3 - Jscape
Contents
1. If s sendmessage command is run without options then user will be prompted for necessary information js setdomainquota The js setdomainquota command may be used to set bandwidth quotas at the domain level in JSCAPE MFT Serwer Usage js setdomainquota options Options d the domain name uq max uploads quota ur uploads quota reset period days dq max downloads quota dr downloads quota reset period days tq max transfers quota tr transfers quota reset period days h display this help menu Chapter 13 Command line utilities 209 210 Command line utilities 1 3 If s setdomainquota command is run without options then user will be prompted for necessary information js setuserquota The js setuserquota method may be used to set bandwidth quotas at user level in JSCAPE MFT Server Usage js setuserquota options Options d the domain name u the usernam uq max uploads quota MB ur uploads quota reset frequency days dq max downloads quota MB dr downloads quota reset frequency days tq max transfers quota MB tr transfers quota reset frequency days h display this help menu f js setuserquota command is run without options then user will be prompted for necessary information js shutdown The js shutdown command may be used to perform an orderly shutdown of all services for all domains in JSCAPE MFT Server In an orderly shutdown all existing processes are allo2. server configuration host ip address port port rest host ip address rest port rest port user username password password For example server configuration host 0 0 0 0 port 10880 rest host 0 0 0 0 rest port 11880 user admin password secret This will configure your JSCAPE MFT Server Service where ip address and port are the IP port that you want the JSCAPE MFT Serer Senice to listen on rest port is the port that you want the REST web senice to listen on and username password are the credentials you will use when connecting to the service This service is what you will connect to using the JGCAPE MFT Server Manager to manage your server Defaults ports for JSCAPE MFT Server Service and REST web service are 10880 and 11880 respectively Note the IP address 0 0 0 0 is a special address that instructs the service to listen on all available network interfaces 4 Startup Administration Service From the opt JSCAPE_MFT_Server directory run the following command start_service sh The JSCAPE MFT Serer Service should now be running To connect to this service and manage your server see the following topics Server configuration gt Launching the administrative client Auto starting in UNIX environments Chapter 2 Installation Installation 2 ZIP Console Installation 1 Place the install zip file in a directory on the destination server 2 Install Run the following command from t
3. Failover l Update index upon group update amp Search Index A JMX Rebuild Index Save changes Cancel Re index files every X hrs Controls the frequency in which user group virtual directories flagged for indexing are automatically re indexed Update index upon file upload If checked file is automatically indexed upon upload Update index upon file rename If checked file is automatically re indexed upon rename or deletion Update index upon account update If checked virtual directories for account are automatically indexed upon account update Update index upon group update If checked virtual directories for group are automatically indexed upon group update JDBC settings The JDBC Drivers node controls what JDBC drivers may be used by JSCAPE MFT Server when storing account and or log information in a relational database JDBC driver downloads Adding a JDBC driver Figure 73 Chapter 18 JSCAPE MFT Server Manager Settings 249 JSCAPE MFT Server Manager 1 8 Gattinnae Home Serer v Help Logout WR Manager Service JDBC Drivers gg Domain Startup Wed Driver Class amp JDBC Drivers Email 2 Failover amp Search Index A JMX Save changes Cancel JDBC driver downloads Microsoft SQL Server JDBC Driver http msdn microsoft com en us sqlserver aa937724 aspx Oracle JDBC Driver http www oracle com technology tech java sqlj _jdbc index html My SQL JDBC Driver http dev mysql com do
4. 3 Directory Monitors f Dron Zones Writing conditions Trigger conditions are defined as a logical expression used to filter events based on event properties An expression consists of zero 0 or more statements with each statement having a variable operator and constant Multiple statements may be joined together using AND or OR clauses to form complex expressions Parenthesis may be used to set statement precedence If the condition is left blank then the trigger actions will be executed anytime the trigger event is fired Example Hour 5 AND Minute 0 OR Hour 22 AND Minute 30 The above expression is true at 5 00 AM or 10 30 PM Testing conditions Prior to deploying a trigger you may wish to test your conditions against sample data to see if the condition logic functions as expected To test a condition go to Step 2 of adding or editing a trigger and click on the Test Expression button At this point you may enter sample data to test against the condition Upon clicking Test a dialog will be displayed indicating the success or failure of the test Figure 56 Chapter 5 Trigger management Trigger management 5 Test Expression X Test Expression Setup expression parameters Expression Hour 5 AND Minute 0 CurrentTimeMillis 0 DayOfMonth 0 Sa DayOfWeek 0 x DayOfYear 0 BA DomainName Hour 0 Millisecond 0 AE w Minute 0 Month 0 cd Second 0 ek ww WeekOfMonth 0 WeekOfY
5. 7 DLP E Tuesday from o0 00 to 23 59 r E Wednesday from 00 00 to 2359 amp Connections x E Thursday from 00 00 to 23 59 V Y Triggers E Friday from o000 tol2as9 Authentication E Saturday from 00 00 to 23 59 gt E Sunday from 00 00 to 23 59 gt amp Users 88 Groups By Reverse Proxies Apply Discard 3 Directory Monitors Drop Zones URL Branding amp Trading Partners Enable time access Enables or disables time based access Setting banned files You may limit the files that user can upload based on filename To enable these settings go to Banned Files node for desired domain If enabled then uploading files matching any of the regular expressions will be disallowed For example in Figure 132 below users may not upload files with a exe extension Figure 132 Home Server v Help v Logout Domain localhost running oi Time Access Banned Files a Banned Files Enable service Compliance E IP Access Path Recursive Pattern Scope J oLP T eee e 4 Connections Ya Triggers E Authentication amp Users amp Groups y Reverse Proxies g Directory Monitors Drop Zones 1 B M lt 4 Page1 f1 gt wm OJ Displaying 1 to 1 of 1 items URL Branding amp Trading Partners Add Edit Delete amp Contacts Chapter 3 Server configuration m 110 Server configuration Path The virtual directory path to which this rule should be applied Rec
6. Ye Triggers E Authentication amp Users 8 Groups ty Reverse Proxies 1 gt M 4 Pagel of4 Db Dl 3 Directory Monitors Drop Zones 3 ud User Report URL Branding amp Q Trading Partners amp Contacts LastLogin Owner 6 22 2015 9 02 38 AM Company Add Administrator Displaying 1 to 1 of 1 items To add a user click on the Add button Chapter 3 Server configuration in the lower right corner The Add User dialog will be displayed Figure 16 Server configuration 3 Add User B Add User Specify new user parameters Info Paths Quotas IP Access Domain Administration Web USER Name Bob Jones Login bjones Password occo Re type password eeee Email r Company Phone Groups F Admins SETTINGS V Enabled J Enable ad hoc email transfers Owner v Expires on 06 24 2014 a ATU ATC ATION OK Cancel User Name The full name of this user Login The login name for this user Password The password for this user Re type password The password for this user Email Optional email address for this user Company The company that this user is associated with Phone The phone number for this user The first field is the country code e g 1 for United States and the second field is the telephone number including any area code the third field is the phone extension This field is used primary in conjunction with Phone Authentication Groups Opti
7. 134 Chapter 4 AS2 Applicability Statement 2 Trigger management 5 Trigger lifecycle To benefit fully from the use of triggers you may find it helpful to understand the lifecycle of a trigger This is explained below 1 Raise event The first step in trigger lifecycle starts with an event There are a number of events that can be listened for in a trigger Examples of these are provided below Current Time This event is automatically raised every minute and can be used for scheduling triggers File Upload This event is raised anytime a file is uploaded via on of the file transfer services provided by the server User Login This event is raised anytime a user attempts to login to the server For a complete list of available events please see the Event type field when adding or editing a trigger 2 Identify matching triggers The next step in the trigger lifecycle is to identify those enabled triggers that are listening for the event type raised For example in the case where a File Upload event is fired all triggers listening for the File Upload event will be identified 3 Filter trigger conditions Next in the trigger lifecycle is to filter those matching triggers even further excluding those that do not match trigger conditions that may have been specified To explain each event has a set of properties that are set when the event is raised These properties can be accessed in trigger conditions and trigger actions using
8. Drop Zones e Add Edit Users Copy Delete URL Branding Trading Partners Stop Pause Add Group To add a group click on the Add button in the lower right corner The Add Group dialog will be displayed Figure 27 d Group B Add Group Specify group parameters Name Admins Path admins Real path C admins Browse Reverse proxy v OK Cancel Name The unique name for this group Path The unique virtual path for this group Real path The real physical directory for this path Note You will be able to add more virtual paths and permissions using the Edit Group function Chapter 3 Server configuration 105 106 Server configuration 3 Reverse proxy The reverse proxy to associate with this path Edit Group To edit a group highlight the group name you would like to edit and click the Edit button The Edit Group dialog is displayed Figure 31 Edit Admins Group gt Edit Group Specify group parameters Path Real Path Reverse Proxy Permissions admins C i admins RWADRLCDLB Add OK Cancel Path The virtual path Real Path Reverse Proxy The real path or reverse proxy this path is mapped to Permissions The permission settings for this path Setting IP based access As an improved security measure you may define what IP addresses are allowed or disallowed access to your domain services To view alist of IP access rules click onthe IP Access node for the d
9. Release 6 2 0 24 Nov 17 2009 Enhancement Added upgrade wizard to GUI installer Enhancement Added Rename permissions flag to virtual directories Enhancement Improved parsing of ssl cfg file Update Changed private client key export so that both keystore and key are password protected Chapter 1 Introduction 19 20 Introduction 1 Bug Fix Resolved issue with 0 bytes of data being reported in log file for ASCII downloads Bug Fix Resolved line termination issue with directory listing commands in FTP S protocols Release 6 2 0 Nov 9 2009 Enhancement Added ability to specify link expiration range when performing ad hoc email file transfers via web interface Enhancement Improved performance for updating directory monitor and bandwidth quotas Enhancement Added ability to require secondary level of authentication using client certificates in HTTP S and WebDAV S protocols Enhancement Added ability to set cipher strength used in SSL protocols Enhancement Added Server name field to File gt Settings gt Web panel This may be used to specify an alternative host name when server is behind a NAT protected firewall in order to prevent leaking of internal IP information Enhancement Added Ad Hoc Email File Transfer action for performing ad hoc email file transfers programmatically Bug Fix Resolved issue with temporary files not being deleted that were created during indexing of PDF documents Release 6 1 0 60
10. Web SSO SSO Single Sign On is a method by which users can login to one service identity provider and automatically be granted access to other services service provider without the need to login separately to these other services An example of this would be logging into Google Apps and automatically be granted access to your JSCAPE MFT Server account without the need for a separate login In the example screenshot below Figure 171 Google Apps would serve as the identity provider and your JSCAPE MFT Server instance as the service provider JSCAPE MFT Server provides support for web based SSO using SAML OpenID and OpenID Connect compliant identity providers Please consult the documentation of your identity provider for details on how to enable configure SSO Login URL To perform a web SSO login use the following URL format Chapter 3 Server configuration Server configuration 3 https hostname sso domainname login For example if your hostname is 1 2 3 4 and your domain is mydomain this URL would look as follows https 1 2 3 4 sso mydomain login If you have already authenticated with your identity provider then you will be automatically logged into JSCAPE MFT Sener If not then you will be redirected to the Sign in URL for your identity provider After authenticating with your identity provider you will be automatically logged into JSCAPE MFT Server Note SSO applies only to web based sessions Other protocols FTP S
11. Certificate type Version Serial Issuer Subject Valid not before Valid not after Signature Domains RSA X 509 3 1096452880 C US ST Florida L Miami O Your Company Name OU IT Department CN www domain com C US ST Florida L Miami O Your Company Name OU IT Department CN www domain com 06 03 2013 06 02 2018 4e 09 92 35 b3 04 c3 e5 0a bd bd 3 a8 c1 54 2e 92 3 3 29 8b 0d fazed 3a e7 36 74 74 04 92 b5 localhost Import Export Generate CSR Select the Client Keys tab and click on the Generate button The Generate Client Key dialog is Generate Delete Import Certificates Step 1 displayed _ Generate Client Key Figure 66 Client key generation Specify key parameters Key alias Key algorithm Key length Validity Common name CN Organization unit OU Organization O Locality L State Province ST Country C 230 Chapter 17 Key management John Smith IT JSCAPE Miami FL US Cancel Key management 1 T Key alias Alias you wish to assign to the key Key algorithm The algorithm used in generating this key Valid options are RSA and DSA Key length The length of the key in bytes Valid options are 1024 and 2048 Validity The number of days this key is valid Common name The name you wish to assign this key For a client key this is typically the full name of the user e g John Smith Organizational unit T
12. Enhancement Added UsernameEmail and UsernameName variables to all trigger events that have Username variable These events allow for retrieval of the user s email address and real name respectively Bug Fix Fixed issue in WebDAV protocol and Java Applet with properly escaping filenames Bug Fix Fixed issue in that server was using random source port instead of expected port 20 for non passive transfers Bug Fix Fixed NullPointerException experienced when using Database Query Authentication module Bug Fix Fixed append issue experienced when using SFTP protocol Release 5 0 Feb 23rd 2009 Enhancement Improved performance for PGP encryption and decryption actions Enhancement Added token less two factor authentication support Enhancement Improved performance for directory monitors Enhancement Added ability to define a file latency period for a directory monitor Enhancement Added ability to assign a directory monitor to a user Enhancement Added check for whether file is being currently written to in a directory monitor Enhancement Added ability to vew bandwidth quotas and directory monitor quotas for a user via web interface Enhancement Added built in support for Spanish French German and Russian to web interface Enhancement Updated LDAP Query Authentication module to support using different LDAP user credentials for authentication and search Enhancement Added js sendmessage command line utility for emailing all acc
13. The IP address or IP address mask to allow or deny access Reason Reason access is allowed or denied Access allowed Select to have access allowed Access denied Select to have access denied IP mask examples Examples of valid IP masks are as follows 192 168 1 1 Allows Blocks a single IP address 192 168 1 Allows Blocks all IP addresses in a class C IP block 192 168 Allows Blocks all IP addresses in a class B IP block x Allows Blocks all IP addresses Setting time based access 3 Cancel ou may limit the time of day that users may connect to your services To enable these settings go to the Time Access node for the desired domain If a day is enabled then users may only access services between the period specified for that day If a day is not enabled then there is no restriction on what time of day the user may access services Dates times are based on the current local time on the server For example in Figure 131 below users may access services Tuesday thru Sunday without restriction On Mondays user may only connect between 6 00 AM and 12 00 noon local time Figure 131 Chapter 3 Server configuration Server configuration Home Server Y Help Logout Domain localhost running 3J vsmeswre Time Access oY Time Access Banned Files Enable time access amp Compliance DAY OF WEEK ACCESS IP Access ee f a 7 Monday from 06 00 to1200
14. l Secured Denied Permissions Add Variable OK Cancel Path The virtual path that will be made available to the User account Virtual paths should always start with a slash character For example a valid virtual path might be docs Real path The real path on your domain that this virtual path maps to Reverse Proxy If you are mapping this path to a reverse proxy then select it here Create directory if not found Creates directory on server if not found when accessed by user Include in search index If checked files in directory will be indexed for search purposes Permissions Check the permissions that this user will be granted for the virtual path 3 To finish click OK Your new virtual path will be displayed in the virtual path listing for the user account Creating virtual paths for a Group When creating a virtual path for a group all users who are members of the group will have access to the virtual path 1 From the Groups node select the group you wish to define the virtual paths for and click the Edit Chapter 3 Server configuration Server configuration 3 button The Edit Group dialog is displayed Figure 43 Edit Administrators Group 3 Edit Group Specify group parameters Path Real Path Reverse Proxy Permissions admins CA RWADRLCDLB Add OK Cancel 2 A list of virtual paths is displayed at the bottom of the screen for this group To add a path click the Add button Figure 191
15. Create a Java class which implements the com jscape inet mft authentication Hasher class 2 Overload the public String createHash String login String password method returning the hashed value 3 Create a JAR file that contains the compiled version of your com jscape inet mft authentication Hasher implementation To compile your authentication class you will need to include the ftpserver jar library in your classpath The ftpserver jar library may be found in the 1ibs directory for JSCAPE MFT Serer 4 Place the JAR file created in step 3 into the libs directory of your JSCAPE MFT Server installation 5 Shutdown any open instances of JSCAPE MFT Server Manager and restart the JSCAPE MFT Server Service 6 Inthe Hash password class field ofthe Database Query Authentication or LDAP Query Authentication service enter the full classname including package name of your hash provider Phone Authentication The Phone Authentication module in JSCAPE MFT Server provides tokenless two factor authentication support for your user accounts This is a very secure method of authenticating users in that it combines something users know their username password with something they have a telephone or cellphone Using the Phone Authentication module ensures that even if a user s password is stolen their account cannot be compromised How it works 1 User authenticates with JSCAPE MFT Server service as normal 2 User instantly receives a ph
16. Time Access Limit concurrent transfers to 10 8 Banned Files Variable Value 2 Compliance IP Access J DLP Connections Yq Triggers E Authentication amp Users 88 Groups fg Reverse Proxies 3 Directory Monitors f Drop Zones bs Stop Pause Limiting number of concurrent triggers You may wish to limit the number of concurrent triggers that are running in JGCAPE MFT Server Since each trigger and it s associated actions take up a portion of memory and CPU this is useful in cases where many triggers could be running simultaneously causing your server to be overloaded To prevent this you can optionally set the maximum number of concurrent triggers If the maximum number of concurrent triggers is reached then triggers will be placed in a queue for later execution If the size of the queue is exceeded then an error message will be written to the server activity log Limiting number of concurrent transfers You may wish to limit the number of concurrent file transfer related trigger actions that are running in JSCAPE MFT Server Since each file transfer related trigger action takes up a portion of bandwidth and disk I O this is useful in cases where many file transfer triggers could be running simultaneously causing your server to be overloaded To prevent this you can optionally set the maximum number of concurrent file transfers If the maximum number of concurrent file transfers is reached then file transfer triggers actions will b
17. https enable https true false h display this help menu If js addservicewebdav command is run without options then user will be prompted for necessary information js adduser The js adduser command may be used to add a user to JSCAPE MFT Server Usage js adduser options Options d lt name gt the domain name t lt name gt the template nam n lt name gt the user full name u lt name gt the usernam login p lt password gt the account password r lt path gt the user home directory a lt permissions gt the user home directory access permissions RWADRLCDLB e lt email gt the email address g lt name gt the group c lt name gt company name f force exit success if user already exists h display this help f s adduser command is run without options then user will be prompted for necessary information See also Virtual path permissions js adduserdir The js adduserdir command may be used to add a directory path to an existing user in JSCAPE MFT Server Usage js adduserdir options Options d the domain name u the usernam p the path r the real directory path a the path access permissions RWADRLCDLB Chapter 13 Command line utilities Command line utilities 1 3 h display this help menu f s adduserdir command is run without options then user will be prompted for necessary information See also Virtual path permissions js as2util The j
18. password age This option can be overridden at the user level by enabling the Ignore password aging rules option Email password change reminder Emails a password change reminder to the email address associated with user the defined number of days before password reaches maximum password age To function correctly an SMTP server must be configured under Server gt Settings gt Email in JSCAPE MFT Server Manager Note email reminders are sent daily approximately 10 minutes after start of JSCAPE MFT Server and every 24 hours thereafter Chapter 3 Server configuration Server configuration 3 Password must not match previous Requires that new passwords must not match the defined number of previous passwords Deny login for password non compliance If enabled user password will be verified at time of login to check that it meets compliance requirements If it matches user password but does not meet compliance requirements then user will be denied login Required characters Passwords must contain the selected characters Adding trading partners A trading partner is defined as a remote service that you want to regularly exchange data with Trading partner information may be used in triggers when performing scheduled or event based file transfers The purpose of the trading partner module is to centralize remote host credentials so that they can be reused within trigger actions Used properly if a remote host changes their hostname
19. 122 170 Chapter 6 Web based file transfers Web based file transfers 6 Add Form x Upload Form Setup form parameters Name My Form Description Prompt Batch File Require group w V Enabled ELEMENTS Name Type Value Required Add OK Cancel Name The Name of this form Description A brief description of this form Prompt Sets the prompt method for this form Batch mode shows the form once for a batch of files to be uploaded File mode shows the form for each file to be uploaded Require group Requires that user be a member of specified group for form to be available Enabled Sets whether the form is enabled Creating upload form fields Forms may include one or more of the following field types To add a form field click on the Ada button Figure 123 Chapter 6 Web based file transfers 171 172 Web based file transfers 6 Add Form Field k Form Field Setup form field parameters Name First Name Type text v Value 4 Required OK Cancel Text A single line text field Memo A multi line text field Dropdown A single select drop down list Available choices must be specified in Value field in comma delimited format e g value1 value2 value3 Multiselect A multi select drop down list Available choices must be specified in Value field in comma delimited format e g value1 value2 value3 Radio A single select radio button option Available choices must be specified in Value fie
