generate CSR Generate Key Certificate Generate CA Certificate Chain The CSR was generated successfully Copy the following contents and send itto a certificate authority to request a digital certificate KrALUTgIiQIDAGABOBEwHOY JKoZIhvcNAGKEMRAWDKYNQUIMG CSgGSib3DGEBB GUAM GBAAGMRAGL 4 OMgjAVNT SF 41 bATISF P D HAT ABOITF Od 7IlO2bnuggivig Nf4PTINimeKmgszZq3dziCE UDAP S337 ByqVhhEH FgdasvWalQLegsievdviwumENuNs 4 ot SEND CERTIFICATE REQUEST Generate New CSR Email the certificate signing req
47. essaaes 3 2 Processes provided WIT Treat M WT OCR smarrisce cesiscxieisiendcnae rn EEn rin EEE N EEEE E 3 4 Howto Sn BrE S post Oe ae so piase yea incea nec peecnnecenseapaaniasc rset T 40A ne ia iiaeia riirii baa HE 3 4 Fe TOR I Slee CN Ha erecta R E EE E E nha 3 5 SPS CIN R ENS received Me S en 3 5 Using the Pushmon call ODTION ics iasnonnsanitanencdateonesirateenseainvian iradeden sene anari Ees SSIES E 3 6 Usma me Tan UNG PROCESSES iis acanconaniieensinnereperdineari nse pendaniatsn pane 3 7 Updating your customer profile at Clearstream Banking ccccccssscccesesseeeeeceeeeseeeeseeeeseeseeanees 3 8 en gol 6 1 Ere lp 0 88 lt 1 E EH eee oe ne See ere eee eee 3 9 Row o TTA R a enea E A E EER 3 10 Creating a schedule of regular Operations ee eee ee eee 3 11 S OU SG CTT 4 1 Monitoring PFO S56 Ss NTIS TCU iersinii EANA AERE Taa 4 1 Rel Tat als Clearstream EankinN ecce R E 4 2 PASC ING the ST sds vel 4 2 Checking the success or failure message eee ee eee 4 2 CONNEC Direct process 16 HOLT UMMING siacinssarepianeatagueniaemmareeniasepiamiaseexcarminmaiaccenacats 4 3 Appendix A CreationDirect return Codes cssssssssssssssssssss esse senenn eaea ennan A 1 February 2010 Clearstream Banking Luxembourg VI CreationDirect via VPN User Manual DEUTSCHE BORSE clearstream croup 1 CONNECT Direct overview Supported OS and CONNECT Direct versions Clearstream runs CONNECT Direct v3 8 on Solaris 10 Customers can run
48. ester window in the Statements View as shown Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 2 9 CreationDirect via VPN Connect Direct SAMPLE Of E File Edit View Mode Process Tools Admin Window Help x aa Gace selar lpalec oeen Description BE NODENAME Z Submit Process E Process SAMPLE PROCESS SNODE NODENAME gE Send Receive File Copy STEP 1 COPY PNODE C Program Files Sterling Commerce co ve T Run Task F End PENCO n D a Functional Authorities e Proxies E Pre Metmap bes Fes Translation Table Sa dn Stop Mode oo New Process Z cat Piem Mew Work List E ai Ae Process Monitor eR Select Statistics SAMPLE For Help press Fl NODENAME COnmectadm ot February 2010 Clearstream Banking Luxembourg 2 92 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect 3 To see the process in Edit View right click in the Client Area and select Edit View to display the process in Edit View Connect Direct SAMPLE TOTS File Edit View Wode Process Tools Admin Window Help e ean nsll aest Ba emanas n E SODENAME Z Z Submit Process BEGIH REQUESTER COMMENTS SPHODES HODEHAME SPHODE OSS5 Windows gE Send Receive File SSHODES HODEHAME SSHODE OSS Windows es U z niie T Run Task SOPTIOHSS WHOS T Run Job EHD REQUESTER COMMENTS BE
49. from the Server menu select Stop to stop the server Confirm this request and then wait for the confirmation message The traffic signal will change from green to red Admin Tool 3 From the Server menu select Initialization Properties to display the Local Machine Properties dialog box Local Machine NODENAME 4 4 00 Properties E General TCPIP SNA Database Licenze Management Settings Semice Startup Automatic gt TCO Startup wam Max AFI Connections io TCO Max Age fao Max PNode Sessions i Stat Max Age Y S Max SNode Sessions Z S Cancel Help 4 Select the General tab and set values as follows Service Startup Automatic TCQ Startup Warm Max API Connections 10 TCQ Max Age 30 Max Pnode Sessions 1 Stat Max Age 7 Max Snode Sessions 2 5 Select the TCP IP tab to display and ensure that the User Interface and Node to Node IP addresses have the values used when setting the TCP IP properties see Configuring the TCP IP stack on page 2 5 and select OK 6 With the server still selected click on the green traffic signal in the toolbar The traffic signal will change from red to green indicating that the CONNECT Direct service has started 1 The node name NODENAME is used for illustration purposes in this document Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual E CreationDirect via VPN Creating the local node and local user 1 From you
50. g The CreationDirect processes can be found in folder C Clearstream Banking Processes or your customised report download folder This chapter describes the CreationDirect processes provided for the Windows NT Operating System and provides the information required for you to configure them to meet your business requirements Please contact the Connectivity Help Desk if you require assistance Available report formats and types Reports are available in 15015022 PDF human readable XML structured and Clearstream proprietary formats For details about report types in IS015022 format please refer to CreationDirect Data Interchange Specifications SWIFT ISO formats For details about report types available in PDF and XML please refer to Report Format Specifications PDF and XML How to schedule reports All available CreationDirect reports can be scheduled using CreationOnline Clearstream Banking lt browser based connectivity solution For details of report scheduling via CreationOnline please refer to the Clearstream Banking CreationOnline User Manual and the online help provided within the CreationOnline application How to retrieve reports Upon report availability at Clearstream Banking reports will be immediately sent to your CreationDirect server This method can be used to obtain reports in e 1S015022 format see CreationDirect Data Interchange Specifications SWIFT ISO formats e PDF and XML formats see CreationDi
51. generation of the key certificate txt file The following cenificate s are found to be in the Cert Chain cernt 0 CANODENAME crt Certificate chain does not end in root CA certificate 12 Click on OK the following message should be displayed Certificate Wizard i File c Keycert_prod txt was generated successfully 13 Select the Verify Certificate tab to display the following dialog box Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 2S CreationDirect via VPN E Certificate Wizard Generate SSH Keys Verify Certificate Self Signed Certificate Import To Trust Store Welcome G enerate CSR Generate Key Certificate Generate CA Certificate Chain Wise this screen to verify a keycert file containing a private key and certificate or a certificate file against a trusted root certificate file Each ofthese files can contain chain of certificates The certificate chains are validated for valid date range and valid chain Java Key Store ks and PECS12 formats are not supported at this time Passphrase sssesss O OE Keycert File benang O O O Browse Certificate File CANODENAMEct O OOOO l Browse Trusted Root File Cirustedprodtt O O22 O Browse 14 Enter the passphrase you specified when you generated the keys as entered in Step 5 on page 2 37 make the necessary adjustments and click on Verify the key certificate The trustedprod txt file is provided by
52. h Clearstream using the Secure Option you define a node record for that partner in both the CONNECT Direct network map and the Secure Option parameters file To set up the Secure Option environment you populate the Secure Option parameters file from entries defined in an existing network map Note If you subsequently add a new node entry in the Net Map file you must enable this node using this procedure Populating the Secure Option Parameters file Perform the following steps to populate the Secure Option parameters file with node entries defined in the CONNECT Direct network map 1 On the Secure Admin Tool Main Window select File Sync with Netmap to display the Available Netmaps dialog box Available Netmaps E e Select Metmap to use 2 v4 4 OOFWODENAME 2 Select the network map to open and click OK to display the Select Netmap Entries to Add dialog box Select Netmap Entries To Add E The Following entries exist only in the Netmap Add All j Cancel The remote node entry displayed is the one you added as described on Setting network map parameters on page 2 23 3 Highlight the entry and select Add Selection to display the Select Parameters File Entries to Delete February 2010 Clearstream Banking Luxembourg 2 44 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect f i Select Parameters File Entries To Delete x The Following entries exist only in the
53. ime msec service password encryption l hostname cdrouter Router hostname l logging buffered 32000 debugging enable password l memory size iomem 25 ip subnet zero no ip domain lookup l ip cef isdn switch type basic net3 isdn tei negotiation first call l l February 2010 Clearstream Banking Luxembourg be CreationDirect via VPN User Manual 1 CONNECT Direct overview interface Loopbackl ip address ZZZ LE 255 255 255 255 WAN ISDN IP address l interface Loopback1l10 ip address 102 192 282 502 255 255 255 255 Creation NAT IP address l interface BRIO no ip address no ip route cache cef load interval 30 dialer pool member 1 priority 90 max link 2 Number of ISDN channels isdn switch type basic net3 no cdp enable l interface BRI1 no ip address no ip route cache cef load interval 30 dialer pool member 1 priority 90 max link 2 Number of ISDN channels isdn switch type basic net3 no cdp enable interface FastEthernet0O ip address LU 60 2 2 255 255 255 0 LAN IP net ip nat inside load interval 30 speed auto l interface Dialerl bandwidth 64 ip unnumbered Loopbackl ip nat outside encapsulation ppp dialer pool 1 dialer remote name connectf dialer idle timeout 130 dialer string 27300300 NAS number see document dialer hold queue 40 timeout 60 dialer load threshold 160 either dialer group 1 no peer neighbor route ppp authentication chap callin ppp chap hostname crdirxxxx connec
54. ing h Functional Authorities wolff Proxies E E mal Netrmap LAE Translation Table E GU Stop Mode a New Work List ce Hd Process Monitor A Select Statistics gt Bg Hodes 55 Files Connected to NWODENAME NODEMAME COnnect Zz The Control Pad shown on the left in the above diagram is a navigational tool that provides a graphic view of the CONNECT Direct node and file structure 4 Select your local node name in our case NODENAME displayed at the top of the Control Pad and double click on it to make a connection to the server This should happen automatically based on the definitions you made in the Client Connection utility Establishing the connection confirms that the set up has so far been completed successfully If a connection is not established check that the CONNECT Direct service was started as described in step 2 above 1 The node name NODENAME is used for illustration purposes in this document Please use the node name provided by Clearstream February 2010 Clearstream Banking Luxembourg 2 20 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect Configuring CONNECT Direct for use with CreationDirect The following sections explain how to change specific CONNECT Direct parameters to support CreationDirect For a detailed explanation of the parameters please refer to the appropriate CONNECT Direct Installation and Administration Guide CONNECT Direct f
55. k and select Submit to display the Submit process dialog box Select OK to submit the process and request the retrieval of file Welcome txt Double click on Select Statistics in the Control Pad to display the Select Statistics dialog box Set All Statistics For Last to 15 minutes and select OK to display in the Client Area statistics data created when the Welcome process was run Look in column CC condition code and check that all values are 0 zero or 100 where there is a step name in the Step Name column showing that the Welcome process has run successfully If all condition codes are 0 or 100 browse to folder C Clearstream Banking Reports and open file Welcome txt showing that the Welcome process has run successfully If this is not the case check the return code in Appendix A CreationDirect return codes and take action as appropriate Clearstream Banking Luxembourg CreationDirect via VPN User Manual DEUTSCHE BORSE clearstream croup Using CreationDirect s business functionality Clearstream Banking provides customers with CreationDirect processes that demonstrate how CreationDirect functionality is used to submit instructions and receive reports Each process is designed to perform a specific function as follows e Submit instructions e Post processing action to be taken when a process completes successfully e Error processing action to be taken when a process completes unsuccessfully e File handlin
56. l 2 Installing and maintaining CreationDirect 6 In the Retry Settings area do the following Set Short Term Attempts to 15 This is the number of times that a CONNECT Direct process will attempt a Short Term Retry for the interval specified in the Short Term Interval Set Short Term Interval in the range 00 00 10 10 seconds to 00 00 15 15 seconds If there are network problems a CONNECT Direct process attempts a Short Term retry as specified by this parameter for example every 10 seconds It is recommended that this parameter is set to at least 10 seconds to prevent unnecessary system processing For example if Short Term Interval is 10 seconds and Short Term Retry Is 15 the process will keep retrying for a maximum of 150 seconds before using the Long Term Retry parameters Set Long Term Retry Attempts to 12 Set Long Term Retry Interval in the range 00 03 00 3 minutes to 00 05 00 5 minutes The Netmap Node Properties dialog box for a Windows server will now be similar to Netmap Node Properties Ei E Main TEPIP APPL Communication Pathe Description Mode Hame VPN_SVA_PRD Operating System UNIS Options Max Prode Sess Max Snode Sess Default Class Ret Settings Attempts Interval Short Term f D 00 00 17 D Long Term f 2 00 05 0 Cancel Help 7 Select the TCP IP tab in the Netmap Node Properties dialog box to display the TCP IP tab Clearstream Banking Luxembourg Feb
57. le name NODENAME allt Stop Node sess pnode max 1 sess snode max 1 sess default 1 netmap check Y node check B proxy attempt T protocol 1 tcp api port 10 254 30 32 1363 tcp host pornt 10 254 60 32 1364 outgoing address lt None gt icp src pons lt None gt icp src ports list iterations 1 comm bufsize 65535 pacing send delay 00 00 00 pacing send count 0 tcp crc OFF tcp crc override N icp max time to wait 00 01 00 icp window size 0 runstep max time to wait 00 00 40 4 K Initparms For AA New Process xi E Mew Work List ve 90 Process Monitor pH Select Statistics Initparms Update Successful NODENAME COnr 2 4 Scroll down to the Local Node Characteristics section and do the following a Set the proxy attempt parameter to Y This parameter allows the ID subparameter of SNODEID to contain a proxy user ID used for translation to a local user ID on the remote system The use of a proxy user ID offers Improved security because neither the local system nor the remote system requires a real user ID from the other side b Set the tcp max time to wait parameter to 00 01 00 one minute This parameter specifies the time out value for node to node communications that is between your site and Clearstream Banking s site If the telecommunications link to Clearstream Banking s server fails during a CreationDirect request or file transfer the process will time out in 1 minute and await reconnecti
58. lt post process the default error process and the default receive report file name Each customer determines their requirements as described in the following sections and then an authorised CreationDirect user provides the appropriate information to the Connectivity Help Desk as shown in Where to get assistance on page iv The Connectivity Help Desk will then update your customer profile To change your profile after the initial installation an authorised CreationDirect user must contact the Connectivity Help Desk as described above and request that their profile be modified February 2010 Clearstream Banking Luxembourg K CreationDirect via VPN User Manual 3 Using CreationDirects business functionality How to edit a process This section shows you how to edit a process to meet your business needs The process shown Is the TRANSEND process that produces the instruction validation report The procedure is similar for all processes To edit the TRANSEND process 1 Select Start Programs Sterling Commerce Connect Direct v4 4 00 CD Requester to display the CONNECT Direct window 2 Select File Open and browse to folder C Clearstream Banking Processes or your customised report download folder and open file TRANSEND CDP It will be opened in the Client Area of the Requester window in the Statements View as shown CONNECT Direct CEDTRANS cdp cE File Edit dieu Node Process Tools Admin Awindow Help 62362 RIE IEEE SSE