20. 2 Read and accept license agreement Click Next to continue Figure 174 Chapter 2 Installation 31 Installation License Agreement Please read the following important information before continuing Please read the following License Agreement You must accept the terms of this agreement before continuing with the installation JSCAPE MFT SERVER LICENSE STATEMENT AND LIMITED WARRANTY IMPORTANT READ CAREFULLY This license statement and limited warranty constitutes a legal agreement License Agreement between you either as an individual or a single entity and JSCAPE LLC CISCAPE for the software product Software identified above induding any software media and accompanying on ine or printed documentation I accept the agreement I do not accept the agreement 3 Select installation directory Click Next to continue Figure 175 Select Destination Directory Where should JSCAPE MFT Server be installed 4 Select components to be installed See Software components for details Click Next to continue Figure 176 32 Chapter 2 Installation Installation Select Components Which components should be installed gt Select the components you want to install dear the components you do not want to install Click Next when you are ready to continue JSCAPE MFT Server Manager JSCAPE MFT Server 5 Enter name of Start Menu Folder Click Next to co
21. Azure Multi Factor Authentication SDK license and private key files Password Your Microsoft Azure Multi Factor Authentication account password This password can be found in the private key password txt file that was provided as part of the Microsoft Azure Multi Factor Authentication download Allow international calls If checked fee based calls may be made to areas outside of the free Global Services locations defined by Microsoft Azure Multi Factor Authentication Figure 120 Chapter 3 Server configuration 91 92 Server configuration 3 Edit test User 3 Edit User Specify user parameters Info Paths Quotas IP Access Domain Administration Web USER Name Change Password Email Company Phone 1 2345555555 Groups m m SETTINGS V Enabled V Enable ad hoc email transfers Owner Expires on 07 02 2014 fe lt AUTHENTICATION Require secured connection Use phone authentication OK Cancel Note Make sure that you enter the country code and phone number including any area code in the Phone field for your users using this service The first field is your country code 1 for the United States the second field is your phone number including any area code the third field is an optional extension Itis important that you do not include any non numeric values in your phone number e g hyphens parenthesis etc This will be the number that is called when performing phone authentication
22. B Report Setup repor parameters Name Weekly Report Description V Metrics S m _ Search results v _ Re run search OK Cancel Name A unique name for this report Description A description of this report Metrics The metrics you wish to include in this report Search results A search result to use when running this report Re run search Enable if you wish to re run search results Setting user datastore The user datastore is the location of where you will store all user and group account information There are three types of datastores file per record file and database The file per record and file datastore are similar in that they store all user account information in a directory located on the JSCAPE MFT Server machine The difference between the two lies in how they store account information Inthe file per record datastore separate files are created for each user and each group with a usr or grp extension respectively In the file datastore a single file named Chapter 3 Server configuration 71 72 Server configuration 3 accounts dat is created to store account information and a single file named groups dat is created to store group information In both cases these files are stored in the specified store directory The file per record datastore is much more efficient when managing a large number of users and is the default recommended choice for file based datast
23. Format The format in which to export certificate Chapter 17 Key management Figure 189 233 234 Key management 17 Export Public Key x Public key export Specify key file parameters Key filename jsmith pub Format x509 v OK Cancel Key file The filename to export public key file to Format The format in which to export public key OpenPGP keys Overview JSCAPE MFT Server includes built in support for PGP and works with many popular PGP clients PGP is typically used to provide an additional layer of security on top of any network protocol security e g SSL SSH that may be used A common scenario is to PGP encrypt all files automatically upon successful upload to the server This ensures that in the unlikely event your server is compromised the attacker would still be unable to view PGP encrypted files without having the secret key needed to decrypt them Using PGP to encrypt files at rest is a common way of meeting government compliance standards such as the PCI DSS standard used for protecting credit card information Additional libraries needed for OpenPGP PGP compatibility matrix Generating a key Importing a public key Exporting a public key Encrypting files and virtual paths PGP encryption primer PGP is a method of protecting digital content using a pair of PGP keys PGP encryption makes it nearly impossible for someone to view the contents of an encrypted file without possessing the secret key a
24. Grammar When using LDAP Query Authentication you must define a filter that will be used to identify the record you are searching for The syntax of LDAP filters are defined in RFC 2254 The table below provides a list of valid expressions and their meanings Greater than sn gt Smith ae ee surname that alphabetically follows Smith Greater than or equal to sn gt Smith Any surname that includes or alphabetically follows Smith sn lt Smith Any surname that Chapter 3 Server configuration Server configuration 3 alphabetically precedes Smith Any surname that includes or alphabetically precedes Smith All surnames all entries with the sn attribute sn Smi Any matching substring of Smith amp sn Smith cn John Surname of Smith and common name of John sn Smith sn Jones Surname of Smith or Jones sn Smith Surname not equal to Smith See also Authenticating with Microsoft Active Directory NTLM Authentication Using NTLM Authentication you may authenticate against an existing Windows domain Figure 118 Home Server v Help Logout Domain localhost running JRE Authentication Two Factor Phone Authentication Web SSO my Time Access Banned Files Service type NTLM authentication v amp Compliance Host IP Access 192 168 1 1 Windows domain DOMAIN 7 DLP v Create user if not found using template Default v Reone Convert username before creation to lowercase v W Tr
25. Server configuration 3 Using trading partners in triggers There are a number of file transfer related trigger actions that can use trading partner credentials in their work These include the following actions Trading Partner Create Directory Trading Partner Delete Directory Trading Partner Delete File Trading Partner Directory Download Trading Partner Directory Upload Trading Partner File Download Trading Partner File Upload Trading Partner Rename File See also Trigger management Monitoring server resources using JMX The JMX service included with JSCAPE MFT Server allows you to more closely monitor usage of CPU and memory resources It is meant to be used with a Java profiling application such as VisualVM Connecting via JMX In order to connect via JMX you will need to provide a connection URL Please use the format provided below service jmx rmi hostname serverport jndi rmi hostname registryport server where hostname and port are the hostname and port that JMX senice is listening on Note if you are listening on host IP 0 0 0 0 then you will need to replace the hostname in the URL with the actual IP address of the server Also it is important that when connecting remotely that both the Server port and Registry port are allowed inbound connections for any firewall JMX Credentials To connect via JMX you must provide valid administrator credentials Administrators for JSCAPE MFT Server are defi
26. a password Options available include e user defined password sent out of band Sender specifies a password that is communicated to recipient out of band e g over the phone or other method e random password sent via email A random password is generated by the server and included in email message sent to recipient Expires The number of days for which these files may be accessed by the recipient Max downloads The maximum number of times recipient may download files Delete after max downloads Automatically deletes file after maximum number of downloads is reached See also Enabling email transfers Managing contacts The Contacts module may be used to manage email contacts for use in ad hoc email transfers In sending an ad hoc email transfer recipients may be selected from the Contacts module rather than typing in the email address each time Contacts may be defined as private visible only to the user that created the contact or public visible to all users for the domain Contacts without an owner are considered private contacts Contacts may be created managed from either the Contacts module in JSCAPE MFT Server Manager or via the Contacts module in the web interface under My Account By default contacts created in the web interface are private contacts visible only to the user that created them unless user has domain administration rights and the ability to create public contacts Figure 144 Chapter 7 Email transfer
27. and run the following command server configuration host ip address port port rest host ip address rest port rest port user username password password For example server configuration host 0 0 0 0 port 10880 rest host 0 0 0 0 rest port 11880 user admin password secret This will configure your JSCAPE MFT Server Serice where ip address and port are the IP port that you want the JSCAPE MFT Serer Senice to listen on rest port is the port that you want the REST web servce to listen on and username password are the credentials you will use when connecting to the service This service is what you will connect to using the JGCAPE MFT Server Manager to manage your server Defaults ports for JSCAPE MFT Server Service and REST web service are 10880 and 11880 respectively Note the IP address 0 0 0 0 is a special address that instructs the service to listen on all available network interfaces 4 AlXsystems are typically configured to run the IBM JVM therefore it is necessary to make some changes to various configuration files in order to instruct the JVM on what security provider and encryption algorithm to use for starting up the JSCAPE MFT Server Serice See Running under IBM JVM for complete details and instructions 5 Startup JSCAPE MFT Server Service From the JSCAPE MFT Server installation directory run the following command start_service sh The JSCAPE MFT Server Service should now be
28. applet Enhancement Added sorting capabilities to Directory Monitors Reports Groups and Resources sections of JSCAPE MFT Server Manager Enhancement Added ability to disable ASCIl Binary option in HTML user interface Bug Fix Fixed hanging progress bar experienced in HTML based user interface if user loses Internet connectivity during file upload User now receives an error message indicating that the connection was lost Bug Fix Fixed data timeout channel issue experienced during large file transfer when using FTP S protocols and non passive connection Release 3 5 Oct 22 2007 Enhancement Added ability to define a secondary JSCAPE MFT Server failover server to which all primary server configuration details are synchronized Failover servers may be chained together to form a cluster Enhancement Added ability to specify directory quotas when using a Directory Monitor Enhancement Added asynchronous logging support to file and database logs Enhancement Added Log Action option to all events that determine whether action success or failure will be logged Enhancement Added optional automatic logout capabilities to HTML user interface which detects long periods of inactivity Enhancement Added ability to disable showing of hotkeys on buttons in HTML user interface Enhancement Added support for importing chained certificates in Key Manager Enhancement Added implicit SSL support to LDAP authentication modules Enhancement
29. are often unable to fully utilize bandwidth available in effect greatly increasing the amount of time needed to transfer a file The effects of this are often seen in satellite transcontinental and transoceanic file transfers AFTP solves this problem by changing the way file transfers are performed Rather than relying exclusively on TCP AFTP has two communications channels using a combination of TCP and UDP protocols The first channel called the control channel uses TCP and is responsible for tasks such as user authentication file management and coordinating file transfers The second channel called the data channel uses UDP and is responsible for transferring file data Unlike TCP UDP does not suffer the same level of throughput reduction when compared to TCP under similar network conditions AFTP is able to capitalize on this by transmitting a majority of data over UDP thus providing optimal throughput AFTP implementations can achieve reliable file transfers while reducing file transfer times by several orders of magnitude up to 100x when compared to TCP based file transfer protocols Will AFTP work for me AFTP provides the greatest performance gains when used in high bandwidth networks gt 5Mbps that suffer from high latency gt 50ms For example a file transfer between Tokyo and Los Angeles over a 45Mbps connection is likely to have high latency given the geographical distance between these two Chapter 8 Monitoring directo
30. are treated as strings so must be enclosed in single quotes Hash password class The Java class to use for hashing password before passing to SQL query Ifno class is specified then password will be passed to SQL query in clear text Create account if not found using template This allows for accounts to be created automatically upon successful authentication If selected an account will be created automatically if it does not exist already using the specified User Template Convert username before creation to If enabled the username supplied will be converted to specified case before passing username to specified User Template See also Password Hashin LDAP User Authentication LDAP User Authentication allows you to authenticate a user based on whether the user has the credentials to connect to the LDAP or Active Directory service Figure 61 Home Server v Help Logout Domain localhost running ARSE Se Authentication Two Factor Phone Authentication Web SSO 3 9 Time Access Banned Files Service type LDAP authentication v 3 Compliance Host E IP Access 22 168 a 1 Port 389 E l 7 DLP Timeout 30 sec 1 43 Connections User DN username ad domain com Yay Triggers C Use SSL connection L Allow anonymous binding E Authentication V Create user if not found using template Default ed Users Convert username before creation to lowercase v amp Groups Use failover server tg Reverse Proxies FAILOVER S
31. deleted Next the production server copies all it s domains to the failover server This is known as a full synchronization and ensures that both servers are running an exact copy 2 When using automatic synchronization each event on the production server is sent to the failover server where it is processed For example if a user is added on the production server then this event is sent to the failover server where the user is also added keeping the two servers in sync in real time This is known as a partial synchronization This process is more efficient than doing a full on demand synchronization because only the changes made on the production server are synchronized rather than sending all production server configuration data Note the synchronization process is one direction only from production server to failover server Changes made on the failover server are not automatically synchronized back to production server If for some reason you must synchronize data from failover to production e g you need to recover your production server after using failover server in production mode then an on demand synchronization must be performed as follows 1 Disable failover module on production server This ensures that when performing on demand synchronization you do not create an endless synchronization loop Chapter 3 Server configuration 121 122 Server configuration 2 On failover server enable failover synchronization setting failov
32. domain name g the groupname h display this help menu If js delgroup command is run without options then user will be prompted for necessary information js deluser The js deluser command may be used to delete an existing user from JSCAPE MFT Server Usage js deluser options Options d the domain name u the usernam f force exit success if user does not exist h display this help menu f js deluser command is run without options then user will be prompted for necessary information js enablehttp The js enablehttp command may be used to enable HTTP service in JSCAPE MFT Server Usage js enablehttp options Options host http host p http port h display this help menu If s enablehttp command is run without options then user will be prompted for necessary information js enablehttps The js enablehttps command may be used to enable HTTPS service in JSCAPE MFT Server Usage js enablehttps options Options host lt value gt host address p lt value gt port k lt alias gt server key h display this help menu f j s enablehttps command is run without options then user will be prompted for necessary information Chapter 13 Command line utilities Command line utilities 1 3 js importcontacts The js importcontacts command may be used to perform bulk import of contacts stored in CSV file format Usage js importcontacts options Options d the domain name f file to
33. e7 36 74 74 04 92 b5 localhost al m Import Export Generate CSR Generate Delete Import Certificates Select the Server Keys tab and click on the Generate button The Generate Server Key dialog is displayed Figure 23 Generate Server Key Server key generation Specify key parameters Key alias Key algorithm Key length Validity Common name CN Organization unit OU Organization O Locality L State Province ST Country C jscape server jscape com IT JSCAPE Miami FL US OK Cancel Key alias Alias you wish to assign to the key Key algorithm The algorithm used in generating this key Valid options are RSA and DSA Chapter 17 Key management Key management 1 r Key length The length of the key in bytes Valid options are 1024 and 2048 Note for key lengths greater than 1024 you must install the Unlimited Jurisdiction Policy Files Validity The number of days this key is valid Common name The name you wish to assign this key Typically the domain name this key will server e g ftp mydomain com Organizational unit The unit within your organization that this key will be used for e g IT Organization Your organization name Locality Your city State Province Your state or province Country Your 2 character country code e g US Obtaining a trusted certificate If you decide to use the web interface for performing file transfe
34. event variables For example a trigger may choose to listen only for File Upload events where the login of the user that uploaded the file matches a specific value Example Condition Username test Note each event has different event variables available to it For example the File Upload event has a LocalPath variable that may be used to identify the absolute path of the file uploaded This variable however is not available in the User Login event To see what variables are available for each event type please use the Variables button when adding a Chapter 5 Trigger management 135 136 Trigger management 5 condition or the Add Variable button when adding an action to a trigger See also Writing conditions 4 Prepare for execution Now that triggers have been identified and filtered the next step is to prepare for the execution of those triggers Each trigger may be executed in asynchronous concurrently or synchronous sequentially mode depending on the settings for the individual trigger At this point in the lifecycle these triggers are split into two separate queues one for asynchronous triggers and another for synchronous triggers Those triggers in the asynchronous queue are executed first followed by those in the synchronous queue Those triggers in the synchronous queue are executed in the order they are defined in the Triggers module of JSCAPE MFT Server The order of execution for synchronous triggers can be con
35. jpam jar file instead of the Java Native Library Path This is incorrect For JPam to work with JSCAPE MFT Server you must place native library in the Java Native Library Path and not in the 1ibs directory of JSCAPE MFT Sener 3 Configure JPam for use by editing the net sf 4pam file and copying it to to etc pam d directory 4 Restart JSCAPE MFT Server Service 5 Using JSCAPE MFT Server Manager go to the Authentication node and set the Service type to PAM authentication and enable other options See Figure 117 6 Click Test Parameters button to test Figure 117 Home Serer v Help Logout Domain localhost running Jae Authentication Two Factor Phone Authentication Web SSO 9 Time Access 6 Banned Files Service type PAM authentication v amp Compliance BS IP Access Enable debug to file system_output log 7 DLP V Create user if not found using template Default v Convert username before creation to lowercase v amp Connections W Triggers E Authentication Test Parameters amp Users amp Groups Bg Reverse Proxies Apply Discard 3 Directory Monitors Drop Zones URL Branding Enable debug to file system_output log Sends debugging information to file system_output log in installation directory Create account if not found using template This allows for accounts to be created automatically upon Chapter 3 Server configuration Server configuration successful authentication If selected an accoun
36. labels to date fields specifying expected date format Enhancement Added support for PEM and PKCS 8 formats when exporting a private client key Enhancement Added ability to export private server keys Enhancement Added none to default list of supported compression types for SFTP service Update Removed support for Flash uploads All uploads are now performed using native file upload capabilities of browser Bug Fix Resolved file locking issue in AFTP service Bug Fix Resolved error with Chrome and IE browsers connecting using SSL Bug Fix Resolved issue with Sftp File Upload action when Overwrite If File Exists option is enabled Bug Fix Resolve line termination issue for directory listings when using FTP S protocols Bug Fix Resolved lexical processing error experienced with web upload form variables used in trigger conditions Bug Fix Resolved issue experience when sending email to from long email addresses Bug Fix Resolved issue with incorrectly reported Current transfers value as reported in JSCAPE MFT Server Manager Bug Fix Resolved issue in Ftp Regex File Download action that would attempt to download a matching directory Bug Fix Resolved issue with importing SSH public keys Bug Fix Resolved issue with non existing file being returned in directory listings Release 8 1 Jan 14 2012 Enhancement Complete rewrite of the AFTP protocol providing for accelerated file transfers over high latency networks Enhance
37. memory consumption in Java applet and improved progress monitor when transferring directories Bug Fix Resolved issue with DLP module that could release files that have been modified but not yet re indexed Bug Fix Resolved issue where user could not rename a file if download permissions were not granted Bug Fix Resolved issue in SFTP protocol where IP may be blocked but user is still able to perform authentication attempts using an existing connection Bug Fix Resolved memory leak issue when performing failover synchronization Bug Fix Resolved issue with potential socket timeouts in automatic failover synchronization Bug Fix Resolved issue of uploading files to server over SCP using wildcards Bug Fix Resolved issue when using shared review capabilities in Acrobat Pro with WebDAV service Bug Fix Resolved issue of no data being presented when generating report using same start date and end date arguments Bug Fix Resolved issue regarding use of variables in email password subject property when performing ad hoc file transfers Bug Fix Resolved issue with FTPS protocol where if download permission is not granted and user attempts to download a file a data connection channel is never opened by server resulting in data channel timeout by some clients Bug Fix Resolved issue with Run Process action hanging when using Windows powershell script Bug Fix Resolved issue where the Uploaded since start value displayed in JSCAPE MFT Ser
38. neutral way The most common use is in the formatting of dates For example assume that you need to get numeric month and day of month values in the format MM DD To achieve this you could use the Month and DayOfMonth event variables The problem however is that the Month and DayOfMonth event variables return integer values not strings returning the incorrect format for months and days whose values fall between 1 and 9 To resolve this issue you must use the Format function to format the Month and DayOfMonth values in the desired format The example below demonstrates how a MM DD format could be achieved Chapter 5 Trigger management Trigger management 5 SFormat 0 number 00 1 number 00 Month DayOfMonth The Format function uses the java text MessageFormat Class that is provided as part of the JDK For more information on how patterns may be used please consult the JavaDoc documentation for this class available at http docs oracle com javase 6 docs api java text MessageFormat html Defining custom action types You may define your own custom actions using the JSCAPE MFT Server Java Management API classes To write your own action class extend the com jscape inet mft workflow AbstractAction class and implement the abstract execute method to perform the work of your action Below is an example implementation of the AbstractAction class This example prints a message to System out and the log datastore JSCAPE MFT Ser