59. ministrators Users Po 0 5 IP Security Policies on Local Computer Re Remove computer From docking station Administrators Users Po H E Administrative Templates Ag Allow logon through Terminal Services Administrators Remote E 6 User Configuration ig Change the system time Administrators Power Us 8 Double click on Act as part of the operating system and add Add COnnectadm to the Security Setting 9 Double click on Log on as a Service and add Add COnnectadm to the Security Setting 10 Double click on Replace a process level token and add Add COnnectadm to the Security Setting Configuring the TCP IP stack 1 Select Start Settings Network Connections to display the Network Connections window 2 Do one of the following to display the Local Area Connection Properties dialog box Highlight Local Area Connection and select Properties form the Action menu or Right click on Local Area Connection and select Properties from the pop up menu Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual Le CreationDirect via VPN B Local Area Connection Properties General Advanced Connect using BS Broadcom Hetstreme Gigabit Ethene T his connection uses the following tems S Client for Microsoft Networks ai File and Printer Sharing for Microsoft Networks JB as Packet Scheduler U ntemet Protocol TCP IP Install Uninstall Properties Description Tran
60. ms have the same symptoms you have submitted a process and that process has not returned a message Indicating either that the process was successful or that the process failed Generally problems fall into one of the following categories e CONNECT Direct Once installed and tested CONNECT Direct is very reliable However changes to your system may cause a problem that will affect CONNECT Direct for example the CreationDirect Server s IP address has been changed or the password for a local user ID has been changed e CreationDirect CreationDirect has identified a problem with a process for example the value of a parameter was Incorrect e Network Network problems are varied and can be caused by a number of external elements for example line failure or problems with your router or modem When you submit a process you normally expect to receive a success or failure message Continue as follows depending on the type of message e You have received a success or failure message continue from Checking the success or failure message below e You have not received a success or failure message continue from CONNECT Direct process is not running on page 4 3 Checking the success or failure message Continue as follows according to the value of the return code e Avalue that is between 1 and 99 indicates a problem with CONNECT Direct or your process continue from Return code between 1 and 99 on page 4 3 e Avalue that
61. nect Direct for Windows InstallShield Wizard Register with Active Directory Enabling this option allows clients to locate and connect to the Server using information registered in Active Directory L Imstalsnield 13 Click on Next to go to the SNMP and Event Logging dialog box 0 Connect Direct Windows 3 InstallShield Wizard SNMP and Event Logging Configure SNMP Extension Agent and Event Logging InstallShield sek Soke e 14 Click on Next to go to the Select Notification Options dialog box February 2010 Clearstream Banking Luxembourg 2 14 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect ii Connect Direct for Windows InstallShield Wizard Select Notification Options Select the process completion notification type Imstalsniela i Connect Direct for Windows InstallShield Wizard Import Configuration Files Optionally import Metmap and User Authority configuration files Imstalsmield pet aa FEE e 16 If Clearstream provides Netmap and or User Authority configuration files browse for and select them in turn and then click on Next to go to the Ready to Install the Program dialog box Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual g CreationDirect via VPN iis Connect Direct for Windows InstallShield Wizard Ready to Install the Program The wizard is ready to begin installation Click In
62. ng Luxembourg i Edit Record E Node Name VEN SvR PRD Base Record VEN SvR PRD Type Remote Security Options TLS SSL Protocol STS Protocol TLS S5L Options External Authentication Trusted Root Certificate File ft Direct vd 0015 erer 5ecure Certificatesitrustedprod txt Browse Key Certificate File Browse Clear Key Certificate View Certificates Enable FIPS 140 2 mode tC ves f Wo Default to Local Mode Enable Client Authentication Yes C Np it Default to Local Node Certificate Common Mame MEN SR PRE Cipher Suites IZ Default to Local Node Available Enabled TLS RSA WITH AES 256 CBC SHA TLS DHE RSA WITH AES 128 CBC SHA add gt gt TLS_RS4_WITH_AES 128 CBC SHA SSL RSA WITH RC4 128 SHA Remove G SSL RSA WITH _RC4 128 MDS SSL_DHE RSA WITH 3DE5 EDE CBC SH SSL RSA WITH 2DES EDE CBC SHA bagn Lo a mW Mes WITT Moe CD CU A an Cancel Help Enter the path and file name of the trusted root certificate file in the Trusted Root Certificate File field or select Browse to locate the file and double click the file to select It Ensure that Enable Client Authentication is set to Default to Local Node Enter the name displayed in the Base Record field in the Certificate Common Name field Ensure that the Default to Local Node checkbox is checked Select OK to return to the Secure Option Admin Tool Main Window Repeat steps 1 to 7 above for the node NODENA
63. ng Organization Unit Creation Direct Organization Trust Root Email Address Common Name EFEUNIT Serial Number 1131638675 Signature Algorithm SHATwiHthRSA Version Number 3 17 Click on OK Cert chain from Keycert file contains 1 valid certificate s certo 18 Click on OK erify cert in keycert file with trusted root success 19 Click on OK 20 Click on Exit to close the Certificate Wizard Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 2 41 CreationDirect via VPN February 2010 Clearstream Banking Luxembourg 2 42 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect Initialising the Secure Option for CONNECT Direct Before using the Secure Option Admin Tool you must provide information to create the parameters file and access file for the associated CONNECT Direct for Windows NT server node As the Secure Option is disabled at initialisation by default you will then enable it To create the parameters and access files 1 Select Start Programs Sterling Commerce Connect Direct v4 4 00 CD Secure Admin Tool to display the Create new Parameters File dialog box Launching the Secure Option Admin Tool opens the Secure Option Admin Tool command shell window before displaying the Secure Admin Tool window The command shell launches the Secure Admin Tool and displays any program generated error or trace messages Caution Closing
64. ns Priority Class Notify Userid Enter the scheduling information as appropriate Under Execution Options set Retain to Yes otherwise the process will scheduled only once Select OK to apply the changes Repeat steps 2 to 7 for each process to be scheduled Alternatively you could use CONNECT Direct s API facility refer to the CONNECT Direct SDK Programmer s Guide for your platform for samples of submitting APIs for scheduling automated processes Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual oe CreationDirect via VPN This page has intentionally been left blank February 2010 Clearstream Banking Luxembourg K E CreationDirect via VPN User Manual DEUTSCHE BORSE clearstream croup Troubleshooting This chapter identifies potential problems that may occur with CreationDirect the actions to take to solve the problem and how to contact Clearstream Banking if you require support to resolve a problem When a process is run on a node CONNECT Direct assigns an eight digit process number to the process If several processes are combined to form a logical grouping this grouping Is referred to as a task A task is identified by a seven character task ID that is assigned by CreationDirect Each interaction on the system is recorded and is identified by its task ID or process number The task ID for each request is returned to your Post Processing process in a symbolic vari
65. o send a file containing instructions to Clearstream Banking Upon receipt the instructions are validated and valid instructions will be processed As a result of the validation a validation report is generated and placed on your CreationDirect Server For information about record formats for the instructions file and validation report please refer to CreationDirect Data Interchange Specifications SWIFT ISO formats Specifying the received file s name The receive file name will be created dynamically from the values assigned to the component parts of the name In your profile To specify the receive file s name you must customise TRANSEND process as follows 1 Environment parameters a Post process amp PPROC and error process amp EPROC variables Clearstream Banking recommends that you use the default processes provided b SNODE parameter Set it to the value provided to you by Clearstream Banking on your Customer Specification sheet 2 Authorisation parameters Set the appropriate variables to the values provided to you by Clearstream Banking on your Customer Specification sheet 3 Business parameters Assign values to the variables as follows amp TRNFILE Use this parameter to name the Instructions file to be sent amp APPLICATION This must CREATION HUB amp RFILE Use this parameter to assign a label to the associated technical validation report For example BEGIN REQUESTER COMMENTS PNODES CD3302I
66. ocesses Two file handling processes are provided with CreationDirect e FILELIST requests a listing of all of the files in your Filestore at Clearstream Banking e FILERETR requests the transfer of a file currently in your Filestore at Clearstream Banking to your CreationDirect server Customising the List Filestore process FILELIST You use this process to obtain a listing of all the files in your Filestore If a particular file is present you can retrieve the file using the Retrieve File FILERETR process To customise the FILELIST process 1 Environment parameters a Post process amp PPROC and error process amp EPROC parameters Clearstream Banking recommends that you use the default processes provided b SNODE parameter Set it to the value provided to you by Clearstream Banking on your Customer Specification sheet 2 Authorisation parameters Set SNODEID to the value provided to you by Clearstream Banking on your Customer Specification sheet 3 Business parameters Assign values as follows amp RFILE Set it to the name of the file on your server that is to receive the report Note that if a previous version of the file with the same name exists on your server it will be overwritten 4 Task execution statement Clearstream Banking recommends that you do not change this statement Refer to How to edit a process on page 3 9 for details on how to update the parameters in a process Clearstream Banking Luxembou
67. om CD ROM on page 2 8 Checking the CONNECT Direct installation on page 2 20 2 3 4 Configuring CONNECT Direct for use with CreationDirect on page 2 21 5 6 7 8 Checking the User Authority configuration on page 2 30 Initialising the Secure Option for CONNECT Direct on page 2 43 Checking the configuration of CONNECT Direct on page 2 51 Configuring the local and the remote nodes for the Secure Option on page 2 46 The installation must be performed by a user with administrator authority preferably a new administrator account called CONNECTADM on the local machine 1 If you use CONNECTADM as the account note that the spelling of the name includes a 0 zero and not the letter O and that the letters of the name are entered in upper case This account will require a suitable password which must be remembered February 2010 2 2 Clearstream Banking Luxembourg CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect Setting up the Windows environment CONNECT Direct must be installed by a user with administrator rights You are recommended to create an administrator account specifically for CONNECT Direct as described below but any valid administrator account can be used Refer to the Microsoft Windows system documentation for specific instructions for setting up an administrator account You will have to create a user account with specific rights to
68. on February 2010 Clearstream Banking Luxembourg 2 22 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect c Set the runstep max time to wait value to 00 00 40 40 seconds This parameter specifies the time out value when using Run Task programs for example the CreationDirect Transaction _Send program This time must not be greater than the value of tcp max time to wait 5 Scroll down to the Statistics Information section and ensure that the stat sort parameter is set to stat sort Y 6 Right click within the initparms display and select Apply to apply your changes Setting network map parameters The Network Map Netmap is a file that identifies valid CONNECT Direct nodes in the network One Network Map entry is associated with each CONNECT Direct node The netmap has one entry for each of the other CONNECT Direct nodes to which the local CONNECT Direct node communicates It also has a remote entry definition of the local node that is used for loop back testing The Netmap entries also contain the rules or protocol that the nodes adhere to for communication purposes The network mapping information includes the names of all the remote nodes with which the CONNECT Direct local node can communicate the paths to contact those remote nodes and characteristics of the sessions for communication The netmap check initialisation parameter allows you to specify whether or not remote CONNECT Direct node o
69. onDirect and is to be processed Return code greater than 100 Any return code that is greater than 100 indicates a problem that has been identified by CreationDirect In this case locate the associated error message using the method applicable to your platform and take the appropriate action Refer to Appendix A CreationDirect return codes for more information CONNECT Direct process Is not running If a message Indicating the success or failure of the process has not been received within a reasonable time check the status of the process using the method applicable to your platform Checking the status On a Windows NT platform display the Process Monitor that allows you to see your processes as they progress through the various logical queues in the Transmission Control Queue TCA You can access the Process Monitor by choosing Process Monitor in the Control Pad area of the CD Requester for Windows The Process Monitor Properties dialog box is displayed which you update as appropriate to display the Properties Monitor dialog box If a CONNECT Direct process is in either a PE pending execution or RE retry state it is trying to establish a session to Clearstream Banking If the session cannot be established the process will keep trying until all attempts have been exhausted and the process will then have a status of HE Held due to error or HO Held by operator state and will be on the Hold queue Resolving the problem At
70. onDirects business functionality The variables defining the post or error processes can be modified to refer to the names of processes that you have defined Alternatively you may edit the processes supplied by Clearstream Banking to meet your requirements Once values have been assigned to these variables they would not normally be changed e Authorisation parameters Authorisation parameters define values for example TSO User ID and password used to gain access to the Clearstream Banking services using CreationDirect The authorisation parameters in each CreationDirect process must be updated with the corresponding values supplied to you by Clearstream Banking on your Customer Specification sheet The variables with their recommended values are amp USRID XXXXXX amp PASSWD XXXXXXX SNODEID XXXX Once values have been assigned to these variables during the implementation process they would not normally be changed The RUN TASK statement Each CreationDirect process contains a RUN TASK statement that specifies the actions to be performed by the process It specifies the application to be run the parameters and their associated variables that the application requires and the post and error processes Note The RUN TASK statement can contain a maximum of 100 characters The values to be assigned to variables used in the RUN TASK statement are explained in the next section Note Clearstream Banking recommends that you do