39. or more files and or directories and click the Email File s button A dialog will be displayed prompting you for additional information Figure 92 Email File s To jsmith domain com od i ap Add Cc Add Bec From test jscape com Add Reply To Subject Files to download Message Hi John Here are the files that you requested Files jscape_mft_gateway_datasheet_pdf jscape_mft_monitor_datasheet pdf jscape_mft_server_architecture_pdf Expires 90 v days Max downloads 6 Delete after max downloads Send Cancel To The email address to send the email message to Multiple addresses may be separated using a comma Existing contacts may be selected by clicking the Contacts icon next to To field Add Cc Adds Cc carbon copy email addresses Add Bcc Adds Bcc blind carbon copy email addresses From The From address to send the email message from This will default to the email address of the user sending the ad hoc email If no email address is found then the From address defined in Server gt Settings gt Email will be used Add Reply To Sets Reply To header for email message providing a Reply To address that may be different than the default From email address Chapter 7 Email transfers 185 186 Email transfers T Subject The subject of the message Files The files to send Password protect with If password protection is enabled then user may have the option to specify
40. panel in Key Manager Signature algorithm The algorithm used for signing AS2 messages Enable compression If checked AS2 messages will be sent compressed Sending an AS2 message manually To send an AS2 message manually go to the AS2 Messages module for your domain and click the Send File button You will be prompted for the file and AS2 trading partner to send the message to Figure 167 Chapter 4 AS2 Applicability Statement 2 131 AS2 Applicability Statement 2 4 Home ener Help ogout Domain localhost running AS2 Messages Date Type Direction Message ID AS2 From AS2To Filename Status User Trading Partne MDN 4 23 2015 8 53 04 AM receipt unknown lt 24972923982 you me test successful test sync Logging 4 23 2015 8 53 04 AM Send AS2 File sync me Ropas 015 8 22 04 AM sync ae Send AS2 File ync AS2 Messages 22 04 AM Specify trading partner and file sync eS 015 8 21 56 AM sync OEE Manages Trading parner gcathost as2 v 5 8 21 55 AM P sync File C Users desktop ini Browse 4 10 2015 10 35 15 AM sync 4 10 2015 10 35 14 AM sync OK Cancel Banned Files 41712015 6 27 24 AM sync Compliance 4 7 2015 6 27 23 AM receipt unknown lt 41080019355f test test test sync SIP Access 10 x Page 1 of6 gt 3 Displaying 1 to 10 of 51 items 7 DLP 2 Connections Refresh Send File YW Triggers Trading partner The AS2 trading partner to send file to File The file to send Sending an AS2 messag
41. period of time of being disabled due to too many unsuccessful logins Bug Fix Fixed trigger timeout issue where if an action ran for more than an hour subsequent actions would not be processed Bug Fix Fixed issue with password policies not being enforced when creating users via web user interface Bug Fix Fixed issue with creating a directory renaming files or emailing multiple files in HTML user interface when using Windows Vista and IE7 Bug Fix Fixed issue in js adduser command line utility Bug Fix Fixed issue in js adduserdir command line utility Bug Fix Fixed issue with being unable to download files via HTML user interface that contain special characters Bug Fix Fixed performance issue experienced when assigning accounts to a group Bug Fix In File gt Settings gt Email panel of JSCAPE MFT Server Java Management API client keys were listed instead of OpenPGP keys Bug Fix Fixed memory issue experienced when adding more than 25 domains Release 4 1 Jul 21 2008 Chapter 1 Introduction 23 24 Introduction 1 Enhancement Updated behavior of ManagerSubsystem addAccount to throw an exception if the account already exists and added ManagerSubsystem setAccount method for use in overwriting an existing account Enhancement directory or file Enhancement Enhancement Enhancement Enhancement Enhancement Updated PGP Encrypt File and PGP Decrypt File actions to allow specifying a destination Added N
42. saved Enhancement Enhancement Enhancement Added Max connections user option to Connections module Added ability to prefer AFTP protocol when using Java applet v s WebDAV protocol Ad hoc file transfer passwords are now automatically trimmed to prevent validation errors during copy paste Enhancement Updated Branding URL module so that it is applied to Logout Reset Password and Registration pages Enhancement Enhancement Chapter 1 Added client REST API functions for retrieving tags Improved usability and syntax handling of functions and variables in Triggers module Introduction Introduction 1 Enhancement Added Delete On Upload Delete On Download options to all Regex File Upload Download trigger actions Enhancement Improved resource editor in Server gt Settings gt Email gt Resources panel Enhancement Updated User and User Template panels to be more intuitive Enhancement Redesigned Trading Partners user interface Enhancement Added a js triggersreport command line utility that will provide a report of all triggers actions and settings Enhancement Added support for various SHA2 MAC ciphers used in SFTP serice Enhancement Improved server0 log rotation logic so that it is not automatically rotated on restart Enhancement Redesign of Domain Administration panels for User and User Template Enhancement Added AuthenticationMethod property to User Login event Enhancement Added asynchron
43. text editor change the value of the INSTALL_DIR variable to the absolute path of your JSCAPE MFT Server installation directory The default value for the INSTALL_DIR variable is opt JSCAPE_MFT_Server which is consistent with Linux RPM installations Your installation directory may vary 4 Set this script to be executed automatically upon system startup using the following command s Linux sbin chkconfig add jscape Solaris 9 in etc init d jcsape etc rc3 d Sxxjscape in etc init d jcsape etc rc0 d Kxxjscape Note If you are running under Ubuntu environment then the chkconfig command is not available Instead you must run the following command as root user from etc init d directory update re d jscape defaults Starting the service From the etc init d directory and as root user run the command jscape start to start the serice Stopping the service From the etc init d directory and as root user run the command jscape stop to stop the service Restarting the service From the etc init d directory and as root user run the command jscape restart to restart Chapter 2 Installation Installation 2 the service See also Running as non root user in UNIX environments Auto starting in Solaris 10 environments Solaris 10 uses SMF Service Management Facility for creating and managing services To enable JSCAPE MFT Server as a service perform the following 4 AS root user create a user and grou
44. to implement IP user based authentication ar public class UserlIPAuthentication implements AuthenticationService private static final String username jsmith private static final String password secret private static final String ip 127 0 0 1 Authenticate user credentials 7 public void authenticate Credentials creds throws AuthenticationException if creds getLogin equals username amp amp creds getPassword equals password Chapter 3 Server configuration 97 98 Server configuration 3 amp amp creds getClientIp equals ip ignore else throw new AuthenticationException Authentication failed creds getLogin creds getClientIp creds getPassword The example above authenticates successfully if the username is jsmith the password is secret and the client IP address is 127 0 0 1 See also Setting authentication preferences Adding anonymous user accounts For security reasons anonymous access by default is not enabled To enable anonymous access simply create a new user account with the login name of anonymous and an empty password See also Adding users Defining virtual paths Virtual paths are virtual file system paths that map to a physical path on your domain and have their own set of permissions This allows you to have complete control over what resources users may access on your domain without having to manage use
45. trigger events Enhancement Added relevant AS2 event variables to External File Upload event Enhancement Password field is now optional in SQL related trigger actions Enhancement Added option to relevant authentication modules that converts username to lowercase uppercase when creating virtual directory paths that rely on username information Useful in environments where authentication is case insensitive but filesystem is case sensitive Enhancement Added ability to download one or more files directories from web interface as a ZIP archive Enhancement Added ability to store ad hoc file transfer details in a relational database Enhancement Added ability to receive AS2 messages without requiring user credentials Enhancement Added Data Connection Error event that is raised when data connection over FTP S protocols experiences a timeout or other error Bug Fix Resolved various miscellaneous issues Release 8 8 Dec 2 2013 Enhancement Added Used variable to Directory Monitor Quota Exceeded event which captures the amount of storage data used Enhancement Updated MIGLayout library used in JSCAPE MFT Server Manager Enhancement Added ability to set optional Reply To address when sending ad hoc emails Enhancement Added support for optional web SSO authentication with support for SAML and OpenID Chapter 1 Introduction 10 Introduction 1 authentication providers Enhancement Added support for multipart emails
46. valid integer between 1 2 147 483 647 Example set aft pdownl oadrate 100000 Specifies whether credentials and or data are protected during an AFTP session Default value is none providing no protection lt mde gt a valid security mode Valid values are none credentials amp data credentials only Example set aftpsecurit Specifies the upload rate in Kbits per second The default rate is 45000 Kbps lt bi trat e gt A valid integer between 1 2 147 483 647 Example set aft pdownl oadrate 100000 Specifies whether debugging is enabled or disabled By default debugging is enabled and all debugging information is sent to the console Specified the hostname of the remote server lt host nare gt a valid quoted hostname or IP address Example set hostnane 192 168 10 2 155 Trigger management set logfile lt file gt set passive lt bool ean gt set password lt password gt set protocol lt protocol gt 156 Chapter 5 Trigger management Specifies the path of the log file to write debug data to By default all output is sent to the console lt file gt a valid relative or absolute file path on local machine Example set logfile c tmp log txt Specifies whether passive or active mode should be used in FTP S protocols Default is true lt bool ean gt true false Specifies the password to use when logging into the remote server lt passwor d gt a valid quot
47. when sending ad hoc emails to include both text and HTML versions Enhancement Enhancement Enhancement Added support for templates when sending ad hoc emails Added support for Cc and Bcc headers when sending ad hoc emails Added ability to set the Host and Port parameters when sending ad hoc emails using Ad Hoc Email File Transfer trigger action Enhancement interface Enhancement Enhancement Enhancement Enhancement Enhancement level Enhancement Added ability to manage server host client and PGP keys from administrative web Added ability to request CAPTCHA information to be entered during login Added ability to display maximum number of downloads in ad hoc email messages Added Sql Query trigger action that allows for exporting of database queries to a CSV file Updated FTP protocol implementation to improve memory usage Added User Detail metric to reporting module that aggregates and reports on data at user Added warning message when user attempts to connect with JSCAPE MFT Server using a version of JSCAPE MFT Server Manager that is not compatible Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Added support for failover synchronization of ad hoc file transfers Improved performance for large quantities of ad hoc file transfers Improved Java applet file transfer client Remove Upload button from web interface if upload permissions are not en
48. 0 days Some states jurisdictions do not allow limitations on duration of an implied warranty so the above limitation may not apply to you This Limited Warranty is void if failure of the Software has resulted from accident abuse or misapplication Any replacement Software will be warranted for the remainder of the original warranty period or thirty 30 days whichever is longer The above warranty DOES NOT apply to any BETA software any software made available for testing or demonstration purposes any temporary software modules or any software for which JSCAPE does not receive a license fee All such software products are provided AS IS without any warranty whatsoever TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW JSCAPE AND ITS SUPPLIERS DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE TITLE AND NON INFRINGEMENT WITH REGARD TO THE SOFTWARE AND THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES THIS LIMITED WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS YOU MAY HAVE OTHERS WHICH VARY FROM STATE JURISDICTION TO STATE JURISDICTION LIMITATION OF LIABILITY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN NO EVENT SHALL JSCAPE OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL INCIDENTAL INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF BUSINESS PROFITS BUSINESS
49. 00 A MB EVENTS W Monitor file add g Monitor file change V Monitor file delete File exceeds age of 10 days OK Cancel Name Unique name you wish to assign to this directory monitor Directory The directory you wish to monitor Monitor interval sec The optional frequency in seconds that you wish to check directory for changes If not enabled then you may run the directory monitor on a scheduled basis using a Current Time event trigger and Run Directory Monitor action Latency period sec If file has been modified within defined latency period then directory monitor event will not be fired This option may be used to prevent responding to a directory monitor event on a file that is in process of being written Owner Sets the owner for this directory monitor for use in displaying disk quota information via the web interface Enable quota Mb The maximum amount of data that may be stored in this directory If quota is exceeded then file transfers to this directory will be refused and corresponding Directory Monitor Quota Chapter 8 Monitoring directories 189 190 Monitoring directories 8 Exceeded event will be fired Monitor file add Fire an event whenever a file is added to this directory Monitor file edit Fire an event whenever a file in this directory is changed Monitor file delete Fire an event whenever a file in this directory is deleted Monitor recursively If checked server will monito
50. 10 16 27 Figure 115 Chapter6 Web based file transfers 163 164 Web based file transfers 6 Sr EB ISCAPE MFT Server Web 9 Logged in as jsmith under domain localhost FSss My Soraga Lagout My Account Personal information Edit LARI Name John Smith Login jsmith Email Company Phone Change password Public Key Authentication Generate Key Pair Import Public Key Delete Key OpenPGP Encryption Generate OpenPGP Key Import Public Key Dalato Kor Personal Information This section is available to all users and may be used to update the name email address and password for a user account Public Key Authentication This section can be used to generate a key pair for use in public key authentication SFTP When generating a key pair or importing a public key the public key is automatically placed in the ssh key pub file relative to the users root login directory on the server When generating a key pair the user is prompted to store the private key on their system Note private keys should never be stored on the server except for purposes of connecting to other remote servers OpenPGP Encryption This section can be used to generate an OpenPGP key pair for use in encrypting files uploaded to virtual directories Domain Administration This section is only available to domain administrators and may be used to manage users Chapter6 Web base
51. 23 2015 8 53 04 AM request unknown lt 12740333416 me you test successful test sync atastore E 4 23 2015 8 22 04 AM receipt unknown lt 72701571814t you me sitexml successful test sync rs 0 Time Access 4 23 2015 8 22 04 AM request unknown lt 36652068955 me you site xml successful test sync Banned Files 4 23 2015 8 21 56 AM receipt unknown 30991064890 you me sitexml successful test sync 2 Compliance 4 23 2015 8 21 55 AM request unknown lt 77129987820 me you site xml successful test sync E IP Access 10 x n Page 1 f6 gt a Displaying 1 to 10 of 55 items J DLP amp 3 Connections Refresh W Triggers Send File View AS2 message details To view the details of any AS2 message select the desired message and click the View button Home Serer v Help Domain localhost running F Statistics AS2 Messages 8 Description i Services 6 25 2015 9 5 Logging 6 25 2015 9 5 T Reports 6 25 2015 9 5 AS2 Messages 6 25 2015 9 5 OFTP Messages 4 23 2015 8 5 4 23 2015 8 5 J Datastore 4123 2015 8 24 fee dimenecess 4 23 2015 8 24 6 Banned Files 4 23 2015 8 2 4123 2015 8 2 10 2 Compliance GB IP Access J DLP amp Connections Wy Triggers E Authantication Stop Pause Lof AS2 Receipt Figure 169 Name AS2 recipient AS2 sender Date Digest algorithm Disposition action mode Disposition modifier Disposition sending mode Di
52. 54 2e 92 3 3F 29 8b 0d fared 3a e7 36 74 74 04 92 b5 Domains localhost Import Export v Generate CSR Generate Delete Import Certificates Server keys Overview Server keys are required for encrypting communications between a client and the server when using secure file transfer protocols such as FTPS FTP over SSL SFTP FTP over SSH and HTTPS In the context of the Key Manager a server key consists of a private key certificate and public key Note Some server keys are installed by default with JSCAPE MFT Server These are meant only for testing purposes and should not be deployed to a production environment Generating a key To generate a private key open the Key Manager by selecting the Server gt Key Manager option from the main menu The Key Manager dialog will be displayed Figure 22 Chapter 17 Key management 217 218 Key management Home Server v Help Logout 17 Server Keys HostKeys ClientKeys PGPKeys Key Expiry Report l example_dsa Key algorithm Certificate type Version Serial Issuer Subject Valid not before Valid not after Signature Domains RSA X 509 3 1096452880 C US ST Florida L Miami O Your Company Name OU IT Department CN www domain com C US ST Florida L Miami O Your Company Name OU IT Department CN www domain com 06 03 2013 06 02 2018 4e 09 92 35 b3 04 c3 e5 0a bd bd 3 a8 c1 54 2e 92 3 3 29 8b 0d fazed 3a
53. 6 Banned Files E Data channel receive buffer 64 lt gt ii D114 gt 2 Compliance Default transfer mode ASCII Binary GB IP Access J DLP SECURITY lt 3 Connections E Require data channel encryption E Require client certificate for authentication Triggers Yu Trigg Require client certificate for data channel Connections Banner The banner to display to FTP clients Command channel timeout min The time in minutes that a client may remain inactive on command channel before server forcefully disconnects client Data channel timeout min The time in minutes that a client may remain inactive on data channel before server forcefully disconnects client Passive IP The IP to use when responding to PASV client requests Passive port range The port range on the server to use for servicing PASV client requests Data channel send buffer The size of send buffer for data channel Default is send buffer size for JVM Data channel receive buffer The size of receive buffer for data channel Default is the receive buffer size for JVM Security Require data channel encryption If enabled client will be required to encrypt data channel when using FTPS FTP over SSL protocol Require client certificate If enabled users authenticating using FTPS FTP over SSL will be required to authenticate using data encrypted with a private key that maps to a server installed client certificate Require client certificate for data ch
54. APE MFT Server Service as well as other properties Figure 164 Home Serer v Help v Logout E Manager Service Manager Service Access Administrators amp p Domain Startup HostiP Web 0 0 0 0 v Port 10880 JDBC Drivers Timeout sec 600 z v Email Failover amp Search Index A JMX Save changes Cancel Host IP The IP address that the JSCAPE MFT Server Service is running on Port The port that the JSCAPE MFT Server Service is running on Timeout Manager timeout in seconds when communicating with JSCAPE MFT Server Service Figure 107 Chapter 18 JSCAPE MFT Server Manager Settings 245 246 JSCAPE MFT Server Manager Cattinne Home Server Help Logout E Manager Service Manager Service Access Administrators amp Domain Startup Web v Authentication timeout 10 sec i Al mi amp JDBC Drivers 7 Block IP after 3 invalid attempts in 1 min IP Mask Access Email allowed STE peeeeens allowed amp Search Index A JMX Reason default access default access Save changes 18 Cancel Authentication timeout The amount of time in seconds that administrative service client may remain connected without authenticating Block IP after Blocks a client IP address after X invalid authentication attempts within Y minutes As an improved security measure you may define what IP addresses are allowed or disallowed access to access the administrative service I
55. Accepts only encrypted explicit SSL connections using AUTH TLS or AUTH SSL client commands FTP implicit SSL Accepts only encrypted implicit SSL connections HTTP S Accepts HTTP and or encrypted HTTPS connections OFTP Accepts incoming OFTP Odette File Transfer Protocol connections SFTP SCP Accepts encrypted SFTP FTP over SSH connections and SCP Secure Copy TFTP Accepts TFTP Trivial File Transfer Protocol connections WebDAV S Accepts WebDAV connections Add service Figure 10 Chapter 3 Server configuration 59 60 Server configuration 3 Add Service X Domain Service Specify service parameters Protocol FTP S v Host 0 0 0 0 ai Port a E Type explicit SSL v Private key example_rsa v OK Cancel Protocol The service protocol Available protocols are AFTP AS2 FTP S HTTP S OFTP SFTP SCP TFTP WebDAV S Host The IP address that this service will listen on Port The port that this service will listen on Type The protocol s that this service will accept connections for FTP Private key The private encryption key that this service will use for encrypted communications Delete service To delete a service select the service you wish to delete and click the Delete button Setting SFTP SSH authentication mode The SFTP SCP service supports various forms of user authentication These include password publickey password OR publickey and password AND public key Authentication
56. Added Second and Millisecond properties to all events Enhancement Added File Upload Started File Download Started File Upload Aborted and File Download Aborted events Enhancement Added list of server network interfaces to Help gt About screen Enhancement Added System Configuration Backup action that may be used in a trigger to backup server configuration files Bug Fix Fixed issue with Services node in JSCAPE MFT Server Manager which displayed multiple instances of the same service Bug Fix Fixed issue with displaying JavaHelp contents in environments running Java 1 6 Bug Fix Fixed issue with some browsers experienced when using ftp style URL to access FTP services Release 3 4 Sep 12 2007 Enhancement Added ad hoc email file transfer support to web interface allowing users to send emails to Chapter 1 Introduction Introduction 1 an email address along with web based links to selected files Enhancement Added ability to specify text resources and logos independently for each domain Enhancement Added domain level file transfer quotas for a user defined period of time Enhancement Added MODE Z support to FTP S protocols allowing for ZIP compressed file transfers and directory listings Enhancement Added ability for users to change their account password via the web interface Enhancement Added Trigger Error event that may be used for detecting and responding to failure in a trigger action Enhancement Added Pr
57. Bug Fix Fixed issue with Delete Files Older Than property in Delete Files trigger action Bug Fix Fixed issue with with logos not being updated properly in IE browser when using multiple domains with different logos Release 6 0 July 27 2009 Enhancement Added support for document MS Word Excel PDF text HTML indexing and searching via web interface Enhancement Added ability to bypass password aging compliance at user level Enhancement Added PGP fingerprint information to PGP view dialog Enhancement Added ability to resize all dialogs in JSCAPE MFT Server Manager Enhancement Added ability for users to generate public keys for use in public key authentication SFTP from web interface Enhancement Added number of files deleted information to log when executing Delete Files action Bug Fix Fixed issue with trigger flow when one or more actions fail Bug Fix Fixed issue with Browse subdirs directory permissions Bug Fix Fixed issue with File Upload event not being fired when using UNC paths Bug Fix Fixed issue with password change reminder being sent at wrong time Bug Fix Fixed issue with regular expressions in Delete Files action Bug Fix Fixed issue with automatic inactivity logout dialogs in web interface Bug Fix Fixed issue with copying User Group in JSCAPE MFT Server Manager Bug Fix Fixed issue with editing virtual path that uses a reverse proxy Bug Fix Fixed issue with User Login event fired when logi
58. Cancel 3 Select installation directory Click Next to continue Figure 183 Select Destination Directory Where should JSCAPE MFT Server be installed xa Select the folder where you would like JSCAPE MFT Server to be installed then click Next Destination directory F Cowie Required disk space 156 MB Free disk space 705 990 MB lt Back Next gt Cancel 4 Select components to be installed See Software components for details Click Next to continue Chapter 2 Installation 41 42 Installation 2 Figure 184 Select Components Which components should be installed xa Select the components you want to install clear the components you do not want to install Click Next when you are ready to continue M amp JSCAPE MFT Server Manager M f JSCAPE MFT Server lt Back Next gt Cancel 5 Configure management REST services and administrative credentials Figure 185 Chapter 2 Installation Installation 2 Server Administration Please enter the Host IP Port Username and Password to be used for V administering this server For client only installations enter the Host IP Port and Password of the remote server you wish to T Ay administer Management host IP 0 0 0 0 m Management port 10880 A REST HTTP host IP 0 0 0 0 y REST HTTP port 11880 Username Password Confirm password Next gt Cancel Management host IP The
59. Chapter 3 Server configuration 101 102 Server configuration 3 Add Virtual Path 3 a Virtual path Setup virtual path parameters Path pgp Real path 1stalldir users Y domain username pgp Browse Reverse proxy v V Create directory if not found Include in search index V PGP encrypt uploads Settings E Enable DLP C Secured E Denied Permissions OK Cancel Path The virtual path that will be made available to the User account Virtual paths should always start with a slash character For example a valid virtual path might be docs Real path The real path on your domain that this virtual path maps to Reverse Proxy If you are mapping this path to a reverse proxy then select it here Create directory if not found Creates directory on server if not found when accessed by user Include in search index If checked files in directory will be indexed for search purposes Permissions Check the permissions that this user will be granted for the virtual path PGP encrypt uploads Files uploaded to this directory will be automatically PGP encrypted using specified key Enable DLP Files downloaded from this directory are subject to DLP rules Secured If checked this directory may only be accessed using secure protocols FTPS SFTP HTTPS Chapter 3 Server configuration Server configuration 3 etc Denied If checked this directory may not be accessed This option is typically used
60. ERVER 3 Directory Monitors Host Drop Zones Port 3839 S URL Branding Host The hostname or IP address of the LDAP serice Port The port of the LDAP service Timeout The connection timeout when connecting to LDAP service User DN The users distinguished name for authenticating with the LDAP service The variable username may be used which refers to the username passed in during the authentication process Chapter 3 Server configuration Server configuration Use SSL connection Connect to LDAP server using SSL connection Allow anonymous binding Sets whether user can bind anonymously to LDAP directory Create account if not found using template This allows for accounts to be created automatically upon successful authentication If selected an account will be created automatically if it does not exist already using the specified User Template Convert username before creation to If enabled the username supplied will be converted to specified case before passing username to specified User Template Use failover server If enabled and primary LDAP server is inaccessible then authentication will be attempted against failover server LDAP Query Authentication LDAP Query Authentication allows you to authenticate a user based on the results of a_LDAP query and is atwo step authentication process 1 User is authenticated against LDAP server using the User DN field and the password supplied by user when authe
61. EST HTTPS on host The host and port you want to enable REST management services on HTTPS Private key The SSL encryption key to be used for HTTPS services HTTPS client certificate required Requires that client browser successfully identify itself with a client certificate found in Client keys section of Key Manager SSL TLS Ciphers List of enabled SSL ciphers for HTTPS communications Miscellaneous Connections Server name Optional value if entered will replace any HTTP headers that contain hostname data with specified hostname This is useful in cases where server operates behind a NAT enabled firewall and you do not want to leak internal hostname or IP address information Redirect HTTP requests to HTTPS Automatically redirects HTTP requests to HTTP Chapter 18 JSCAPE MFT Server Manager Settings 247 248 JSCAPE MFT Server Manager 1 8 melngs in HTTP S headers If enabled service ports will be included in HTTP S headers These may be disabled in cases where HTTP S services are running on non standard ports with some sort of port forwarding firewall located in front of server UI User interface Sets what user interface options are available from login page Default domain Defaults domain field to specified value when logging in via web interface Hide domain Hides domain field when logging in via web interface If this option is checked then a default domain MUST be provided Show domain dropdown If en
62. FT Server Manager Starting the JSCAPE MFT Server Service In order to manage the JSCAPE MFT Server you must first start the JSCAPE MFT Server Service This service allows you to manage the JSCAPE MFT Server using JSCAPE MFT Server Manager Windows You may start the service by going to your Control Panel gt Administrative Tools gt Services and starting the JSCAPE MFT Server service Alternatively you may start the service from the JSCAPE MFT Server program group by clicking on Administrative Tools gt Start Service Linux UNIX Mac OS X Go to the JSCAPE MFT Server installation directory For Linux RPM installations this is opt JSCAPE_MFT_Server For UNIX and non RPM Linux installations this is the directory that you selected during installation To start the JSCAPE MFT Server Service run the following command as a user with Chapter 2 Installation 51 52 Server configuration 3 super user privileges start_service sh Launching the JSCAPE MFT Server Manager Windows The JSCAPE MFT Server Manager is a web based application which may be used to manage your instance of JSCAPE MFT Server You may start JSCAPE MFT Server Manager by pointing your web browser to http hostname port where hostname is the IP address or hostname and port is the listening port of the REST management web service defined during the installation process The default port is 11880 e g http 127 0 0 1 11880 Upon successfully conn
63. FTP S SFTP or HTTP S If the directory is managed using a JSCAPE MFT Server service then you can capture these events more effectively using File Upload File Renamed and File Deleted event types without using a directory monitor See also Trigger management Creating a directory monitor Creating a directory monitor To view a list of directory monitors click on the Directory Monitors node for the desired domain Figure 81 Home Serer v Help v Logout Domain localhost running Directory Monitors Settings Banned Files H g amp Compliance Name Directory Interval Quota Owner Events Recursive IP Access x ae y t 7 DLP 4 Connections Yy Triggers E Authentication amp Users amp 8 Groups ig Reverse Proxies 3 Directory Monitors 1 lz K 4 Page 1 of1 b W Oo a Displaying 1 to 1 of 1 items Drop Zones URL Branding Trading Partners Refresh Add Edit Run Delete amp Contacts Stop Pause To add a directory monitor click on the Add button in the lower right corner The Add Directory Monitor wizard will be displayed Figure 82 Chapter 8 Monitoring directories Monitoring directories 8 Add Directory Monitor B Add Directory Monitor Setup directory monitor parameters BASIC Name Files to Send Directory C tmp files Browse V Monitor recursively SETTINGS Z Monitor interval 600 sec A ae a i A W Latency period 5 J sec E Owner jsmith v E Enable quota 1
64. For example you might set your ftp service to run on port 2121 instead of port 21 in order to be able to run JSCAPE MFT Server as a non root user There may however be a case where you want to be able to run JSCAPE MFT Server as a non root user while also using ports less than 1024 The two methods available are Port redirection using xinetd and Port redirection using iptables which are discussed below Port redirection using xinetd The xinetd Internet service daemon is installed on most UNIX based systems and offers a feature that allows for port redirection Using this port redirection feature you could for example redirect incoming requests on port 21 to port 2121 thus allowing you to run your ftp service as a non root user on port 2121 while still being able to accept redirected requests from port 21 To setup xinetd to perform this redirection go to your etc xinetd d directory and create a new service configuration file named jscape as root user the contents of which are displayed below Redirects any requests on port 21 to port 2121 where JSCAPE MFT Server is listening service jscape socket_typ stream protocol tcp user root wait no port 21 redirect localhost 2121 disable no Next you will need to restart the xinetd service to load this service On most UNIX based systems this can be done by issuing the following command sbin service xinetd restart You will now be able to accept requests on p
65. Groups ty Reverse Proxies Apply Discard 8 Directory Monitors Drop Zones URL Branding 4 Trading Partners amp Contacts JDBC URL The JDBC URL used to connect to the database Libraries for JDBC drivers must be placed in Chapter 3 Server configuration Server configuration 3 the libs jdbc directory of your JSCAPE MFT Server installation the JSCAPE MFT Server Service restarted and the JDBC driver class registered in Server gt Settings gt JDBC in order for the database to be accessible to JSCAPE MFT Server Create account if not found using template This allows for accounts to be created automatically upon successful authentication If selected an account will be created automatically if it does not exist already using the specified User Template Convert username before creation to If enabled the username supplied will be converted to specified case before passing username to specified User Template Database Query Authentication Database Query Authentication allows you to authenticate a user based on the results of a database query If one or more records are returned from the query then the user is successfully authenticated Figure 60 Home Server v Help Logout Domain localhost running 3 Datastore Authentication Two Factor Phone Authentication Web SSO i Time Access 6 Banned Files Service type database query v 2 Compliance JDBC URL IP Access jdbc mysq localhost jsca
66. Home Serer v Help Logout Domain localhost running E Statistics Datastore amp Description Store data to database v as Services Logging JDBC URL jdbc mysql localhost jscape iy Reports Username admin AS2Messages _ rae ae J Pool 5 connections OFTP Messages x Pool timeout 5 gt min 3 Datastore 9 Time Access Test Parameters Banned Files amp Compliance IP Access Appl Discard J DLP pply Connections Ye Triggers Authentication amp Users X JDBC URL The JDBC URL used to connect to the database Username The username to connect with when authenticating with JDBC database Password The password to connect with when authenticating with JDBC database Pool The maximum number of connections in database pool Pool timeout The maximum amount of time in minutes that the database connection can live in the pool without activity Test Parameters Tests database connection using the specified JDBC settings See also Setting user datastore JDBC settings Adding users A user is a valid account that may login to a domain s service To view a list of users click on the Users node for the desired domain Figure 15 Chapter 3 Server configuration 73 74 Server configuration Home Serer Help Logout Domain localhost running B Dalase Users Templates 9 Time Access E Banned Files Name Login amp Compliance IP Access 7 DLP amp Connections
67. INTERRUPTION LOSS OF BUSINESS INFORMATION OR ANY OTHER PECUNIARY LOSS ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE PRODUCT OR THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT Chapter 1 Introduction Introduction 1 SERVICES EVEN IF JSCAPE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES BECAUSE SOME STATES AND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY THE ABOVE LIMITATION MAY NOT APPLY TO YOU HIGH RISK ACTIVITIES The Software is not fault tolerant and is not designed manufactured or intended for use or resale as on line control equipment in hazardous environments requiring fail safe performance such as in the operation of nuclear facilities aircraft navigation or communication systems air traffic control direct life support machines or weapons systems in which the failure of the Software could lead directly to death personal injury or severe physical or environmental damage High Risk Activities JSCAPE and its suppliers specifically disclaim any express or implied warranty of fitness for High Risk Activities U S GOVERNMENT RESTRICTED RIGHTS The Software and documentation are provided with RESTRICTED RIGHTS Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraphs 1 ii of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 or subparagraphs 1 and 2 of the Commercial Computer Software Restricted Rig
68. IP address that management service should listen on The IP address 0 0 0 0 is a special address that instructs service to listen on all available network interfaces Management port The port that management service should listen on Default port is 10880 REST HTTP host IP The IP address that REST web service should listen on The IP address 0 0 0 0 is a special address that instructs service to listen on all available network interfaces REST HTTP port The port that REST web service should listen on Default port is 11880 Username Administrative username for managing services Password Administrative password for managing services 6 Set allocated application memory Minimum allocated memory is 512MB with recommended value of 1024MB or more for servers under heaw load Figure 186 Chapter 2 Installation 43 Installation 2 Application Settings Set up the run time application settings 5 Max application memory size MB 512 Next gt Cancel 7 Launch JSCAPE MFT Server Manager to configure your server Figure 187 44 Chapter 2 Installation Installation 2 Completing the JSCAPE MFT Server Setup Wizard Setup has finished installing JSCAPE MFT Server on your computer The application may be launched by selecting the installed icons Click Finish to exit Setup Finish 8 Start the JSCAPE MFT Server Service Service will start automatically following installation If service is not star
69. Key Manager available in JSCAPE MFT Server Manager orviathe My Account gt OpenPGP Encryption gt Generate OpenPGP Key link in the web interface Keys imported via the Key Manager are system keys that may be used anywhere in the system whereas keys imported via the web interface are private to the user that imported the key and may be used only to encrypt files uploaded to virtual paths that are accessible to the user and have PGP encryption enabled Generating a key pair via Key Manager To generate a PGP key pair click the Server gt Key Manager menu option in JSCAPE MFT Server Manager The Key Manager is displayed Select the PGP Keys tab and click the Generate button The Generate PGP Key dialog is displayed Figure 108 Home Server 7 Help 7 Logout Server Keys Host Keys Client Keys PGP Keys Key Expiry Report Ele Secre Key algorithm RSA Can encrypt yes Can decrypt yes Can sign yes Can verify yes Fingerprint eb 7 87 bb 7d 01 2b a6 57 be cd 27 92 Of 01 bf ab 9f 79 9a Import Export v Generate Delete View Signatures Key algorithm The type of key used Valid values are RSA or DSA Can encrypt Indicates whether key can be used for encrypt operations Can decrypt Indicates whether key can be used for decrypt operations Can sign Indicates whether key can be used for sign operations Can verify Indicates whether key can be used for verify signature operations Fingerprint The unique fingerprint fo
70. LB f force exit success if group already exists h display this help menu If s addgroup command is run without options then user will be prompted for necessary information See also Virtual path permissions js addgroupdir The js addgroupdir command may be used to add a directory path to an existing group in JSCAPE MFT Server Usage js addgroupdir options Options d the domain name g the groupname p the path r the real directory path a the path access permissions RWADRLCDLB h display this help menu If js addgroupdir command is run without options then user will be prompted for necessary information See also Virtual path permissions js addserviceaftp The js addserviceaftp command may be used to add an AFTP service to JSCAPE MFT Server Usage js addserviceaftp options Options d lt name gt the domain name host lt value gt host address p lt value gt port k lt alias gt server key s lt true false gt secure connection required h display this help menu f s addserviceaftp command is run without options then user will be prompted for necessary information Chapter 13 Command line utilities Command line utilities 1 3 js addserviceftp The js addserviceftp command may be used to add a FTP service to JSCAPE MFT Server Usage js addserviceftp options Options d lt name gt the domain name host lt value gt host address p lt value gt port t
71. Oct 16 2009 Enhancement Added ability to specify a continue parameter in automatic login via URL Update Added JavaDoc for Action and AbstractAction classes Bug Fix Fixed issue with SSL and LDAP authentication modules Bug Fix Fixed issue with phone authentication module Release 6 1 0 53 Oct 5 2009 Enhancement Added ability to execute Current Time event triggers on demand Update Changed maximum timeout values for FTP S and SFTP protocols to 999 minutes Bug Fix Fixed issue with public key authentication in SFTP protocol Release 6 1 0 50 Sep 28 2009 Enhancement Added Copy Regex File and Move Regex File trigger actions Enhancement Added Tar Directory action for creating a TAR archive of a directory Enhancement Added Append File action for appending messages to a file Enhancement Updated all SFTP related actions so that password is optional providing support for password less public key authentication Enhancement Added ability to disable a trigger Enhancement Updated Maximum password age field in Compliance panel to support up to 999 days Enhancement Added ability to retrieve event variables within custom action code Enhancement Added ability to sign and view signatures for OpenPGP keys Enhancement Added ability to specify a hostname in Passive IP field allowing for IP resolution when using a dynamic IP Enhancement Added Ftp Rename File Ftps Rename File and Sftp Rename File trigger actions Enhance
72. P mask examples Examples of valid IP masks are as follows 192 168 1 1 Allows Blocks a single IP address 192 168 1 Allows Blocks all IP addresses in a class C IP block 192 168 Allows Blocks all IP addresses in a class B IP block x Allows Blocks all IP addresses Web settings The Web node controls whether HTTP S services are enabled and the ports they are running on By enabling the HTTP S service s users may use the web based JSCAPE MFT Server Web Gateway to perform file transfers All domains share the same HTTP S servce settings Figure 19 Chapter 18 JSCAPE MFT Server Manager Settings JSCAPE MFT Server Manager 1 8 Gattinnae Home Serer v Help v Logout E Manager Service Web REST AS2 Miscellaneous Resources Web Document Viewer amp Domain Startup WEB SERVER Web 7 HTTP on host 0 0 0 0 port 80 lt JDBC Drivers z HTTPS on host 0 0 0 0 w pot 443 nie Email Failover HTTPS amp Search Index Private key example_rsa v amp JMX E HTTPS client certificate required v SSUTLS renegotiation allowed SSL TLS Ciphers Save changes Cancel Web Server HTTP on host The host and port you want to enable HTTP service on This will also be used for client REST services HTTPS on host The host and port you want to enable HTTPS service on This will also be used for client REST serices REST HTTP on host The host and port you want to enable REST management services on R
73. P service may be configured to require both a private key and the account password In order to use public key authentication the SFTP SCP service must be configured properly See Setting SETP SSH authentication mode and a public key must be associated with the user To associate a public key with a user you may store the key in the centralized Key Manager or you can allow the user to manage their own key See Web user interface for details To create a key using the Key Manager follow the steps below Create a client key 1 Goto Server gt Key Manager gt Client Keys panel and click on the Generate button to create a new client key When prompted for an Key alias it is recommended you enter the username that you would like to associate this key with For the Type and Length fields you may leave these as the default values or select from options provided Click OK to continue Figure 75 Generate Client Key X Client key generation Specify key parameters Key alias jsmith Key algorithm RSA v Key lenath 1024 Validity 365 day s Common name CN John Smith Organization unit OU IT Organization OQ Your Company Locality L Miami State Province ST FL Country C US OK Cancel 2 Next you will need to export the private key This is the key you will use in your SFTP SCP client for authenticating with the SFTP SCP service When exporting private key select the PEM file type format Click OK to export your private key and add clie
74. Password ccce SSL Host key v Client Key MESSAGE Test Server OK Cancel Connection URL The URL of AS2 HTTP S service Timeout The timeout in seconds for establishing a connection to AS2 service Username The optional username to use when logging into AS2 service Note when connecting to an instance of JSCAPE MFT Server running AS2 service you must provide credentials with username in the form of username domain Credentials will be submitted using HTTP basic authentication Password The optional password to use when logging into AS2 service SSL Host key The host key to use when validating HTTPS certificate of server This key is sourced from Host Chapter 4 AS2 Applicability Statement 2 AS2 Applicability Statement 2 4 Keys tab in Key Manager Client key The client key to use when authenticating with HTTPS server Message From ID This can be any alpha numeric value no spaces that uniquely identifies where the AS2 message is coming from To ID This can be any alpha numeric value no spaces that uniquely identifies where the AS2 message is being sent to Receipt The method of MDN receipt Both synchronous and asynchronous modes are supported In synchronous mode JSCAPE MFT Server will send the AS2 message and read the MDN receipt in a single connection In asynchronous mode JSCAPE MFT Server will send the AS2 message along with instructions to the recipient on where to send the MDN receipt once the AS2 m
75. SFTP WebDAV AFTP etc will authenticate users using the defined authentication service for the domain OpenID Example Figure 171 Home Serer v Help Logout Domain localhost running Authentication Two Factor Phone Authentication Web SSO AS2 Messages 3 Datastore Service type OpenID v 19 Time Access Banned Files IDENTITY PROVIDER Compliance Sign in URL https www google com accounts o8 id Sign out URL https www google com IP Access s V Create user if not found using template Default v 7 DLP Convert username before creationto lowercase v 4a Connecti enone Allow non SSO logins Ye Triggers Authentication amp Users 3 Apply Discard amp Groups fg Reverse Proxies 3 Directory Monitors Drop Zones Stop Pause Sign in URL The URL used for signing into the identity provider Sign out URL The URL to be redirected to upon clicking Logout link in web interface Create account if not found using template This allows for accounts to be created automatically upon successful authentication If selected an account will be created automatically if it does not exist already using the specified User Template The Name and Login properties for the account created will automatically be set to the openid identity attribute value Convert username before creation to If enabled the username supplied will be converted to specified case Chapter 3 Server configuration 93 94 Server configurati
76. ST from the main menu Documentation and Examples For API documentation on client REST services available visit http localhost 11880 where localhost is the hostname and 11880 is the port listening for REST HTTP requests Next login using administrative credentials and click the Help gt REST API link to access the online documentation Additional REST API examples may be found in the doc api examples rest directory relative to your JSCAPE MFT Server installation directory Chapter 11 Java Management API 197 198 REST API 1 2 See also Enabling web based file transfers Overview Several command line utilities are included as part of JSCAPE MFT Server Ideal for scripting purposes or for use in a non GUI environment these command line utilities allow you to quickly perform common functions without having to use JSCAPE MFT Server Manager See also js adddirmonitor js adddomain js addgroup js addgroupdir js addserviceftp js addservicehttp js addservicesftp js adds ervicewebdav js adduser js adduserdir js copyusers js deldomain js delgroup js deluser js enablehttp js enablehttps js importcontacts js importusers jS ipaccess js kickuser js passwd js pausedomain js resumedomain js runtrigger js sendmessage js setdomainquota js setuserquota js shutdown js shutdowndomain js startdomain js stopdomain js triggersreport js users Note Command line argument parameters which contain spaces must be surround