71. onfiguring the local and the remote nodes for the Secure Option When you import the network map records Into the Secure parameters file the Secure Option is disabled To configure the nodes for Secure Option complete the following procedures e Define the security options for the local node e Define the security options for all the remote nodes Configuring the local node record for the SSL protocol To configure the local node 1 Select Start Programs Sterling Commerce Connect Direct v4 4 00 Secure Admin Tool to display the Secure Option Admin Tool window 2 Click on Local from the list of node names and select Edit Update Record to display the Edit Record dialog box ra Edit Record Ea Node Mame Local Base Record INODENAME Type Local Security Options TLS 55L Protocol STS Protocol Secure Protocol Node or Copy Statement Override Disable Secure Disable Override C Enable TLS Protocol Enable SSL Protocal Default to Local Mode Enable STS Protocol C Default to Local Mode Authentication Timeout fizo seconds Update History Last 3 Updates OK Cancel Help 3 Set the following Security Options for the local node as shown above Enable SSL Protocol Enable Override February 2010 Clearstream Banking Luxembourg 2 46 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect 4 Select the TLS SS Protocol tab and click on the TLS SSL Option
72. or Windows uses initialisation parameters to define the operating standards for the product While you can override many initialisation parameters they provide default values for system configuration including The local node name Required paths and priorities Transmission control queue TCQ parameters Pacing and retry counts and intervals Remote nodes with which you can communicate The maximum number of sessions available The session class The default port number for CONNECT Direct Setting initialisation parameters Initialisation parameters initparms set the default values of CONNECT Direct functions and determine how CONNECT Direct behaves during operation See the CONNECT Direct server documentation for a full list of initialisation parameters Initialisation parameters are organised in the following groups Miscellaneous commands Miscellaneous commands describe server path download and upload directories dialup entries and security exits Local node characteristics Node settings define the name of the local node and determine default values for functions such as session class maximum connections maximum API connections buffer sizes and short and long term attempts and retries Transmission Control Queue TCQ information TCQ settings determine default values for the process file directory remote node run task operations the length of time a process is held in error and how the TCQ handles processes
73. p parameters ee ee eee 2 23 as TORT oa E E E E 2 27 seling FOLGE Ss Tor use With Chea ONIN SCE TT 2 29 Checking the User Authority configuration sds vnindiercvsnneuscetnnedartarnaiedianiadvaacssinmonrencermnedieets 2 30 Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual V CreationDirect via VPN Exchanging certificates with Clearstream Banking eee eee ee eee 2 32 Replacing the list of trusted certification authorities sese ee eee eee ee ee eee 2 32 FS Ae LT 0 EA AEEA EAA O AE Raniah neha E A 2 32 Initialising the Secure Option for CONNECT Direct sese eee 2 43 Configuring the local and the remote nodes for the Secure Option sss sese eee eee ee eee 2 46 COMMOUrI NG Ine local node recordor TNS SoL POU COs sssini N 2 46 Configuring the remote nodes for the TLS SSL protocol c cccecsececssseeeeecsteeeeeesteeeeeees 2 49 BIT E E E E A A AE A E E E E 2 50 Checking the configuration of CONNECT Direct sees eee eee 2 51 SUR IU the Sample sa 2 51 Uem CRI the Wol Tn PrO OS eian n a E E nae ENN deans 2 56 3 Using CreationDirect s business functionality sss ssssssssssssssss sese s sse sese sese 3 1 POS iene FECT MOF ie Sai R Ae 3 1 How to schedule reporto sirsenis rin Rron iR A EREEREER EANA SEETI a 3 1 FOW TO SE IVS rep OS T 3 1 Understanding CreationDirect PVC So OS sissies E E EEE E EEE 3 2 How a process IS CONSTFUCTEC cceccesecceceeeeeeceeseeecceeeeecseuseeeceeaseecsenecesseeseesseaseessense
74. pt by testing the success or failure of an operation and acting on the outcome Customers can submit programs and execute commands locally or remotely thus minimising integration costs and effort Scheduling CreationDirect has been designed to enable the automation of business flows between the customer and Clearstream Banking and can run unattended using automatic scheduling facilities Full checkpoint restart capabilities have been incorporated The restart feature recovers work in progress thereby allowing CreationDirect to resume work from the point of failure and ensures data Integrity Security On top of using Clearstream Virtual Private Network CreationDirect integrates the CONNECT Direct Secure option to provide end to end security based on full session authentication and encryption Standardised security policies may be implemented across heterogeneous security systems to ensure data protection Violations are tracked and sources are Identified through audit trails and Statistics 1 CreationDirect uses an underlying third party software package CONNECT Direct from Sterling Commerce Inc February 2010 ii Clearstream Banking Luxembourg CreationDirect via VPN User Manual Foreword What benefits does CreationDirect offer CreationDirect offers the following benefits to your organisation e Integration with in house systems CreationDirect enables simplified integration between your core application and the Crea
75. r Start menu select Programs Sterling Commerce Connect Direct v4 4 00 CD Client Connection Utility to display the Client Connection Utility User window f ha995 Client Connection Utility File Edit View Options Help For Help press F1 Node Properties Connect Direct Node Name NODENAME Default User ID SSS Operating System Automate Server SSS TCPIP Support Communication Protocol Oodress f 932 165 10 2 Fort f J63 Active Directory Nodes Refresh W Set as the default node Cancel Help 3 Do the following al For the ConnectDirect Node Name enter the node name provided by Clearstream b For the Communication Protocol Address enter the IP address of your CONNECT Direct server The Graphical User Interface uses TCP Port 1363 to connect to the local CONNECT Direct server c Click on OK to return to the Client Connection Utility gt COnnectadm Client Connection Utility OF x File Edit View Options Help il Fy NODENAME For Help press F1 February 2010 Clearstream Banking Luxembourg 2 16 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect 4 Highlight the NODENAME item and select File New User to display the User Properties dialog box User Properties a i S E User Information Name Password MHRMEERM HE HEE 12 Remember password W Set as the default user Cancel Help 5 Ensure that
76. rd 1 3 00 Requires Acceptance of the Following License Agreement JRE Software in this distribution The Sun JRE Software license terms for also require the inclusion of the following notice This product includes code licensed from RSA Security Inc Some portions licensed from IBM are available at http oss software ibm com ico47 f Ido NOT accept the terms of the License Agreement Previous Mert 3 Read the information as necessary ensure that the option accept the terms of the License Agreement is selected and click on Next YI Sterling Certificate Wizard 1 3 00 E Introduction ME License Agreement gt Choose Installation Folder Q Pre Installation Summary C Installing Q Installation Complete InstallAnvwhere Cancel 15 x Choose Installation Folder Where Would You Like to Install C Program Files Sterling Commerce Certificate Wizard 1 3 00 Restore Default Folder Choose Previous 4 To set the location for the installation leave it as is or click on Choose to change it click on Next Clearstream Banking Luxembourg CreationDirect via VPN User Manual February 2010 2 33 CreationDirect via VPN Bs _ of gt YI Sterling Certificate Wizard 1 3 00 Pre Installation Summary LE Introduction Please Rewew the Following Before Continuing ME License Agreement ME Choose Installation Folder Product Name EE Pr