77. Server on a single computer JSCAPE MFT Server may not be shared installed or used concurrently on different computers without purchasing a separate license for each computer If you wish to install multiple instances of JSCAPE MFT Server then a separate license MUST be purchased for each instance of JSCAPE MFT Server that is installed If you are using any virtualization technology then a separate license MUST be purchased for each environment which uses JSCAPE MFT Server The JSCAPE MFT Serer Manager a client graphical user interface used for managing a JSCAPE MFT Server installation as well as API libraries needed for communicating with an instance of JSCAPE MFT Server may be installed on additional computers that you own without charge PRODUCT ACTIVATION You may need to activate the Software through the use of the Internet You agree that JSCAPE may use such measures for license management purposes and that JSCAPE may revoke a Software license if requested by you for purposes of moving Software to a different machine or for 60 days or more of non payment of Software license fees LIMITED WARRANTY JSCAPE warrants that the Software as updated and when properly used will perform substantially in accordance with the accompanying documentation and the Software media will be free from defects in materials and workmanship for a period of ninety 90 days from the date of receipt Any implied warranties on the Software are limited to ninety 9
78. T Server Java Management API requires that Oracle or IBM JDK 1 6 or above be used All classes for the JSCAPE MFT Server Java Management API are part of the ftpserver jar library which is located in your JSCAPE MFT Server libs directory Linux Solaris UNIX The examples provided in the doc api examples directory are written to connect to the server using the credentials and server settings stored in the client cfg configuration file To run any of the examples you must first configure the client cfg settings by running the following command manager configuration host ip address port port rest host ip address rest port rest port user username password password Example server configuration host 127 0 0 1 port 10880 rest host 127 0 0 1 rest port 11880 user admin password secret Where ip address and port are the IP port that the JSCAPE MFT Server Service is listening on rest port is the port that the REST web servce is listening on and username password are Chapter 10 Data loss prevention DLP Java Management API 1 1 the credentials you will use when connecting to the service Defaults ports for JSCAPE MFT Server Service and REST web service are 10880 and 11880 respectively Creating a domain Please see the source code example available in the doc api examples create_domain directory of your JSCAPE MFT Server installation Creating an account Please see the source code example available in
79. User s Guide JSCAPE MFT Server Copyright JSCAPE 1999 2014 Contents Chapter 1 Chapter 2 Chapter 3 30 30 31 36 37 38 39 40 46 47 47 49 49 50 51 51 52 53 56 Introduction Overview System requirements Evaluation license limitations Upgrading License Version history Installation Software components Installing on Windows Installing on Linux Installing on Linux Z OS Installing on Solaris Installing on AIX Installing on Mac OS X Auto starting in Linux and Solaris 9 environments Auto starting in Solaris 10 environments Running as non root user in UNIX environments Running under IBM JVM Additional libraries needed for OpenPGP Additional libraries needed for SFTP ciphers Server configuration Starting the JSCAPE MFT Server Service Launching the JSCAPE MFT Server Manager Creating a domain Starting a domain Contents 57 57 58 60 62 65 68 69 71 72 73 76 79 81 94 96 98 98 103 104 106 108 109 110 118 119 122 123 125 Stopping a domain Viewing domain status Adding services Setting SFTP SSH authentication mode Using public key authentication in SFTP SSH Setting logging preferences Viewing log data Reporting on log data Setting user datastore Storing account details in a database Adding users Defining user templates Assigning domain administrators Setting authenticatio
80. WebDAV S FESE Change Apply Discard To use JSCAPE Web Document Viewer login to the JSCAPE MFT Server Web Gateway At this point you should see a View button on the main toolbar To view a document in the HTML user interface select the checkbox next to the document filename and click the View button For the Java Applet WebDAV user interface a similar icon is presented in the remote directory toolbar Figure 127 Chapter6 Web based file transfers Web based file transfers Help al wy 4 Google Logged in as test under domain localhost My Account Logout B Add 9 Clear Files for upload 0 m Advanced search ASCH Bay TE urios a NAME DATE V E how_to_boost_file_transfer_speeds_with_aftp pdf i Dec 03 2012 09 13 50 Figure 128 Tr v S SB Googie Contents Packet Loss Bandwidth Congestion The problem with TCP 1 Reliable transmission 2 Flow Control Where the problems lie 176 Chapter6 Web based file transfers Web based file transfers 6 Supported Document Formats OpenDocument Text odt OpenOffice org 1 0 Text sxw Rich Text Format rtf Microsoft Word doc docx WordPerfect wpd Plain Text txt HTML1 html htm OpenDocument Spreadsheet ods OpenOffice org 1 0 Spreadsheet sxc Microsoft Excel xls xlsx Comma Separated Values csv Tab Separated Values tsv Op
81. Windows Vista platform Bug Fix Fixed issue with SFTP service being unable to accept connections from older SFTP clients that use 1 99 as the software version in SSH client banner Bug Fix Fixed issue with SFTP service being unable to accept uploads for non existent files using some older SFTP clients Chapter 1 Introduction Introduction 1 Release 3 8 Feb 12 2008 Enhancement Added support for IBM JVM 1 4 2 and above Enhancement Added support for AIX 5 x and 6 1 platforms Enhancement Improved auto start documentation and example SMF script for Solaris platforms Enhancement Added support for ZLIB compression in SFTP protocol Enhancement Added ability to specify send and receive buffer sizes for FTP S and SFTP protocols Enhancement Added ability to define password policies Enhancement Added several command line utilities for managing users Enhancement Added ability to perform on demand synchronization of server configuration and account data Enhancement Added atomic file writing support when updating server configuration and account data Enhancement Added support for multiple management connections Enhancement Added ability to limit connections to administrative service based on client IP address Bug Fix Fixed drive sorting bug found in Java applet interface Release 3 7 Dec 28 2007 Enhancement Enhancement property Enhancement Enhancement Added ability define transfer quotas at the user level Add
82. You are not allowed to view this page Please contact your system administr jm Access Denied Requested page lt strong gt 0 lt strong gt is not found Page Not Found Application Error MESSAGE Application Error TITLE Application TITLE Button CANCEL Button LOGIN Add Language Reset To Default Setting HTTP domain level properties When connecting to the JSCAPE MFT Server Web Gateway the server automatically detects the clients browser language settings and loads the appropriate language file If a matching language file cannot be found then the default language file is used The logo and text for the HTTP S user interface may be Error occurred while processing request lt strong gt 0 lt strong gt Please cont Error JSCAPE MFT Server Web Cancel Login i Save changes Cancel changed at the domain level by going to the Services gt HTTP S panel Home Server v Help Logout Domain localhost running m amp Statistics S Services FTP S SFTP SCP AFTP OFTP TFTP Description ul ak Services et Logo WSSE5 iu Reports 2 AS2 Messages OFTP Messages Show buttons shortcuts J Datastore Show login info 7 Show search mi Time Access 7 Show ASCII Binary option 8 Banned Files 7 Show account link amp Compliance Resources IP Access MISCELLANEOUS J DLP 3 Connection timeout 10 z min amp Connections Logout URL yi Triggers E Enable autologout after 1 s m
83. a Displaying 1 to 1 of 4 items Drop Zones URL Branding amp Trading Partners Add Edit Test Delete amp Contacts Stop Pause Add reverse proxy To add a reverse proxy click on the Add button in the lower right corner The Add Reverse Proxy dialog will be displayed Figure 49 Chapter 15 Reverse proxy management Reverse proxy management 15 Add Reverse Proxy B Add Reverse Proxy Specify proxy parameters Name ABC Corporation HostiP 192 168 1 1 Port 21 H Timeout 1 min Connection type regular v Key file Key file password Username admin Password c e Use user credentials V Use passive transfer mode T Map current local directory to remote directory E Debug log directory A w V Max proxy age 10 gt min Test Server OK Cancel Name Unique name for this reverse proxy Host IP The remote IP or host address for this reverse proxy Connection type The connection type for this reverse proxy Port The remote port for this reverse proxy Timeout The maximum timeout for establishing a connection to remote server Key file The optional client private key to use for this connection FTPS SFTP Key file password The optional client private key password to use for this connection FTPS SFTP Username The username for connecting to this remote server Password The password for connecting to this remote server Use user credentials Uses the current user credentials i
84. a file transfer Chapter 1 Introduction 27 28 Introduction 1 Release 3 2 Jun 27 2007 Enhancement Added Cancel button to HTML file transfer user interface allowing users to cancel file uploads Enhancement Updated Java Applet to include graphical buttons for performing basic actions such as Rename Delete Create Directory etc Enhancement Updated HTML user interface to display file sizes in more user friendly format Enhancement Added customizable Add and Remove text next to add and remove buttons in HTML user interface Enhancement Added customizable Logged in as text to web user interface Bug Fix Fixed issue with renaming files in HTML user interface when using IE Bug Fix Fixed issue with multiple domains using database resources Bug Fix Fixed issue where editing an action in a trigger could cause improper re ordering of actions Release 3 1 May 27 2007 Enhancement Added support for WebDAV servce Enhancement Added Java applet client to web interface Enhancement Updated look and feel of HTML based user interface Enhancement Added Directory Monitors feature to monitor one or more local directories for changes Enhancement Updated authentication panels in JSCAPE MFT Server Manager to give user more flexibility in specifying default login directory Enhancement Added support for AES and other ciphers to SFTP protocol Enhancement Added ability to specify Logout URL for HTTP services at domain lev
85. a web interface Improved GUI implementation for managing PGP keys Added web based account management features allowing user to change their own contact Added ability to assign users limited domain administration capabilities via web interface Added support for Linux Z OS platform Added ability to create user templates Updated Add Group and Edit Group dialogs to allow for selection of a Reverse Proxy Added js adddomain command line utility to add a domain Added js addserviceftp command line utility to add FTP service Added js addservicesftp command line utility to add SFTP service Added js addservicehttp command line utility to add HTTP and HTTPS services Added js addservicewebdav command line utility to add WebDAV service Added js importusers command line utility to perform bulk import of users from CSV file Added js enablehttp command line utility to enable HTTP service Added js enablehttps command line utility to enable HTTPS service Added js startdomain command line utility to start domain Added js stopdomain command line utility to stop domain Change Renamed Resources node in JSCAPE MFT Server Manager to Reverse Proxies Bug Fix Fixed issue with password compliance settings being applied globally instead of at domain level Bug Fix Fixed issue with not being able to accept HTTP S connections when running server on Windows Vista platform Bug Fix Fixed issue with not being able to view reports when running server on
86. able a drop down list of available domains will be shown on login page Show lost password link If enabled the Lost password link will be displayed on web interface login page allowing user to reset their password via email Self Registration Show user registration link If enabled users the user registration link will be provided on the main login page allowing users to self register for accounts provided this is enabled for the domain Use email as login If enabled users will not be prompted for a username when self registering instead it will use their email address as their login when creating their account See also Web based file transfers Email settings The Email node controls whether ad hoc email transfers are enabled and the SMTP server settings used for sending emails See also Email transfers Failover settings The Failover node controls whether a failover server is defined for this server See also Defining a failover server Search index settings The Search Index node controls whether and how files are indexed for use in performing searches Figure 129 Chapter 18 JSCAPE MFT Server Manager Settings JSCAPE MFT Server Manager 1 8 Settings Home Serer v Help Logout ER Manager Service Search Index amp p Domain Startup A Web Rebuild index every 24 S hrs JDBC Drivers Update index upon file upload Update index upon file rename Email F Update index upon user update
87. abled Added ability to restrict Banned Files entries to a Path that may be recursive Added time and throughput information to logging format and various reporting metrics Improved performance of ad hoc file transfers Bug Fix Resolved issue experienced by domain administrators when trying to edit a user from the web interface Bug Fix Resolved issue with incorrect logo being used in web interface Bug Fix Resolved issue with reverse proxies mapped to a remote SFTP service that resulted in reverse proxy being unavailable Bug Fix Resolved issue with trading partners duplicated in user interface Bug Fix Resolved issue with missing Revoke and Extend button text image in web interface Bug Fix Resolved issue with some SFTP uploads to server stalling at around 1GB Bug Fix Misc Release 8 7 Jul 12 2013 Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement ellaneous bug fixes Added iOS client to Enterprise edition for use in transferring viewing and sharing files Added support for AS2 serice Added support for AS2 trading partners Added AS2 support to trading partner related trigger actions Improved SFTP service performance Improved error message returned in the event user attempts to use a previously used password that violates password compliance settings Enhancement Trigger module now displays an error message in the event user tries to run a trigger that has not been
88. acts E Share bandwidth quotas with owned users User templates check to limit available templates Default USER LIMITATIONS V Restrict user path to installdir users Y domain Yusername Browse F Allow assignment of groups to users F Allow assignment of reverse proxies to user virtual directories Allow enabling of phone authentication for users OK Cancel Allow domain administration Enables disables if user is a domain administrator General Allow management of non owned users If checked then user can manage any accounts for the domain Otherwise user can only manage accounts that are owned by this user Allow usage of system OpenPGP keys If enabled user will be able to view OpenPGP keys created in Key Manager Share bandwidth quotas with owned users If checked then all owned users bandwidth rolls up to domain administrator user bandwidth quota where the sum of owned user bandwidth may not exceed that of the domain administrator bandwidth quota Max number of owned users The maximum number of users this user may create own Allow management of public contacts If enabled user will be able to create manage public contacts visible by all users for the domain User templates The templates that domain administrator may use when creating a user User Limitations Chapter 3 Server configuration Server configuration 3 Restrict user paths to If checked then user can only create virtual directories w
89. after S invalid password attempts in 3 min for 60 gt min F Disable IP after invalid password attempts in 3 min for 60 S min Pri Ee Raoni Prowse E Flag IP after 3 invalid password attempts in 3 S min for 60 S min 3 Directory Monitors Drop Zones URL Branding Apply Discard Sat Trading Partners Y Chapter 3 Server configuration Server configuration 3 Max concurrent connections The maximum number of concurrent connections allowed Note This value may not exceed the concurrent connection limit of your license type Max connections IP The maximum number of active connections from a single client IP address Max connections user The maximum number of active connections from a single user Max downloads session The maximum number of downloads per client session Max uploads session The maximum number of uploads allowed per client session Max file download size MB The maximum file download size in MB Max file upload size MB The maximum file upload size in MB Max uploads MB Defines an upload quota for the domain that is reset every N days If upload quota is exceeded no further uploads are allowed until upload quota is reset Max downloads MB Defines a download quota for the domain that is reset every N days If download quota is exceeded no further downloads are allowed until download quota is reset Max transfers MB Defines a transfer quota for the domain that is reset every N days If t
90. all services Enhancement Added automatic login support to Web services using URL parameters Enhancement Added support for optionally redirecting user to a different URL in Web service when clicking Logout button Enhancement Added true regular expression support to File Transfer Script action Bug Fix Fixed issue in Convert File action Bug Fix Fixed timestamp issue encountered when using database logging Bug Fix Fixed memory issue experienced when trying to view large log record sets stored in relational database Bug Fix Fixed issue experience when using multiple JDBC drivers simultaneously Release 2 1 December 13 2006 Enhancement Added authentication module for authenticating users against relational databases LDAP or Active Directory services Enhancement Added ability to schedule one time only or recurring actions using Current Time event and triggers Enhancement Added ability to store activity logs in a relational database Enhancement Added checkpoint restart and checksum verification to file transfer actions Enhancement Added ability to specify up to three attachments in Send Email action Chapter 1 Introduction 29 30 Introduction 1 Enhancement Improved GUI screens in triggers section used in obtaining action variables Enhancement Improved API for defining custom actions allowing you to specify the type of GUI components used when accepting input Enhancement Added File Transfer Script action wh
91. ame property to all Directory Monitor File related events to contain filename Added ability to automatically redirect all HTTP requests to HTTPS Added default log and datastore directories when creating a domain Added js deldomain command line utility Changed default SSH version banner displayed to SFTP clients Bug Fix Fixed issue with automatic startup process on Mac OS X platforms Bug Fix Fixed issue with saving users with all password compliance options enabled Bug Fix Fixed behavior of Block IP after option found in Connections node of JSCAPE MFT Server Manager Change has been made so that client connection is closed before blocking client IP address Bug Fix Fixed issue with directory listings returned when hosting server on Mac OS X platform Bug Fix Fixed virtual folder permissions issue experienced when multiple virtual folders are assigned to a single user and virtual folders share a common path Bug Fix Fixed issue with clients that request key re exchange for long SFTP file transfers Bug Fix Fixed issue with being unable to add users or reset passwords when password policies are enabled Release 4 0 Jun 18 2008 Enhancement Enhancement Enhancement information Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Added ability for users to reset lost password vi
92. ancement Enhancement Enhancement changed Enhancement Chapter 1 Introduction Resolved issue displaying large PDF files in web document viewer Resolved issue with case insensitive user names Resolved issue with testing reverse proxy mapped to a WebDAV service Resolved issue authenticating with SSL based LDAP service Resolved issue where user was able to tag non existing files using REST API Resolved issue with ReplaceAll function in Triggers module Resolved issue where users are unable to download files that are tagged within a sub directory Resolved issue where users are unable to navigate to a tagged directory Resolved exception thrown in Aftp Create Directory action Resolved issue with Trading Partner Regex File Upload action Resolved retry issue with Trading Partner related trigger actions Various performance improvements to AFTP protocol Added support for specifying default selected user interface option when logging in via web Updated SFTP and SCP related trigger actions to use extended cipher set Updated trigger actions to allow for use of variables in all input elements Improved SSL TLS Cipher Suites panel for FTPS and HTTPS protocols Added support for disabling CAPTCHA during web based self registration Added ability to prioritize pause and resume a number of trigger actions Updated web interface to automatically save virtual paths and IP access rules when Updated SFTP trigger actions reverse p
93. ancement Added ability to specify IP Access restrictions at user level Enhancement Added ability to vew manage active sessions for all protocols Enhancement Added multiple concurrent file transfer support to Java applet interface Enhancement Added Company attribute to user accounts Enhancement Added API support for managing remote directories Enhancement Added File Upload Quota Exceeded File Download Quota Exceeded and File Transfer Quota Exceeded events that are fired when a transfer quota is exceeded Enhancement Added ability to specify an optional command to be executed on remote FTP S servers after login but prior to action execution for FTP S related actions and trading partner definitions Enhancement Added Twitter actions for sending direct messages and status updates Enhancement Added ability to set session TTL for HTTP S sessions Enhancement Updated web interface so that Domain field is automatically populated in Lost Password screen if Default domain option is enabled Enhancement Updated custom action API to support context sensitive help Enhancement Updated tag cloud to be sorted in descending order Enhancement Added ability to specify whether adaptive connection is used and whether subsystem reply is required in SFTP reverse proxy and SFTP action definitions Update Renamed product to JSCAPE MFT Server to better reflect product capabilities Update Replaced evaluation license with community license an
94. annel If enabled users requesting data transfer using FTPS FTP over SSL will be required to supply data encrypted with a private key that maps to a server installed client certificate Block PASV attack If enabled users will only be allowed to connect to passive data ports that are initiated by same client on command channel Chapter 3 Server configuration Server configuration 3 Shutdown SSL for CCC command If enabled client must properly shutdown SSL connectiosn for command channel when issuing CCC command Shutdown SSL for data connection If enabled client must properly shutdown SSL data connections SSL Ciphers The SSL ciphers to enable for FTPS FTP over SSL services SFTP SCP Connection Settings SFTP SCP connection settings may be managed under the Services gt SFTP SCP panel Figure 71 Home Server v Help Logout Domain localhost running A Statistics Services FTP S SFTP SCP AFTP OFTP TFTP HTTP S WebDAVIS 8 Description ik Services Software version JSCAPE Startup banner Logging ily Reports AS2 Messages Authentication banner OFTP Messages 3J Datastore Connection timeout 5 2 5 Time Access Connection send buffer A e Connection receive buffer lt gt lt gt e gt B e Banned Files E E Disable expanded longname format for SSH_FXP_REALPATH 2 Compliance E IP Access Algorithms 7 DLP amp Connections Ye Triggers Apply Discard Software version The SSH
95. assword Administrative password for managing services 7 Set allocated application memory Minimum allocated memory is 512MB with recommended value of 1024MB or more Figure 179 Chapter 2 Installation Installation Application Settings Set up the run time application settings Max application memory size MB 512 H 8 Launch JSCAPE MFT Server Manager to configure your server Figure 180 Completing the JSCAPE MFT Server Setup Wizard Setup has finished installing JSCAPE MFT Server on your computer The application may be launched by selecting the installed icons Click Finish to exit Setup 9 If you are running any firewall software make sure that it is setup to allow JSCAPE MFT Server to run For firewalls that use application whitelisting add the application server exe located in the JSCAPE MFT Server installation directory Chapter 2 Installation 35 36 Installation 2 See also Server configuration gt Launching the administrative client Installing on Linux RPM Console Installation To install using the RPM file perform the following steps as a user with root privileges 1 Place the install rpm file in a directory on the destination server 2 Install Run the following command from the directory containing the RPM file you placed on your server rpm iv install rpm 3 Configure Administration Service Go to the opt JSCAPE_MFT_Server directory and run the following command
96. ate Key x Private key export Specify key file parameters Key filename jscape prv Password eevee Password confirmation eeee Format PEM OK Cancel Key filename The filename to export private key file to Password The password used to protect the private key Format The format in which to export private key Host keys Enter topic text here Chapter 17 Key management Key management 17 Overview Host keys are the keys which are used to verify the identity of remote hosts These may include public keys for SSL certificates used to protect FTPS and HTTPS servces as well as public host keys for SSH SFTP services Host keys may be associated with trading partners and or used in certain trigger actions that perform secure file transfers to verify the identity of remote hosts Importing a host key You may import existing certificates or public key for use in validating the identity of remote hosts in secure client connections To import an existing certificate or public key open the Key Manager by selecting the Server gt Key Manager option from the main menu The Key Manager will be displayed Select the Host Keys tab and click on the Import button The Import dialog is displayed Figure 69 Import Public Key X Public key import Specify key file parameters Key alias jsmith Key file Choose File jsmith pub OK Cancel Key alias The local alias which will be used for storing in the serv
97. ateoftp command may be used migrate OFTP messages previously stored in per domain datastore H2 database to a common datastore user defined relational database in JSCAPE MFT Server Prior to running j s migrateoftp you must update the datastore used in Services gt OFTP gt Datastore Settings to Use common database option pointing to a relational database of your choice Additionally you must create the necessary tables in your database to store OFTP messages Example database schema for Oracle MySQL and MSSQL can be found in the etc oracle sql etc mysql sql and etc mssql sql files relative to your JSCAPE MFT Server installation directory Usage js migrateoftp options Chapter 13 Command line utilities 207 208 Command line utilities 1 3 Options d delete the original data h display this help menu f j s migrateoftp command is run without options then user will be prompted for necessary information jS passwd The js passwd command may be used to update a password for an account Usage d lt domain gt p lt password gt u lt user gt h Options d the domain name u the account login p the account password h display this help menu If s passwd command is run without options then user will be prompted for necessary information jS pausedomain The js pausedomain command may be used to pause a domain in JSCAPE MFT Server When pausing a domain existing connections will be allowed to co
98. ation 3 Timeout The connection timeout when connecting to LDAP service User DN The users distinguished name for authenticating with the LDAP servce Search user DN The user distinguished name used for performing LDAP search query Password The user password for performing LDAP search query Base DN The base distinguished name in which to perform the filter Filter The filter to execute using the LDAP filter syntax There are two special variables that may be used when performing the database query susername and passwords which refer the username and password supplied by the user during the authentication process Hash password class The Java class to use for hashing password before passing to filter If no class is specified then password will be passed to Filter in clear text Use SSL connection Connect to LDAP server using SSL connection Use failover server If enabled and primary LDAP server is inaccessible then authentication will be attempted against failover server Create account if not found using template This allows for accounts to be created automatically upon successful authentication If selected an account will be created automatically if it does not exist already using the specified User Template Convert username before creation to If enabled the username supplied will be converted to specified case before passing username to specified User Template See also Password Hashin LDAP Filter
99. ciated with this trigger a Trigger Error event will be raised You may capture this event using a trigger that listens for the Trigger Error event and respond appropriately Figure 36 Add Trigger step 2 of 3 3 Trigger Conditions Enter optional trigger conditions Trigger conditions are defined as a logical expression used to filter events based on event properties Example Hour 5 AND Minute 0 OR Hour 22 AND Minute 30 Expression wv Variables Functions Constants Operators AND OR Time Expression lt Back Next gt Cancel Figure 37 138 Chapter 5 Trigger management Trigger management Add Trigger step 3 of 3 Trigger Actions Specify trigger actions Action Description See also Event types Action types Function types Defining custom action types Settings There are various settings that control how triggers are executed Settings panel in JSCAPE MFT Server Manager Limiting number of concurrent triggers Limiting number of concurrent transfers Defining global variables Figure 139 Chapter5 Trigger management Add Edit Delete lt Back OK Cancel These are defined in the Triggers gt 139 140 Trigger management 5 Home Serer v Help Logout Domain localhost running AS2 Messages Triggers Recent Settings Actions Functions OFTP Messages 3J Datastore Limit concurrent triggers to 50 with queue size 100 v n
100. contents will analyze contents of file for instances of regular expression A scope of Filename will analyze filename for instances of regular expression Regular expression The regular expression to use when performing content analysis See also Regular expression reference Enabling DLP DLP may be enabled for any virtual path This gives you the power and flexibility to limit DLP at the directory user or group level depending on your needs To enable DLP for a virtual path select the virtual path and click Edit Next click the Enable DLP option followed by the Settings button to define which DLP rules and actions should be applied to the virtual path Figure 150 Edit Virtual Path 3 Virtual path Setup virtual path parameters Path Real path installdir users Y domain Y username Browse Reverse proxy v V Create directory if not found V Include in search index E PGP encrypt uploads V Enable DLP Settings Secured E Denied Permissions OK Cancel Chapter 10 Data loss prevention DLP Data loss prevention DLP 10 Figure 151 DLP Settings rx DLP Settings Specify DLP rules for the virtual path Rule Enabled Access Add Edit OK Cancel Rules are processed in order The first rule to match determines access level Use the Up and Down buttons to change the order in which rules are processed Figure 152 Add DLP Ent
101. ctory and Ftp Delete File actions for deleting directories and files on remote FTP servers Enhancement Added Ftps Delete Directory and Ftps Delete File actions for deleting directories and files on remote FTP servers using FTPS FTP over SSL Enhancement Added Sftp Delete Directory and Sftp Delete File actions for deleting directories and files on Chapter 1 Introduction Introduction 1 remote SSH servers using SFTP FTP over SSH Enhancement Added Ftp Regex File Upload and Ftp Regex File Download actions for transferring files to from FTP server using a regular expression Enhancement Added Ftps Regex File Upload and Ftps Regex File Download actions for transferring files to from FTP server using a regular expression and FTPS FTP over SSL Enhancement Added Sftp Regex File Upload and Sftp Regex File Download actions for transferring files to from SSH server using a regular expression and SFTP FTP over SSH Enhancement Added Send PGP Email action for sending OpenPGP encrypted email messages Enhancement Added Zip Directory action for compressing the contents of a directory into a zip archive Enhancement Added Run Report action for re running an existing report Enhancement Modified Check Email action to automatically verify decrypt OpenPGP encrypted email messages Enhancement Updated Copy Directory action allowing users to specify the level of copy performed Enhancement Updated Delete Directory action allowing users to sp
102. d 432124 htm JVM 1 7 http www oracle com technetwork java javas e downloads jce8 download 2133166 html JVM 1 8 Installation 1 Determine the location of the JVM JDK you are using by opening the install44j inst_jre cfg file located in your JSCAPE MFT Server installation directory This file will contain the path to the JRE used when running JSCAPE MFT Serwer Example c program files java jre 2 Extract the contents of the Unlimited Strength Jurisdiction Policy Files to a temporary directory 3 Copy the local_policy jar and US_export_policy jar files extracted in the previous step to the lib security directory of your JRE making sure to backup previous versions of these jar files should you decide to revert back to the previous installation Example c program files java jre lib security 4 Restart both the JSCAPE MFT Server Service and JSCAPE MFT Server Manager Additional libraries needed for SFTP ciphers If you are planning to use the non default ciphers that are included as part of JSCAPE MFT Serer SFTP service then you may need to install the JCE Unlimited Strength Jurisdiction Policy Files distributed by Oracle The default ciphers that are supported by the SFTP service include blowfish cbc 3des cbc none If you are only using the default enabled ciphers then installing the Unlimited Strength Jurisdiction Policy Files is not necessary Examples of non default ciphers that require installing the Unlimited Strength Ju
103. d changed limitations of community license to support up to 5 users connections and 1 domain with all other functionality enabled Update Changed reverse proxy definition to load optional private key used in SFTP and FTPS protocols from a file rather than load from Server Keys module Bug Fix Resolved issue where trigger would not show up with Failed status under Recent tab of triggers module when using an invalid function definition Bug Fix Resolved issue where datastore location could not be changed for a domain Bug Fix Resolved issue with drop zones where uploading to a drop zone may not upload to the correct directory Bug Fix Resolved issue with user passwords that contained a character Bug Fix Added missing image to Manage Tags button in web interface Bug Fix Removed svn directories from product distribution Release 7 0 Chapter 1 Introduction 17 18 Introduction Enhancement Added ability to tag search documents with keywords using the web interface for improved searching Enhancement Added ability to store the credentials for remote systems using a new admin module called Trading Partners Enhancement Added ability to retry outgoing emails if failure occurs initially Enhancement Added ability to allow a user to belong to more than one group Enhancement Added ability to allow a user to connect to a different JSCAPE MFT Server without having to stop start the JSCAPE MFT Server Manager Enhanceme
104. d file transfers Web based file transfers 6 Quotas This section displays any bandwidth quota or directory monitor quota information for the user Contacts This section can be used to manage contacts for use in ad hoc file transfers Activity This section can be used to manage ad hoc emails sent by the user Drop Zones This section shows drop zone information for the user See also Assigning domain administrators Customizing the web interface The JSCAPE MFT Server Web Gateway user interface may be easily customized to match the language and look and feel of your organization Setting login page properties When connecting to the JGCAPE MFT Server Web Gateway the server automatically detects the clients browser language settings and loads the appropriate language file If a matching language file cannot be found then the default language file is used The logo and text for the login page may be changed by going to Server gt Settings gt Web andclicking on the Resources tab Figure 47 Chapter6 Web based file transfers 165 166 Web based file transfers Home Serer v Help v Logout E Manager Service Web REST AS2 Miscellaneous Resources amp p Domain Startup Logo em J p JDBC Drivers A Email 2 Failover Language default amp Search Index pean A JMX Application 403 MESSAGE Application 403 TITLE Application 404 MESSAGE Application 404 TITLE Web Document Viewer Change Value
105. d when using HTML user interface Resources The current language resource file Language resource files are used for specifying alternative user interface labels based on client browser default language Setting WebDAV domain level properties When connecting to the JSCAPE MFT Server Web Gateway the server automatically detects the clients browser language settings and loads the appropriate language file If a matching language file cannot be found then the default language file is used The logo and text for the Java Applet user interface may be changed at the domain level by going to the Services gt WebDAV S panel Figure 90 Chapter6 Web based file transfers 167 168 Web based file transfers 6 Home Serer v Help Logout Domain localhost running E Statistics Services FTP S SFTP SCP AFTP OFTP TFTP HTTP S WebDAV S amp Description ik Services Logo FEST Logging lb Reports Change AS2 Messages Logout URL OFTP Messages Enable Java applet JRE C Enable web document viewer i Time Access V Show login info Show account link 6 Banned Files a i amp Compliance Resources EB IP Access paoue 3 DLP 3 Connections Apply Discard Yy Triggers E Authantication Logo The logo displayed in upper left corner when using WebDAV user interface Logout URL The URL to redirect user to upon clicking Logout link Language The current language resource file Language resource files are used for sp
106. database vendor for access to JDBC libraries and assistance on specifying the JDBC URL Username The username to connect with when authenticating with database Password The password to connect with when authenticating with database Pool The maximum number of connections in database pool Pool timeout The maximum amount of time in minutes that the database connection can live in the pool without activity Test Parameters Tests database connection using the specified settings See also JDBC settings Syslog Logs all activity to a syslog daemon in addition to your existing File Log or Database Log settings To use the Syslog option you must have an existing syslog daemon running This may be a local or remote syslog daemon Figure 116 Chapter 3 Server configuration Server configuration Home Server v Help v Logout Domain localhost running A Statistics Running Search Results Service Syslog Settings amp Description 7 Enable syslog 4s Services SERVER Logging paas 192 168 1 1 Port A lb Reports a8 s AS2 Messages MESSAGE atle Si x J Datastore Processname JSCAPE 9 Time Access Banned Files Apply Discard 2 Compliance IP Access DLP amp Connections W Triggers E Authentication amp Users Host The IP address of syslog daemon Port The port of syslog daemon Facility The syslog facility to use Process name Process name tag to apply to all log messages sent to syslog dae
107. dy exists AS2 message will be rejected Bind unauthenticated transfers to user If checked incoming AS2 messages that do not include user credentials will be mapped to the specified username and domain If unchecked then all incoming AS2 messages must include user credentials Upload directory The directory relative to users root directory where AS2 message data will be stored Receipt text Additional information to include in AS2 receipts Receiving AS2 messages In order to receive AS2 messages you must first enable the AS2 service See Enabling AS2 To receive AS2 messages in JSCAPE MFT Server the sender may ask you for a number of parameters A guide to these parameters has been provided below Parameters URL http s hostname port as2 incoming where hostname is the hostname or IP address and port is the port as set in Server gt Settings gt Web panel of JSCAPE MFT Server Manager e g https 152 168 1 1 443 as2 incoming Username username domain where username is the user Login and domain is the JSCAPE MFT Server domain to which the user belongs e g test localhost Password Chapter 4 AS2 Applicability Statement 2 AS2 Applicability Statement 2 4 The password for the specified username e g secret From ID This can be any value that uniquely identifies where the AS2 message is coming from MyTradingPartner To ID This can be any value that uniquely identifies where the AS2 message is b
108. e copy c tmp logs txt c tnp logs txt ol d I del lt file gt Deletes local filename lt file gt a quoted relative filename or absolute path pe I deldi r lt directory gt Deletes local directory recursively Chapter 5 Trigger management 149 150 Trigger management I mkdir lt directory gt I move lt path gt lt desti nati on gt I rename lt path gt lt desti nati on gt Chapter5 Trigger management lt di rect or y gt a quoted relative directory name or absolute path Example t mp Creates local directory recursively lt di rect or y gt a quoted relative directory name or absolute path Moves a local file to a local destination lt pat h gt a quoted relative or absolute file or directory path lt desti nati on gt a quoted relative or absolute file or directory path Example nove logs txt archi ve l ogs txt Example move c tmp logs txt c tmp Escape Renames file on local machine Trigger management mget lt filter gt mkdir lt directory gt mode lt mode gt mput lt filter gt Chapter5 Trigger management lt pat h gt a quoted relative or absolute file or directory path lt desti nati on gt a quoted relative or absolute file or directory path Example lrename I ogs txt logs txt old Example lrenare c tmp logs txt c tnp logs txt ol d Downloads files from current remote directory matching filter lt
109. e also Authenticating using custom authentication API Password Hashing The Database Query Authentication and LDAP Query Authentication services both support optional password hashing Many databases and LDAP repositories store passwords in a hashed format This is a security measure used in order to protect user credentials should a database or LDAP repository be compromised JSCAPE MFT Server includes some built in classes that may be used for hashing a password before it is sent for authentication against a database or LDAP repository These classes are com jscape inet mft authentication MD5Hasher and com jscape inet mft authentication SHAlHasher which offer MD5 and SHA1 hashes Chapter 3 Server configuration 89 90 Server configuration 3 respectively Note the hashes provided by the MD5Hasher and SHAlHasher Classes are provided in lowercase format Some databases or LDAP repositories may store passwords in a salted hash format In a salted hash format the password is combined with other data the salt prior to being hashed Salted hash passwords are typically used in an effort to avoid brute force password attacks should the database or LDAP repository be compromised Password salting is generally application dependent therefore should you need to use a salted password it is necessary to write your own password hasher using the JSCAPE MFT Server API To implement your own password hashing provider you must perform the following 1
110. e automatically You can send an AS2 message automatically in response to server events using the Triggers module andthe Trading Partner File UploadorTrading Partner Regex File Upload actions See Triggers Resending an AS2 message To manually resend an AS2 message select the desired message from the AS2 Messages module and click the Resend button Note only messages of type request may be resent Viewing AS2 messages A history of all AS2 messages sent and received for a domain can be found in the AS2 Messages module in JSCAPE MFT Server Manager Figure 168 132 Chapter 4 AS2 Applicability Statement 2 AS2 Applicability Statement 2 Home Server Help Logout Domain localhost running E Statistics AS2 Messages amp Description ak Services Date Type Direction Message ID AS2 From AS2To Filename Status User Trading Partne MDN f 6 25 2015 9 59 53 AM receipt outgoing lt 20601608467 you me desktop ini successful test sync 2 Logging 6 25 2015 9 59 53 AM receipt incoming lt 20601608467 you me desktop ini successful localhost as2 sync Th Reports 6 25 2015 9 59 52 AM request outgoing lt 34093878428 me you desktop ini successful localhost as2 sync 2 AS2 Messages 6 25 2015 9 59 52 AM request incoming 34093878428 me you desktop ini successful test sync F 3 OFTP Messages 4 23 2015 8 53 04 AM receipt unknown 24972923982 you me test successful test sync J Datast 4
111. e domain using JSCAPE MFT Server Manager Figure 58 Chapter 3 Server configuration 81 82 Server configuration Home Serer v Help Logout Domain localhost running Eo Authentication Two Factor Phone Authentication Web SSO 9 Time Access Banned Files Service type domain user authentication v Compliance E IP Access cm Apply Discard amp Connections W Triggers Authentication amp Users amp Groups ty Reverse Proxies 8 Directory Monitors Drop Zones URL Branding 4 Trading Partners amp Contacts Database User Authentication Database User Authentication allows you to authenticate a user based on whether the user has credentials to connect to a database When connecting to the supplied JDBC URL the username and password provided at time of login are used to login to the JDBC URL If user authenticates successfully with the JDBC URL then user is considered a valid user of the JGCAPE MFT Server service Figure 59 Home Serer v Help Logout Domain localhost running R Daami Authentication Two Factor Phone Authentication Web SSO i Time Access 6 Banned Files Service type database authentication v 2 Compliance IP Access JDBC URL jdbc mysql localhost jscape Create user if not found using template Default v 7 DLP Convert username before creation to lowercase v amp Connections Wy Triggers Authentication Test Parameters amp Users amp S
112. e or IP address information Chapter6 Web based file transfers Web based file transfers 6 Session timeout The amount of time after which to close inactive HTTP S sessions Hide domain Hides domain field when logging in via web interface If this option is checked then a default domain MUST be provided Show domain dropdown If enabled a drop down of all available domains is displayed for the Domain field when logging in via the web interface otherwise a text field is displayed requiring user to type in domain Redirect HTTP to HTTPS Redirect incoming HTTP requests to secure HTTPS serice Show lost password link If enabled the Lost password link will be displayed on web interface login page allowing user to reset their password via email See also Obtaining a trusted certificate Step 2 Add HTTP S services to your Domain For the desired domain go to the Services module and click the Add button When prompted set the Protocol to HTTP S and select the desired protocols you wish to accept file transfers for Figure 33 Add Service X Domain Service Specify service parameters Protocol HTTP S v v HTTP V HTTPS OK Cancel See also Obtaining a trusted certificate Chapter 6 Web based file transfers 161 162 Web based file transfers 6 Web user interface JSCAPE MFT Server Web Gateway has all the common functions of a file transfer client without having to install file transfer client software on your e
113. e placed in a queue for later execution or depending on the trigger action priority they may interrupt an existing file transfer action and be given execution priority Interrupted file transfer actions will automatically resume upon completion of higher priority file transfer actions If the size of the queue is exceeded then an error message will be written to the server activity log Defining global variables You may wish to define global event variables that can be used by all of your triggers Once created these global variables can be accessed from any of your trigger actions using the Add Variable button Using time based triggers JSCAPE MFT Server includes a powerful scheduler which allows you to schedule actions for execution on a one time only or recurring basis To setup a time based trigger create a new Trigger with an Event type of Current Time The Current Time event is fired every one 1 minute while the server is running Using one or more Trigger Condition s you can specify when the actions associated with a trigger should be executed The example condition below in Figure 77 would be valid for 5 00 AM Chapter5 Trigger management Trigger management Figure 57 Add Trigger step 1 of 3 Add Trigger Specify trigger parameters Name Copy Files Event type Description Current Time E Ignore trigger events while domain is stopped Enabled Run asynchronous Fire Trigger Error event if an