77. rect Report Format Specifications PDF and XML Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual g CreationDirect via VPN Understanding CreationDirect processes CreationDirect processes are written in CONNECT Direct s proprietary scripting language and as such conform to the syntax and rules defined by CONNECT Direct Refer to the CONNECT Direct documentation for detailed information about the scripting language The CreationDirect processes supplied to you must be configured before use for the following reasons e Certain parameters in each process must be modified so that the process will run in your business environment Other factors to consider are e How many versions of this process do require e Are the post and error processes common for all processes You need to define your business needs and then configure the CreationDirect processes accordingly How a process is constructed All CreationDirect processes are designed and constructed to use parameters in a similar manner A CreationDirect process is identified by a unique process name and consists of statements defining parameters and a task execution statement RUN TASK Using parameters Most parameters have values assigned to them by means of symbolic expressions variables A variable starts with an ampersand character amp followed by one to eight alphanumeric characters and is used to assign a Specific value to a parame
78. rg February 2010 CreationDirect via VPN User Manual a CreationDirect via VPN Customising the Retrieve File process FILERETR You use this process to request the transfer of a file currently in your Filestore to your server To customise the FILERETR process 1 Environment parameters a Post process amp PPROC and error process EPROC parameters Clearstream Banking recommends that you use the default processes provided b SNODE parameter Set it to the value provided to you by Clearstream Banking on the Customer Specification sheet 2 Authorisation parameters Set them to the values provided to you by Clearstream Banking on the Customer Specification sheet 3 Business parameters Assign values as follows amp RFILE Set it to the name of the file on your server that is to receive the report Note that if a previous version of the file with the same name exists on your server it will be overwritten amp TGTFILE Set it to the name of the report file that is to be retrieved from your Filestore 4 Task execution statement Clearstream Banking recommends that you do not change this statement Refer to How to edit a process on page 3 9 for details on how to update the parameters in a process Updating your customer profile at Clearstream Banking Each CreationDirect customer has their CreationDirect profile stored at Clearstream Banking The profile is used to determine default values when needed for example the defau
79. rs on page 2 23 3 Specify a user proxy as described in Adding user proxies on page 2 27 4 Specify folders for use with Clearstream Banking as described in Setting folders for use with CreationDirect on page 2 29 5 Check the configuration of the user authority as described in Checking the User Authority configuration on page 2 30 6 Check the configuration of CONNECT Direct as described in Initialising the Secure Option for CONNECT Direct on page 2 43 7 Initialise the Secure Option as described in Checking the configuration of CONNECT Direct on page 2 51 Installation requirements For details of the hardware and software requirements for CreationDirect see the Clearstream Banking publication CreationDirect Hardware and Software Requirements For details of the network infrastructure and required architecture for CreationDirect see the Clearstream Banking publication CreationConnect Network Guide 1 Some sample processes are included on the CreationDirect Installation CD in folder CreationDirect program files under Clearstream CreationDirect Sample Processes Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 2 CreationDirect via VPN Summary of the installation procedure The main steps of the installation process for a Windows platform are as follows _ Note Setting up the Windows environment below Installing CONNECT Direct fr
80. rt distribution process via CreationOnline the CreationConnect web browser interface Customers can retrieve reports through any of the distribution methods described in How to retrieve reports on page 3 1 Customers may select reports on a scheduled basis for distribution via CreationDirect by using CreationOnline the CreationConnect web browser interface What features does CreationDirect offer CreationDirect offers the following features Platform independence CreationDirect supports most major operating system platforms Linux Windows UNIX z OS CreationDirect is fully scalable and easy to integrate into any system environment It provides a common command structure and syntax across all supported operating systems in commercial use today with user interfaces that are appropriate for each one File size independence CreationDirect can handle high volume file transfer with no constraints on file size File format independence CreationDirect supports multiple formats such as 15015022 PDF human readable XML structured and Clearstream Banking proprietary formats These files can optionally be compressed Scripting language CreationDirect uses CONNECT Direct s easy to use scripting language to automate operations Through multistep work units called processes customers can copy files and manage pre transfer and post transfer application activities Conditional logic statements add intelligence to the scri
81. ruary 2010 CreationDirect via VPN User Manual ay aS CreationDirect via VPN Netmap Node Properties Ei E Main TCP IP APPC Communication Paths Description Settings HostlP Address f 934 235 205 177 Fort Serice f 364 Modes Mode Override Made Properties New Delete Alt Comm Outbound Alternate Outbound Addresses Alternate Comminto Alternate Hetmap Checked addresses 8 Select Model as the Mode Override 9 Select the Communication Paths tab and ensure that TC PCommPath appears in the Selected Paths pane Netmap Node Properties El Ea Main TCP IP APPC Communication Paths Description Available Paths Selected Paths TCPCommPath Properties New Delete Add All Remove All OF Cancel Help 10 Select the Description tab and fill in the information as shown below February 2010 Clearstream Banking Luxembourg 2 26 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect Netmap Node Properties Ei Ea Main TCP IP APPC Communication Paths Description Contact Hame Clearstream ConnectDirect node Phone Humber Node Description Clearstream Producton Hode 11 Select OK You will now see the new node definition that you have just created with a cross beside it If you have completed the minimum entries successfully the cross will be coloured green If this is not the case then double check the ch
82. s aa Be Nodes G SAMPLE X PDE validation a H Build Label wap alidating Process Statement SAMPLE alidating Copy Statement STEP PDE validation Successful r TEP E Output fet H Validation successful NODENAME COnnectadm 4 6 With the process in the Statement View right click in the Client Area and select Submit to display the Submit process dialog box SNODENAME Submit Process RE Main Control Security Accounting Variables Submit Process Snode NODENAME M Track execution in output window Cancel Help 7 Select OK to submit the process and see the process execute within the Exec Status tab of the Output Window February 2010 Clearstream Banking Luxembourg 2 34 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect 8 Double click on Select Statistics in the Control Pad to display the Select Statistics dialog box Mairi Aj Siaisics Fa La O 15 1 hen T Filter Using Selection Criteria Pages Step and Process Completion Statistics Only Refresh Display T Refresh every O minutes T Refresh on open T lt Include data on save T Autoscroll Node NODENAME Cancel Help 9 Set All Statistics For Last to 15 minutes and select OK to display in the Client Area statistics data created when the Sample process was run E Connect Direct NODENAME SelectStatistics6 FA File Edit View Node Monitor Tools A