114. e to listen on and username password are the credentials you will use when connecting to the service This service is what you will connect to using the JSCAPE MFT Server Manager to manage your server Defaults ports for JSCAPE MFT Server Service and REST web service are 10880 and 11880 respectively Note the IP address 0 0 0 0 is a special address that instructs the service to listen on all available network interfaces 4 Startup JSCAPE MFT Server Service If you are auto starting using an SMF script you may skip this step From the JSCAPE MFT Server installation directory run the following command start_service sh The JSCAPE MFT Server Service should now be running To connect to this service and manage your server see the following topics Server configuration gt Launching the administrative client Auto starting in Solaris 10 environments Auto starting in UNIX environments Chapter 2 Installation Installation 2 Installing on AIX ZIP Console Installation To install using the ZIP file perform the following steps as a user with root privileges 1 Place the install zip file in a directory on the destination server 2 Install Run the following command from the directory containing the ZIP file you placed on your server unzip install zip 3 Configure Administration Service Go to the JSCAPE MFT Server installation directory located in the JSCAPE_MFT_Server directory relative to where the unzip command was executed
115. e used by the CA in order to create a signed certificate To generate a CSR highlight the desired server key in the Key Manager and click the Generate CSR button A dialog will prompt you for the location in which to store the CSR Chapter 17 Key management 219 220 Key management 17 Figure 87 Generate CSR B CSR generation Specify CSR file parameters CSR filename jscape csr OK Cancel Submitting CSR to CA The next step is to submit your CSR to the CA for use in generating your signed certificate Please consult your CA for instructions on how to accomplish this Your CA may ask you in which format you would like the certificate If this option is presented to you select the Other Apache or Java option to receive the certificate in a common format To request a JSCAPE signed certificate please visit the following https www securepaynet net gdshop ssl ssl asp prog id 423530 amp ci 1789 amp Importing signed certificate The last step is to import the signed certificate issued to you by your CA To import the signed certificate select the server key that was used to generate the CSR and click the Import Certificates button You will be prompted for the path of the certificate file issued to you by your CA Note Some CA issue an intermediate certificate in addition to a signed certificate If your certificate came with an intermediate certificate you will need to append the contents of the intermediate to the signed certi
116. ear 0 w Year 0 an Test Close Event types There are several event types that you may listen for when defining triggers For a list of event types please see the context sensitive help available in JSCAPE MFT Server Manager when creating a trigger See also Adding triggers Action types Defining custom action types Action types There are several built in action types that you may use when defining triggers For a list of available actions please see the context sensitive help available in JSCAPE MFT Server Manager when creating a trigger See also Chapter 5 Trigger management 143 144 Trigger management 5 Adding triggers Event types Function types Defining custom action types Function types There are several built in functions that you can use within trigger action fields These functions are particularly useful in cases where you want to format or parse a trigger event variable For a list of available functions please see the context sensitive help available in JSCAPE MFT Server Manager when creating a trigger Rules for function arguments Using event variables within functions Using patterns in Format function Rules for function arguments 1 Function parameters are separated by the comma character Leading or trailing spaces are considered as the part of parameter 2 Function parameter string data may be surrounded with quotes If the function parameter is not surrounded by quotes then any leading or t
117. eb 7 HTTP on host 0 0 0 0 port 80 lt JDBC Drivers z HTTPS on host 0 0 0 0 w pot 443 nie Email Failover HTTPS amp Search Index Private key examplersa v A JMX E HTTPS client certificate required V SSUTLS renegotiation allowed SSL TLS Ciphers Save changes Cancel Web Server HTTP on host The host and port you want to enable HTTP service on This will also be used for client REST services HTTPS on host The host and port you want to enable HTTPS service on This will also be used for client REST senices HTTPS Private key The SSL encryption key to be used for HTTPS services Redirect HTTP requests to HTTPS Automatically redirects HTTP requests to HTTP HTTPS client certificate required Requires that client browser successfully identify itself with a client certificate found in Client keys section of Key Manager SSL TLS negotiation allowed If enabled clients will be allowed to renegotiate SSL TLS sessions SSL TLS Ciphers List of enabled SSL ciphers for HTTPS communications Miscellaneous User interface Sets what user interface options are available from login page Default domain Defaults domain field to specified value when logging in via web interface Server name Optional value if entered will replace any HTTP headers that contain hostname data with specified hostname This is useful in cases where server operates behind a NAT enabled firewall and you do not want to leak internal hostnam
118. ecify the level of delete performed Enhancement Updated Send Email action allowing for sending of email using secure SSL encrypted connection Enhancement Updated Send Email action to include optional receipt notification upon recipient opening email message Enhancement Changed Add Domain process so that services are automatically started after adding a domain Enhancement Changed File gt Settings gt Connection panel so connection is automatically established upon changing connection parameters Enhancement Improved database reports allowing users to specify a Start Date and End Date range Enhancement Added variable support to Authentication panel where appropriate Enhancement Improved date validation components in manager GUI Enhancement Added External File Upload and External File Download event types to monitor outbound and inbound file transfers made using triggers actions Enhancement Added events to capture administrative actions including Group Deleted Group Updated IP Access Rules Updated Resource Deleted Resource Updated User Deleted User Updated Enhancement Improved formatting in reports Enhancement Added additional metrics to reports including Top External Uploads Top External Downloads Top Email Attachments Sent and Top Email Attachments Received Enhancement Changed command channel timeout for FTP services to automatically detect activity on data channel Enhancement Added verbose logging support for
119. ecifying alternative user interface labels based on client browser default language Enable Java applet If checked Java applet interface is enabled for WebDAV connections Enable web document viewer If checked web document viewer is enabled Show login info If checked the current username and domain is displayed in upper right Show account link If checked the My Account link is displayed in upper right allowing users to change their account contact information Performing automatic login If you are integrating JSCAPE MFT Server Web Gateway into an existing web based application you may already have the needed user login credentials To prevent users from being required to enter login credentials again you may embed all login credentials as URL parameters Upon successful login user will be automatically logged into the JSCAPE MFT Server Web Gateway SSO single sign on may also be used Example http hostname port action login domain localhost username jsmith amp password secret continue action cwd filename path to dir URL Parameters hostname The hostname or IP of the web server port The port of the web server Chapter6 Web based file transfers Web based file transfers 6 domain The domain to login to username The username to login as password The password to login with continue The relative URL to redirect user to after login In the example above the continue argument is used to redirect us
120. ecting to REST management service you will be prompted for an administrative username and password to login These credentials are those that you defined during the installation process Figure 172 JSCAPE MFT Server Login Username admin Password ecccce Login Figure 1 Chapter 3 Server configuration Server configuration Home Serer v Help Logout Dashboard Server Domains Network Interfaces Uploaded Downloaded Quota Domain Name State Current Con Current Tran Total Conner Start Date Stop Date Bytes Files Bytes Files Uploads Downloads Transfers localhost running 0 0 16 609 37 MB 1 2 98 GB 5 6 22 2015 8 36 0 Add See also Starting the service Creating a domain You may create a domain using the JSCAPE MFT Server Manager Step 1 Using JSCAPE MFT Server Manager select Server gt New Domain from the main menu The New Domain wizard is displayed This wizard allows you to quickly create a new domain with one service and minimum settings You may later customize the domain to meet your needs by selecting the domain from the Domains tab and clicking Edit button Figure 2 Chapter 3 Server configuration 53 54 Server configuration 3 New Domain step 1 of 4 amp Domain Name Setup domain name and description Name localhost Description Next gt Cancel Name A unique name you wish to give this domain Make sure to choose the name carefully as it may not be changed once created Description A desc
121. ed LocalDir event properties to any server events which have LocalPath event Added User Password Changed event to detect when user changes their password Added ability to retrieve additional information from database query for use in setting up user in Database Query Authentication module Enhancement Enhancement Enhancement services Added support for WebDAV resources Added ability to run reports using a username filter Added ability to define enabled SSL ciphers for FTPS HTTPS and secure WebDAV Bug Fix Fixed issue with FTP S service returning 0 bytes in response to SIZE filename command if file did not exist Bug Fix Changed response code from 151 to 150 for passive data transfers in response to LIST command which caused a problem with some FTP S clients Bug Fix Fixed issue experienced when uploading large ASCIl files Bug Fix Fixed issue with saving settings for LDAP Query Authentication module Bug Fix Fixed memory leak experienced in WebDAV service Bug Fix Fixed SQL and LDAP injection vulnerability found when using Database Query Authentication or LDAP Query Authentication modules Bug Fix Fixed issue with establishing a data connection to client using different source IP other than that of control channel Bug Fix Fixed issue with encryption keys used in client PGP 6 5 8 Bug Fix Fixed issue when uploading large recursive directories using Java applet Bug Fix Fixed table sorting issue in JSCAPE MFT Serv
122. ed in quotes to be processed correctly e g Chapter 12 REST API Command line utilities 1 3 type explicit SSL See also Management API js adddirmonitor The js adddirmonitor command may be used to add a directory monitor to JSCAPE MFT Server Usage js adddirmonitor n lt value gt r lt value gt options Options d the domain name n directory monitor name r directory path e g c home t monitor interval seconds q directory quota MB l latency period o directory monitor owner a enable monitor file add e enable monitor file edit de enable monitor file delete re enable monitor recursively h display this help menu If s adddirmonitor command is run without options then user will be prompted for necessary information js adddomain The js adddomain command may be used to add a domain to JSCAPE MFT Server Usage js adddomain options Options d the domain name ld log directory ds user datastore directory h display this help menu If s adddomain command is run without options then user will be prompted for necessary information js addgroup The js addgroup command may be used to add a group to JSCAPE MFT Server Usage js addgroup options Options d the domain name g the groupname p the virtual path Chapter 13 Command line utilities 199 200 Command line utilities 1 3 r the real directory path a the path access permissions RWADRLCD
123. ed issue with JMX service not properly releasing port when JMX sence is disabled Release 8 0 Sep 1 2011 Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Added DLP data loss prevention module available in Enterprise edition Redesign of Logging module to provide more visibility into user activity Added support for OpenPGP encrypted virtual directories Added support for multiple administrators Improved memory performance for directory monitors Improved memory performance for search indexing Added ability to send passwords for ad hoc file transfers out of band Added support for selecting multiple files for upload when using HTML user interface Added ability to extend scope of Banned Files module to include directories Implemented various usability and performance enhancements to user interface in JSCAPE MFT Server Manager application Enhancement Enhancement Added ability to create contacts while creating an ad hoc file transfer Added Trading Partner Directory Upload Synchronization and Trading Partner Directory Download Synchronization actions Enhancement Added passive setting for Directory Upload Synchronization and Directory Download Synchronization actions Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Added support for IPv6 addresses in web services Added ability to move fi
124. ed password for specified username on the protocol to use Valid options are ftp ftps ftps auth tls ftps auth ssl ftps implicit sftp and aftp for the protocols FTP FTP over SSL AUTH SSL FTP over SSL Implicit SSL SFTP FTP over SSH and AFTP respectively Default protocol is ftp Note When using ftps implicit setting you must set the port to the server port responsible for handling implicit SSL connections This is typically handled on port 990 Example Trigger management set port lt port gt set privatekey lt file gt set secure lt bool ean gt set timeout lt seconds gt set username lt usernarme gt Chapter 5 Trigger management set protocol ftps auth tls Specifies the port of the remote server The default ports for FTP and SFTP protocols are 21 and 22 Specifies the path of private key file to use when authenticating with SFTP server Valid for use in SFTP protocol only lt file gt a valid relative or absolute file path on local machine c ssh keys id dsa Specifies that the secure SFTP protocol be used FTP protocol is used by default Requires that SSH version 2 0 or above be installed on remote server and SFTP be enabled lt bool ean gt true false Sets the maximum timeout used when establishing a connection sending data or receiving data If timeout is exceeded script will abort Default value is 60 Specifies the username to use when logging int
125. eing sent to e g JSCAPE Encryption key lf message encryption is used then message should be encrypted with recipients public key Signing key lf message signing is used then message should be signed with senders private key MDN receipt Both synchronous and asynchronous modes are supported Processing AS2 messages As AS2 messages are received they will be processed according to the settings in the Server gt Settings gt Web gt AS2 panel AS2 message data will be stored in the Upload directory See Server gt Settings gt Web gt AS2 relative to users root directory A history of all AS2 messages can be seen in the AS2 Messages module for your domain Sending AS2 messages In order to send an AS2 message you must first create an AS2 trading partner See Adding trading partners See Figure 166 below for an example AS2 trading partner In this example the trading partner is another instance of JSCAPE MFT Server AS2 messages may be sent manually from the As2 Messages module or automatically in response to server events using the Triggers module and related actions Creating an AS2 Trading Partner Figure 166 Chapter 4 AS2 Applicability Statement 2 129 130 AS2 Applicability Statement 2 4 Add Trading Partner X Add Trading Partner Specify trading partner parameters BASIC Name JSCAPE Company JSCAPE j E mail CONNECTION URL http 10 1 1 161 as2 incoming Timeout 30 gt sec Username test localhost
126. el Enhancement Added several new trigger event variables for capturing date time and domain name Enhancement Added a new Run Process action that can be used in a trigger to execute local processes Enhancement Updated Delete Directory action adding ability to specify that only files older than a certain age be deleted Enhancement Improved performance for file uploads Enhancement Added source code API examples to the api examples directory of JSCAPE MFT Server installation directory Enhancement Added more text properties to File gt Settings gt Web gt Resource panel Change Changed license key format Bug Fix Fixed issue with SFTP clients connecting using unsupported protocol version Bug Fix Fixed issue with importing SSH keys generated using ssh keygen command Bug Fix Fixed issue with virtual directories containing invalid characters such as and Release 3 0 April 9 2007 Enhancement Added support for SFTP FTP over SSH service Enhancement Added support for client SSL certificates for use in FTPS FTP over SSL services Enhancement Added DMZ support using Resources Enhancement Added Directory Download Synchronization action This action allows users to synchronize local directories with remote FTP FTPS SFTP resources Enhancement Added Directory Upload Synchronization action This action allows users to synchronize remote FTP FTPS SFTP resources with a local directory Enhancement Added Ftp Delete Dire
127. ems If you are running under Solaris 10 or above then you may run as non root using the provided example SMF script Please see the following topic for details Auto starting in Solaris 10 environments Solaris 9 and Linux UNIX systems The simplest method for installing and running JSCAPE MFT Server is to do so as the root user However in some UNIX based environments you may want or need to run JSCAPE MFT Server as a user other than root Should you decide to go this route there are certain issues to consider when installing and configuring JSCAPE MFT Server Chapter 2 Installation 47 48 Installation 2 Filesystem permissions When running JSCAPE MFT Server as a non root system user ensure that this user has user or group level permissions granting them full access to the virtual directories that you define for your JSCAPE MFT Server users Additionally this user should be granted full access to the JSCAPE MFT Server installation directory logging directory user datastore directory and all supporting files within these directories Port redirection As a general rule UNIX based Linux Solaris Mac OS X programs that bind to ports less than 1024 must be run as root user For example the standard port for ftp is port 21 requiring that you run JSCAPE MFT Server as root user in order to bind and listen on this port for incoming requests One solution that gets you around this restriction is to have your server run on ports gt 1024
128. enDocument Presentation odp OpenOffice org 1 0 Presentation sxi Microsoft PowerPoint ppt pptx OpenDocument Drawing odg Portable Document Format pdf Flash swf JPG jpg jpeg GIF gif PNG png Drop zones Drop zones are a way for you to create a space where users can upload files anonymously via their web browser Users accessing a drop zone are shown an upload form that allows them to upload one or more files These users cannot see any of the files that they or other users have uploaded to the drop zone A drop zone is typically used when you want to receive files from one or more people but don t want to create an account for them allowing them to upload files anonymously Creating a drop zone Purging a drop zone Detecting files uploaded to a drop zone Creating a drop zone To create a drop zone go to the Drop Zones module in JSCAPE MFT Server Manager Figure 135 Chapter6 Web based file transfers 177 178 Web based file transfers 6 Home Serer v Help Logout Domain localhost running omen Drop Zones Banned Files i Compliance Name User Path URL Owner URL Branding ip Access amp Connections Vy Triggers E Authentication amp Users amp Groups Bg Reverse Proxies 3 Directory Monitors gt el 1 7 I4 lt 4 Page fije Wi ola Displaying 1 to 1 of 1 items Drop Zones URL Branding Tradin
129. eports output format to be more consistent with administrative web interface Update Updated code signing certificate for file transfer applet used in web interface Bug Fix Resolved issue with GetGlobalVariable function not working properly when testing a condition in a trigger Bug Fix Resolved various interoperability issues with SFTP clients Bug Fix Resolved issue with passive ports not displayed correctly in web interface for FTP S servces Bug Fix Resolved issue with SFTP related trigger actions where password authentication is preferred even though private key is specified Bug Fix Resolved various minor issues Release 9 1 Feb 13 2015 Enhancement Added ability to search tables in administrative web interface Enhancement Added progress dialog to web interface when loading a domain Enhancement Added Last Login column to Users table view Enhancement Added status message to administrative web interface when saving changes Enhancement Added support for TFTP and OFTP services Enhancement Added support for Amazon S3 TFTP OFTP REST IMAP SMTP and POP3 in Trading Partners module Enhancement Added support for various protocols to Reverse Proxies module including Amazon S3 REST TFTP and OFTP Enhancement Added pagination support to AS2 Messages and Contacts modules Enhancement Added notification message to web interface when rebuild index process is started via Server gt Settings gt Search Index Enhanceme
130. equest outgoing Delete AS2 Message B desktop ini localhost as2 sync AS2 Messages 6 25 2015 9 59 52 AM request incoming desktop ini test sync z gt Delete AS2 message s OFTP Messages 4 23 2015 8 53 04 AM receipt unknown test test sync O Messages 4 23 2015 8 53 04 AM request unknown test test sync J Datastore e 4 23 2015 8 22 04 AM receipt unknown Cancel site xml test sync ume M request unknown site xml ful test sync IS Banned Files M receipt unknown lt 30991064890 you me site xmi test sync Compliance 4 23 2015 8 21 55 AM request unknown lt 77129987820 me you site xml ul test sync EB IP Acces 10 x Page 1 dele Wi OJA Displaying 1 to 10 of 55 items Overview Triggers are a very powerful feature that allow you to listen for events and respond with actions if conditions are met For example whenever a file is uploaded by a certain user you may wish to have this file OpenPGP encrypted and then have an email notification sent to another user within your organization with the details of this upload Example Uses Automate routine file transfer tasks Email notification of key events Automate OpenPGP encryption decryption of transferred files Automate compression decompression of transferred files See also Adding triggers Using time based triggers Manually executing time based triggers Writing conditions Testing conditions Event types Action types Defining custom action types File Transfer Script Language
131. er Manager Bug Fix Fixed XSS vulnerability Bug Fix Fixed issue with ad hoc email downloads that only allows downloads that were part of a pre authenticated session Bug Fix Fixed error in Top Hosts reporting metric Release 3 6 Nov 7 2007 Enhancement Chapter 1 Introduction Added ability to create directory on server if it does not exist when creating a virtual path 25 26 Introduction 1 Enhancement Added email address property to user account This value will be used as the default From address value when using ad hoc email file transfers Enhancement Moved various properties from WebDAV senice to File gt Settings gt WebDAV in JSCAPE MFT Server Manager Enhancement Moved various properties from HTTP service to File gt Settings gt HTTP inJSCAPE MFT Server Manager Enhancement Added protocol level debugging support to Resources Enhancement Moved virtual paths for user accounts to it s own tab named Paths in Edit user account dialog Enhancement Added time elapsed time remaining and transfer speed information to progress bar in HTML user interface Enhancement Added wildcard support to LIST MLST and MLSD command in FTP S protocols Enhancement Added support for MFMT and MFCT commands in FTP S protocols Enhancement Various enhancements made to WebDAV Java applet Enhancement Added ability to copy an existing trigger Enhancement Added ability to resume an interrupted transfer in WebDAV Java
132. er server to production host 3 On failover server click the Synchronize State button to perform on demand synchronization 4 On failover server disable failover synchronization 5 Load production server and verify that data has been synchronized correctly 6 Enable failover module on production server setting failover server to failover host Defining password compliance JSCAPE MFT Server may be configured to require that user passwords meet certain requirements To configure password requirements click on the Compliance node in JSCAPE MFT Server Manager Figure 106 Home Serer v Help Logout Domain localhost running Logging Compliance Reports hes PASSWORD AS2 Messages a Minimum password length of characters OFTP Messages Maximum password age of 90 gt days J Datastore Email password change reminder AA days before expiration Password must not match previous 3 passwords mi Time Access E Require password reset on firsttime login 6 Banned Files Compliance REQUIRED CHARACTERS IP Access Uppercase 7 DLP Lowercase Numeric 0 9 i Connections Non alpha numeric e g Yu Triggers Deny login for password non compliance Authentication amp Users E8 Groups Apply Discard M Minunenn Dearian Minimum password length of Requires that password contain the minimum number of defined characters Maximum password age of Requires that user passwords be changed before reaching maximum