83. s tab ra Edit Record Ea Node Mame Local Base Record INODENAME Type Local Security Options TLS SSL Protocol STS Protocol TLS S5L Options External Authentication Trusted Root Certificate File ft Direct v4 4 00 Server 5ecure Certificatesitrustedprod txt Browse Key Certificate File Direct vg 4 00 Server Secure Certificates keycert_ prod txt Browse Clear Key Certificate View Certificates Enable FIPS 140 2 mode C Yes ie Wo C Default to Local Node Enable Client Authentication fe Yes C Np C Gefault to Local Hode Gerhificate Gammon Mame Cipher Suites P Gefault to Local Node Available Enabled SSL RSA WITH 30E5 EDE CBC SHA TLS_RS4_ WITH AES 56 CBC SHA TLS_DHE_RS4_WITH_AES_126_ CBC SHA TLS R54 WITH_AES_128_C6C_SH lt lt Remove SSL RSA WITH RC4 128 SHA SSL RSA WITH RCA 128 MDS up SSL DHE RSA WITH 3DE5 EDE CBC SH _ SSL DHE RSA WITH DES CBC SHA J baw K col AOR LUTTU PEG Dr Cus OK Cancel Help 5 Enter the location of the trusted root certificate file as shown above in the Trusted Root Certificate File field or select Browse to locate the file and double click the file to select it 6 Enter the location of the certificate file in the Certificate File field by selecting Browse locating the file and double clicking it The Certificate Passphrase dialog box is displayed H Key Certificate Passphrase Ea Enter the Key Certificate Passphrase
84. smission Control Protocollntemet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks T Show icon in notification area when connected IY Notify me when this connection has limited or no connectivity 3 Ensure that Internet Protocol TCP IP is checked this is mandatory the others are optional Your CONNECT Direct server IP address on your network and configured on the router must be fixed to enable CONNECT Direct to function correctly this will also ease firewall configuration 4 Do one of the following to display the Internet Protocol TCP IP Properties dialog box Highlight the Internet Protocol TCP IP option in the list and click on Properties or Double click on the Internet Protocol TCP IP option in the list Internet Protocol TCP IP Properties E el x General fou can get IF settings assigned automatically if your network supports this capability Othenvise you need to ask your network administrator for the appropriate IP settings C Obtain an IP address automatically te Use the following IP address IP address 192 468 0 2 Subnet mask 2565 255 255 0 Default gateway 197 168 T J C Obtain DNS server address automatically f Use the following ONS server addresses Preferred ONS server l l Advanced Alternate DNS server Note The 192 168 10 2 assigned to our server in the above illustra
85. stall to begin the installation TF vou want to review or change any of your installation settings click Back Click Cancel to exit the wizard Installshield 17 Click on Install to begin the installation process When this is complete the InstallShield Wizard Completed dialog box is displayed j Connect Direct for Windows InstallShield Wizard InstallShield Wizard Completed The InstallShield Wizard has successfully installed Connect Direct For Windows Click Finish bo exit the wizard F Launch Connect Direct Requester 18 Ensure that Launch Connect Direct Requester is unchecked and click on Finish The program finishes this phase of the installation The next step is to configure CONNECT Direct Configuring CONNECT Direct When CONNECT Direct with the Secure Option has been installed the next steps are to initialise the local CONNECT Direct server and create the new local node and new local user client Initialising the local CONNECT Direct server 1 From your Start menu select Programs Sterling Commerce Connect Direct v4 4 00 CD Admin Tool to display the Admin Tool window February 2010 Clearstream Banking Luxembourg 2 16 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect 7 Admin Tool Server View Active Directory Help SIS 2 EEE Local Machine me SNODENAME v4 4 00 Build 063 5R1370739 For Help press Fl 2 Highlight the NODENAME item and
86. submitting the session_wait process described below You are recommended to schedule this process on a regular basis as described in Creating a schedule of regular operations on page 3 11 to ensure that you receive your reports ina timely manner Using the session_wait process When you submit this process it establishes a connection with the Clearstream Banking CreationDirect server This connection will stay open for the minimum period of time specified in the SYSOPTS parameter By default this parameter is set to 60 seconds which will ensure that a connection can be established if there are reports due to be transmitted Connect Direct process to establish a connection to Clearstream Banking Do not change these parameters CLASS 1 PRTY 10 RETAIN No HOLD No Update authorisation parameters with values supplied by Clearstream Banking SNODEID xxxxx Environment parameters SNODE update if necessary with value provided by Clearstream Banking BEGIN REQUESTER COMMENTS SPNODES XXXXXXXX SPNODE OSS Windows NT SSNODES SSC_TEST SNODE OSS UNIX SOPTIONSS END REQUESTER COMMENTS SESSNWT PROCESS HOLD NO CLASS 1 PRTY 10 BABCPRIY 10 RETAIN NO SNODEID xxxxxx CALL RUN TASK SNODE PGM UNIX SYSOPTS Session wait 60 PEND February 2010 Clearstream Banking Luxembourg 3 6 CreationDirect via VPN User Manual 3 Using CreationDirects business functionality Using file handling pr
87. ter as follows amp USRID EF1234 In your process there is the statement USERID amp USRID This means that parameter USERID will have the value EF1234 assigned to it when the process is run Certain parameters will normally be assigned fixed values during the initial configuration of the process and will not be changed subsequently Other parameters will have values assigned but can be amended subsequently such as dates or account numbers Parameters are categorised as follows e Statement comments This commented text is created automatically by CONNECT Direct Requester for Windows and should not be modified e Environment parameters These parameters define the environment in which the process runs and also the process referred to as a post process that is to be run subsequently The post process that is run depends on whether the process runs successfully or not If the process runs successfully the post process assigned a value by the variable parameter amp PPROC is run If the process does not run successfully the error process assigned a value by the variable parameter amp EPROC is run The variables with their recommended values are amp PPROC LOGMSG CDP amp EPROC LOGERROR CDP SNODE XXXXXXXX use the value provided by Clearstream Banking HOLD No CLASS 1 PRTY 10 EXECPRTY 10 RETAIN No February 2010 Clearstream Banking Luxembourg Jez CreationDirect via VPN User Manual 3 Using Creati
88. tf lu go VPDN user ID ppp chap password 7 radiuspassword VPDN password ppp multilink l router eigrp 101 network 10 192 2 XxXxx 0 0 0 0 Creation NAT IP address network 172 18 0 0 network 192 168 167 2 0 0 0 0 distribute list 20 out Dialerl distribute list 31 in Dialerl no auto summary no eigrp log neighbor changes l router rip version 2 timers basic 7200 7200 1 1 passive interface FastEtherneto passive interface Loopbackl passive interface Loopback10 passive interface Loopback11 network 172 18 0 0 distribute list 30 out Dialerl distribute list 21 in Dialerl no auto summary l ip nat inside source list 110 interface Loopback10 overload ip nat inside source static tcp 192 168 77 15 1364 interface Loopback10 1364 Customer s host IP address Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual le CreationDirect via VPN ip classless ip route 192 260 7720 255 255 2959 0 10 60 2 XXX Static route to the customer s host via the firewall ip route 172 18 2 1 255 255 255 255 Dialer no ip http server ip pim bidir enable l access list 20 permit 10 192 2 XXX Creation NAT IP address access list 21 deny 172 18 0 0 0 0 255 255 access list 21 permit any access list 30 permit 172 18 2 XXX WAN ISDN IP address access list 30 deny any access list 31 deny any access list 100 deny eigrp any any access list 100 permit ip any any access list 110 permit ip any 194 235 205 128 0
89. this point manual intervention is required to either release the process or submit a new one However unless the cause of the original problem is known the process will again return to the Held state This problem is often caused by a network failure and you should check to ensure your router or modem is switched on and working properly 1 This time may vary according to the size of the file submitted Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual 4 3 CreationDirect via VPN This page has intentionally been left blank February 2010 Clearstream Banking Luxembourg 4 4 CreationDirect via VPN User Manual DEUTSCHE BORSE clearstream croup Appendix A CreationDirect return codes When a request is issued to CreationDirect the Run Task program issues an exit return code The following table lists CreationDirect return codes except for return code 0 which is a CONNECT Direct return code Return code Decimal 0 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 119 116 117 118 119 120 121 Hexadecimal 00 0x64 0x65 0x66 0x67 0x68 0x69 Ox a Ox b Ox c Ox d Ox e Ox f 0x70 0x71 0x72 0x73 0x74 0x75 0x76 0x77 0x78 0x79 Clearstream Banking Luxembourg CreationDirect via VPN User Manual Explanation Successful from CONNECT Direct Successful from CreationDirect General failure Attempt to connect to CONN
90. this shell when the Secure Admin Tool is open will also close the Admin Tool 2 As this is the first use of the Secure Option select OK to display the Create new Parameters File dialog box 3 Enter the name of the associated local CONNECT Direct node For example LocalNodeName NODENAME 4 Type a random string of at least 32 characters in the Passphrase field as shown below Secure Option uses this passphrase to encrypt the Secure Option parameters and access files for greater security You do not have to remember this passphrase value Hi Create new Parameters File E Local Node Name NODENAME Passphrase Type a random string of at least 32 characters OK Cancel 5 Select OK to create the parameters file and access file and display the Secure Option Admin Tool window as shown below H Secure Admin Tool C Program Files Sterling Commerce Connect Direct v4 4 00 5 Server Secure nodes Oy x Fie Edit Key Management Help Node Name Filter b a A n aan B a nnn mans a i e e o E o G o o pseAServer IRR NODENAME IR 1 NODENAME is the name used to identify the local node in the screen shots in this manual February 2010 Clearstream Banking Luxembourg 2 43 CreationDirect via VPN User Manual CreationDirect via VPN To enable Secure Option The next step must be completed now otherwise the ability to transfer data between nodes within CONNECT Direct will be disabled To communicate wit
91. tion Platform It can initiate actions in an in house system such as the processing of a received file or can be triggered by your system for example to deliver a recently generated Instruction file or to automatically print a delivered scheduled report The integration tools available allow the process and flow control requirements for the interfaces including technical exception management to be implemented See Using file handling processes on page 7 for more information e Unattended operation CreationDirect is designed to enable the automation of business flows between your organisation and Clearstream Banking and can run unattended using automatic scheduling facilities e Straight through processing STP CreationDirect is designed to run under the control of business applications with no requirement for manual intervention thereby enabling straight through processing STP and reducing risk The integration between Clearstream Banking and your systems combined with high levels of automation helps improve processing efficiency and reduces costs and processing errors e Ease of implementation A minimum of effort is required to install and take CreationDirect into live operation Since CreationDirect is supplied on most available platforms training requirements are minimised About this manual This manual is intended for the users of CreationDirect via VPN It also provides technical information that is of use for th
92. tion is only an example February 2010 Clearstream Banking Luxembourg 2 6 CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect 5 Select the Use the following IP address option specify an IP address and a Default gateway and click on OK 6 Close the dialog box and the Network Connections window Note Consult your Network Administrator as necessary You will need this IP address later Customer connectivity check Before performing the CONNECT Direct installation it is important to check your connection with Clearstream Banking 1 Performa ping to the Clearstream Banking CreationDirect server 2 Perform a telnet on port 1364 of the Clearstream Banking CreationDirect server If a connection is not established you should review the configuration of your router and firewall If a firewall has been set up between the router and the CreationDirect PC the TCP port 1364 should be opened for inbound and outbound traffic If you want to test the connectivity between Clearstream and your server please contact us and we will provide you with instructions and perform the test Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual ET CreationDirect via VPN Installing CONNECT Direct from CD ROM N B Be sure to follow the instructions exactly as shown to complete the installation with success Before installing CreationDirect it is recommended that no other programs
93. uest file NODENAME_CSR txt to customeradmin dclearstream com The email request should contain the following information That the certificate request is for CreationDirect Secure Your Company name Your contact name and telephone number The CreationDirect node name to be certified You will be contacted by Clearstream Banking to verify the authenticity of your request After receiving the signed certificate from Clearstream select the Generate Key Certificate tab to display the following dialog box Clearstream Banking Luxembourg CreationDirect via VPN User Manual 2 Installing and maintaining CreationDirect a Certificate Wizard Generate SSH Keys Verify Cerificate Self Signed Certificate Import To Trust Store Generate CSR Generate Key Certificate Generate CA Certificate Chain Lise this screen to generate a keycerttile which contains a private key a certificate matching the private key and zero or more certificates forming a chain of certificates Output Keycernt Meystore Format ca Private Key File Name CANODENAME_pk be Private Key Passphrase essees O OE Certificate File Name e Certificate Chain List C NODENAME crt Add Cipher for Encrypting Private Key CA Root must be present _ Include CA Root in Keycert Key Certificate File Name 11 Make the necessary adjustments and click on Generate to generate the key certificate A message is displayed to confirm successful
94. use CONNECT Direct and you will have to configure the TCP IP stack Creating a user account for CONNECT Direct 1 From your Start menu select Run and type mmc exe m Console1 Console Root ea File Action View Favorites Window Help e B em Console Root There are no items to show in this view 2 Inthe File menu select Add Remove snap in Add the Local Users and Groups snap in and the Group Policy Object Editor snap in for the local computer a Console1 Console Root K Pile Action View Favorites Window Help e m B m iLocal Users and Groups Local S Local Computer Policy E Local Computer Policy E Computer Configuration H User Configuration 3 Right click on the Users folder and create a new user 4 Enter the name CONNECTADM with zero not upper case O 5 Fill in the required information as shown below and click on the Create button Clearstream Banking Luxembourg February 2010 CreationDirect via VPN User Manual oo CreationDirect via VPN COnnectadm Connect Direct Administrator Connect Direct Administrator User mush change password at next logon Note If you do not check the Password never expires option then when you change your password the password entered for the local node user must also be changed accordingly see Creating the local node and local user on page 2 18 6 Add the COnnectadm to the local Administrators group mplete and unrestricte
Download Pdf Manuals
Related Search