133. er to a specified directory upon login See also Web SSO Specifying logout URL By default when clicking the Logout link in JSCAPE MFT Server Web Gateway the user will be logged out and presented with the login page for JSCAPE MFT Server Web Gateway In the event you want the end user to be redirected to another URL you may specify this in the Logout URL field found in the panels for Services gt HTTP S and Services gt WebDAV S SSO may also be used for defining login and logout URL Note the Logout URL does not apply to session timeouts If the HTTP S session experiences a timeout then user will be redirected to the login page See also Web SSO Adding custom forms on file upload When uploading files using the web based HTML user interface you can optionally request additional information from users to be included with the file upload This information can be included on a per file basis or in batch mode and captured as part of the File Upload event in a trigger Creating an upload form To create an upload form go to the Services gt HTTP S panel in JSCAPE MFT Server Manager and click on the Forms button The Upload Forms dialog is displayed showing a list of current forms Figure 121 Chapter6 Web based file transfers 169 Web based file transfers 6 Upload Forms X Upload forms Setup upload forms Name Enabled Add OK Cancel To add a form click on the Add button The Add Form dialog is displayed Figure
134. er v Help Logout A Manager Serice Email Miscellaneous Ad Hoc File Transfer Resources amp p Domain Startup Wed Enable email service amp JDBC Drivers EMAIL SERVER Email HostiP smtp myserver com Port 25 3 Failover v Connectiontype plain F berchi Username user myserver com A JMX Password TTET Debug file TEETE MESSAGE From user myserver com Reply To Test Server Save changes Cancel Enable email service Enables email Email Server Host IP The hostname or IP of the SMTP server Port The port of the SMTP server Connection type The type of connection to use PLAIN indicates a plain text SMTP session SSL and START TLS are encrypted SMTP sessions Consult your SMTP server documentation for details on what connection types are supported Username Optional username to use if SMTP server requires authentication Password Optional password to use if SMTP server requires authentication Debug file Optional debug file for use in debugging SMTP server problems Message From Optional From address used when sending emails This may be overridden by user when performing ad hoc email transfers Miscellaneous Encrypt with PGP key Optional encryption key for use in OpenPGP encrypting outbound email messages Chapter 7 Email transfers 183 184 Email transfers r Sign with PGP key Optional signing key for use in OpenPGP signing outbound email messages Figure 147 Home Ser
135. erform the following using JSCAPE MFT Server Manager 1 Goto Server gt Settings gt Web and enable the HTTP S protocols 2 Inthe Services node for the desired domain click on the Add button The Add Service dialog is displayed 3 Under Protocol select the WebDAV S option Select the protocols you wish to enable WebDAV on 4 Click OK See also Web based file transfers Establishing a connection JSCAPE MFT Server Enterprise Edition has a built in web based WebDAV Java applet that is integrated into the web server This applet allows users to connect via WebDAV without having to install any client software Connect using integrated WebDAV Java applet To connect va WebDAV using the integrated Java applet perform the following steps 1 Load the JSCAPE MFT Server Web Gateway into your web browser 2 Enter login credentials 3 When prompted for User Interface select the Java Applet option and click Login At this point the browser will load the integrated Java applet and automatically connect using the WebDAV protocol Note You may optionally click the Java Applet button from HTML user interface to switch to the Java applet 212 Chapter 13 Command line utilities WebDAV support 14 Connect using 3rd party WebDAV client To connect using a 3rd party WebDAV client you will be prompted for the following information URL The URL Uniform Resource Locator that you want to connect to This generally takes the form of http
136. ername and domain is displayed in upper right Show search If checked searches on indexed documents may be performed Show ASCIl Binary option If checked user has option of uploading files in both ASCII and binary modes If unchecked only binary is allowed by default and user does not have ability to change this setting Show account link If checked the My Account link is displayed in upper right allowing users to change their account contact information AFTP NAT Host The host to use when connecting to AFTP service using Java applet Forms Forms available during file upload when using HTML user interface Resources The current language resource file Language resource files are used for specifying alternative user interface labels based on client browser default language WebDAV S Connection Settings Chapter 3 Server configuration 117 118 Server configuration 3 WebDAV S connection settings may be managed under the Services gt WebDAV S panel Figure 90 Home Serer v Help Logout Domain localhost running amp Statistics Services FTP S SFTP SCP AFTP OFTP TFTP HTTP S WebDAV S 8 Description ik Services Logo FEST Logging lb Reports Change AS2 Messages Logout URL OFTP Messages v Enable Java applet J Datastore Enable web document viewer oi Time Access 7 Show login info Banned Files v Show account link amp Compliance E IP Access Resources 7 DLP amp Connections Apply Disca
137. error occurs lt Back Figure 77 Add Trigger step 2 of 3 Trigger Conditions Enter optional trigger conditions Trigger conditions are defined as a logical expression used to filter events based on event properties Example Hour 5 AND Minute 0 OR Hour 22 AND Minute 30 Expression Hour 5 AND Minute 0 Variables _ Functions Operators _ AND Oe uae Time Expression Test Expression Next gt Cancel See also Event types Adding triggers Chapter 5 Trigger management 141 142 Trigger management 5 Writing conditions Manually executing time based triggers Triggers that use the Current Time event may be executed manually To manually execute a Current Time trigger select the trigger in the Triggers panel and click the Run button The trigger will be immediately executed ignoring any Current Time event conditions Figure 130 Home Serer v Help Logout Domain localhost running AS2 Messages Triggers Recent Settings Actions Functions OFTP Messages 3 Datastore Name Event Type Enabled Condition Actions Time Access File Upload Rename File Upload true Rename File 6 Banned Files 2 Compliance E IP Access a 7 DLP amp Connections Yq Triggers E Authentication amp Users 2 M 4 Page 1 ofli gt X Displaying 1 to 2 of 2 items EJ amp Groups g Reverse Proxies Up Add Edit Copy Run Delete
138. ers local keystore This may be any value of your choice Key file The source certificate public key file path to import from Exporting a host key To export an existing host key certificate or public key open the Key Manager by selecting the Server gt Key Manager option from the main menu The Key Manager will be displayed Select the Host Keys tab select a key and click on the Export button The Export dialog is displayed Figure 158 Chapter 17 Key management 227 228 Key management 17 Home Server 7 Help 7 Logout Server Keys Host Keys ClientKeys PGP Keys Key Expiry Report example_rsa Key algorithm example_dsa Certificate type Version Serial Issuer Subject Valid not after Signature Valid not before RSA X 509 2 2803379338 CN server jscape com OU IT O JSCAPE L Miami ST FL C US CN server jscape com OU IT O JSCAPE L Miami ST FL C US 06 24 2014 06 24 2015 32 3 21 3 a7 8 a5 4e b7 02 a9 e1 06 21 41 69 29 ca 91 5 2c 6a b3 60 71 d1 3d c4 dd 76 3b 65 b7 ea m Import Generate CSR Generate Delete Import Certificates Figure 64 Export Certificate 3 Certificate export Specify certificate file parameters Certificate filename jscape crt Format X509 v i OK i Cancel Certificate file The path to export the certificate to Format The format in which to export certificate Chapter 17 Key manageme
139. es on Date that this account expires leave blank for non expiring account Enable ad hoc email transfers Check to allow user to perform ad hoc email transfers via HTTP interface Authentication Require secured connection Check to force user to login using secure protocol e g FTPS SFTP HTITPS Allow password change Check to allow user to change their password Use phone authentication Check to require user to use two factor phone authentication Ignore password aging rules Check to disable password aging rules for this user Client keys Optional public keys bound to this user for purposes of public key authentication in SFTP SSH protocol Assigning domain administrators A domain administrator can manage and create users using the account management features available in the web interface To assign domain administration privileges for a user go to the Users node for the desired domain select the user you wish to assign domain administration rights to click the Edit button and go to the Domain Administration tab Figure 114 Chapter 3 Server configuration 79 80 Server configuration i Edit test User B Edit User Specify user parameters Info Paths Quotas IP Access Domain Administration Web on V Allow domain administration GENERAL E Allow management of non owned users A F Max number of owned users 1 aft F Allow usage of system OpenPGP keys m F Allow management of public cont
140. esired domain Add IP access rule IP_ mask examples Chapter 3 Server configuration Server configuration Home Server v Help Domain localhost running M Time Access S Banned Files 3 Compliance IP Access 7 DLP s Connections Ye Triggers E Authentication amp Users amp 8 Groups Be Reverse Proxies 3 Directory Monitors Drop Zones URL Branding a2 Trading Partners m IP Access IP Mask 2 K Logout 4 Page 1 of1 IP Mask The IP address mask Figure 29 Access Indicates whether access is allowed or denied Reason The reason access is allowed or denied Access rules are processed in the order listed For each connection the first matching access rule will be Access allowed allowed Reason default access default access Displaying 1 to 2 of 2 items Add used Therefore it is important that the access rules be ordered correctly to prevent a user from being mistakenly denied or granted access You may use the Up and Down buttons to order these access rules to suit your needs Add IP access rule To add an access rule click on the Add button in the lower right corner This will display the Add IP Access Rule dialog Chapter 3 Server configuration Figure 30 107 108 Server configuration Add IP Access Rule IP Access Rule Specify IP access rule parameters IP mask 10 1 1 1 Reason Access allowed Access denied OK IP mask
141. essage is processed Asynchronous MDN receipts are sent to JSCAPE MFT Server over HTTP S via the URL http s host port as2 receipts where host and port are the IP address and port that the JSCAPE MFT Server AS2 service is listening on Note when using asynchronous mode it is important that the IP address that your AS2 senice is listening on is publicly available If for example you are using the special address 0 0 0 0 or an internal NAT address then you will need to instruct JSCAPE MFT Server to use a different address when sending out asynchronous MDN URL otherwise the recipient may not be able to post the MDN receipt This can be achievedin Server gt Settings gt Web gt Miscellaneous gt Server name setting this value to the public IP address or hostname of your JSCAPE MFT Server instance Prefer HTTPS receipt delivery URL If checked default then the URL provided for asynchronous MDN receipts will use HTTPS senice if available Receipt signature required If checked then recipient must respond with an MDN receipt Receipt timeout The timeout for receiving an MDN receipt This applies to synchronous mode only Encryption key The public key certificate to use for encrypting AS2 messages This is sourced from Host Keys panel in Key Manager Encryption algorithm The encryption algorithm used for encrypting AS2 messages Signing key The private key to use for signing AS2 messages This is sourced from Server Keys
142. ficate issued to you by your CA If your certificate did not come with an intermediate certificate you may skip these steps 1 Open your signed certificate and intermediate certificate files using a text editor e g notepad or vi 2 Copy the full contents of the intermediate certificate and append to the end of signed certificate file 3 Save signed certificate and continue with process of importing signed certificate Figure 78 Chapter 17 Key management Key management 17 Import Certificates B Certificates import Specify certificates file parameters Certificates fle Browse jscape crt File password Alias in file OK Cancel Certificates file The file containing signed certificate File password The password protecting certificate Leave blank if none Alias in file The certificate alias in file Leave blank if none Verifying signed certificate Upon successfully installing your signed certificate you can verify that it is working by connecting using any HTTPS or FTPS client and viewing the certificate details You should notice in the certificate details that the CA is listed as a trusted authority for the certificate Importing third party certificates If you have your JSCAPE MFT Server server private key signed by a certificate authority CA such as Thawte Verisign or JSCAPE you may import the issued certificate using the Import Certificates button Note Some CA issue an intermediate certificate i
143. filter gt a quoted regular expression lt di rect or y gt a quoted relative directory name or absolute path Example cd jsm th Sets transfer mode to ASCII or binary lt mde gt a quoted transfer mode of ascii or binary Uploads local files in current working directory matching filter to remote server lt filter gt 151 152 Trigger management msg lt message gt prompt lt vari abl enanme gt lt prompt gt prompt mask lt vari abl ename gt lt pr onpt gt put lt file gt lt desti nati on gt putdir lt directory gt Chapter 5 Trigger management 9 a quoted regular expression default the console is the current debug stream and debugging is enabled Prompts user to enter a value to be read from the command line and stores this value in the variable name used in the first argument The value stored in this variable is then available for use later in the Prompts user to enter a value to be read from the command line and stores this value in the variable name used in the first argument The value stored in this variable is then available for use later in the script Value entered is masked to user Uploads local file to remote server lt file gt a quoted relative filename or absolute path lt desti nati on gt optional quoted remote filename or absolute path to store file as Example put c tmp logs txt Example put c tmp logs txt nyl ogs txt Uploads
144. for HTTP and WebDAV services Click Apply to save settings Figure 125 Chapter6 Web based file transfers Web based file transfers Home Server v Domain localhost running E Statistics amp Description as Services Logging ilu Reports AS2 Messages OFTP Messages J Datastore mi Time Access Banned Files 2 Compliance EB IP Access 7 DLP Connections Ye Triggers E Authentication amp Users Home Server v Help Logout Services FIPIS SFTPISCP AFTP OFTP TFTP HTTP S WebDAV S Ul i FEZES 7 Show buttons shortcuts 7 Show login info v Show search 7 Show ASCII Binary option T Show account link Resources MISCELLANEOUS Change Connection timeout 10 a min Logout URL E Enable auto logout after 1 zs min of inactivity with 710 is sec warning E Enable self registration with user template Default v Enable web document viewer Help Logout Domain localhost running Figure 126 m E Statistics amp Description ak Services Logging ly Reports 25 AS2 Messages OFTP Messages J Datastore mi Time Access Banned Files amp Compliance E IP Access 7 DLP amp Connections Ye Triggers E Authentication Senices FTP S SFTP SCP Logo Logout URL V Enable Java applet Enable web document viewer Show login info Show account link Resources Stop Pause Usage AFTP OFTP TFTP HTTP S
145. from end of domain log Pause Resume Log Pauses resumes running view of log Reporting on log data To create a report click on the Reports node for the desired domain A list of existing reports will be displayed Figure 38 Home Server v Help Logout Domain localhost running E Statistics Reports amp Description de Senices Name Date Description Search Status Toe Weekly Report 6 25 2015 9 25 11 AM success 2 Logging i Reports AS2 Messages m OFTP Messages B Datastore BannedFiles amp Compliance SIP Access g 1 z H 4 Page i joff b gt WH OQ Displaying 1 to 1 of 1 items Your s2 Connections Refresh Add Ye Triggers Authentication B i D o zj 4 Chapter 3 Server configuration 69 70 Server configuration 3 Name The name of the report Date The date the report was created Description The report description Search The optional search result used to generate this report Status The percentage of report completed Refresh To refresh the current report view and update report status Add Add a report Edit Edit a report View View selected report Re run Re run selected report Delete Delete selected report Adding a report Click on the Add button The Add Report dialog is displayed Figure 45 Chapter 3 Server configuration Server configuration 3 Add Report
146. g Fix Resolved issue with users being unable to use WebDAV Java applet when username contain symbol Bug Fix Resolved issue with saving directory monitors Bug Fix Resolved issue with LDAP authentication modules where LDAP port value was overridden with LDAP timeout value Chapter 1 Introduction Introduction 1 Bug Fix Resolved issue with js adduser command line utility where user password change rights were not matching that of the template used Bug Fix Updated regular expression for US SSN to prevent identifying certain credit card data as US SSN Bug Fix Resolved issue with password history not working correctly in some unique cases Bug Fix Resolved issue with PGP encrypted virtual directories not working correctly Bug Fix Resolved issue with importing and using PGP public keys Bug Fix Resolved issue with default web view for accounts Bug Fix Resolved issues in Zip Directory and System Configuration Backup actions that resulted in invalid ZIP archives being created Bug Fix Resolved internal error message when trying to add a virtual path via web interface Bug Fix Resolved issue experienced in some accounts requiring a password change on first time login Bug Fix Resolved issue with Ad Hoc File Transfer action where incorrect port value of 0 may be used if email url host value is set but email url port value is not set Bug Fix Resolved issue where incorrect error message displayed if user is denied access due to use
147. g Partners Add Edit Purge Delete amp Contacts Stop Pause Resume Click the Add button The Add Drop Zone dialog is displayed Figure 136 Add Drop Zone x i Add Drop Zone Specify drop zone parameters Name dropzone Path dropzone User test v URL branding v W Create directory if not found Overwrite file if exists URL dropzone 80a8sf6fe OK Cancel Name A unique name to assign to the drop zone Path The virtual path for the account that files uploaded to drop zone will be placed in Chapter6 Web based file transfers Web based file transfers 6 User The user that this drop zone is mapped to Owner The optional domain administrator who owns this drop zone URL branding The optional URL branding to apply to this drop zone If set the logo for the URL branding will be used when accessing the drop zone Create directory if not found If virtual path for account is not found then it will be created when drop zone is first accessed Overwrite file if exists If file with same name exists in Path then file will be overwritten otherwise a unique sequential identifier will be added to filename URL The relative URL that is assigned to the drop zone This is unique and is automatically generated Purging a drop zone You may purge files from a drop zone as needed This will effectively delete all files in the drop zone for the mapped account virtual path Use this with e
148. go to Server gt Settings gt Failover panel Figure 93 Chapter 3 Server configuration 119 120 Server configuration 3 Home Server Help Logout E Manager Service Failover IP Substitution amp Domain Startup FAILOVER SERVER Web HostiP localhost JDBC Drivers Port 10880 gt Timeout sec 10 S Email Username 2 Failover i Password amp Search Index A JMX Start domain services after synchronization Enable automatic failover server synchronization Synchronize State Save changes Cancel Enable automatic failover synchronization Check to enable automatic synchronization of configuration files to failover server upon any change on production server Host IP The hostname or IP address of the failover server Port The port running the JSCAPE MFT Server Service on the failover server Timeout The timeout for connecting to failover server Username The JSCAPE MFT Server Service username for the failover server Password The JSCAPE MFT Server Service password for the failover server Start domain servces after synchronization Check to start domain and services on failover machine after synchronization Enable automatic failover server synchronization Check to automatically synchronize configuration data to failover server when changes are made IP Substitution IP mapping which replaces all Services matching specified IP with corresponding Substitution IP during synchronizatio
149. he directory containing the ZIP file you placed on your server unzip install zip 3 Configure Administration Service Go to the JSCAPE MFT Server installation directory located in the JSCAPE_MFT_Server directory relative to where the unzip command was executed and run the following command server configuration host ip address port port rest host ip address rest port rest port user username password password For example server configuration host 0 0 0 0 port 10880 rest host 0 0 0 0 rest port 11880 user admin password secret This will configure your JSCAPE MFT Server Serice where ip address and port are the IP port that you want the JSCAPE MFT Server Senice to listen on rest port is the port that you want the REST web servce to listen on and username password are the credentials you will use when connecting to the service This service is what you will connect to using the JGCAPE MFT Server Manager to manage your server Defaults ports for JSCAPE MFT Server Service and REST web service are 10880 and 11880 respectively Note the IP address 0 0 0 0 is a special address that instructs the service to listen on all available network interfaces 4 Startup JSCAPE MFT Server Service From the JSCAPE MFT Server installation directory run the following command start_service sh The JSCAPE MFT Server Service should now be running To connect to this service and manage your server see the follo
150. he trigger 4 Select the trigger and click Run to verify that the backup archive is created successfully This archive may be used for disaster recovery purposes Note unlike the manual backup the System Configuration Backup action attempts to save space by only including necessary files in it s archive The archive will include the following files tg dat vmoptions slic F E Chapter 3 Server configuration Server configuration 3 and the following directories users domains relative to the installation directory specified in the System Configuration Backup trigger action Overview AS2 Applicability Statement 2 is a specification for sending messages securely and reliably using HTTP S JSCAPE MFT Server provides support for both sending and receiving AS2 messages Enabling AS2 AS2 runs over HTTP S In order to enable AS2 you must first enable the HTTP S service s in JSCAPE MFT Server See Enabling web based file transfers To enable AS2 go to Server gt Settings gt Web gt AS2 panel in JSCAPE MFT Server Manager check the Enable AS2 option and set the required parameters Figure 165 Home Server v Help Logout E Manager Service Web REST AS2 Miscellaneous Resources Web Document Viewer jp Domain Startup 7 Enable AS2 Web MESSAGES JDBC Drivers Datastore Settings Email Decryption key example_rsa v 3 Failover Receipt signing key example_rsa v Receipt signature algorithm SHA1 with RSA v a
151. he unit within the users organization that this key will be used for e g IT Organization The users organization name Locality The users city State Province The users state or province Country The users 2 character country code e g US Step 2 Export private key Exported file may be imported by FTPS and SFTP clients for optional use in client authentication Figure 68 Export Private Key X Private key export Specify key file parameters Key filename jsmith prv Password eccece Password confirmation Format PEM v OK Cancel Key file The file you wish to export private key to Password The password used to protect private key Leave blank for no password Format The format in which you wish to export private key Chapter 17 Key management 231 232 Key management 17 Importing a certificate and or public key You may import existing certificates or public key for use in authenticating secure client connections using FTPS FTP over SSL and SFTP FTP over SSH connections or encrypting files using OpenPGP To import an existing certificate or public key open the Key Manager by selecting the Server gt Key Manager option from the main menu The Key Manager will be displayed Select the Client Keys tab and click on the Import button The Import dialog is displayed Figure 69 Import Public Key X Public key import Specify key file parameters Key alias Key file jsmith Choose File jsmi
152. hostname port webdav or https hostname port webdav for SSL encrypted connections Username The username to connect with This should be in the format of username domain where username is the user you are logging in as and domain is the JSCAPE MFT Server domain you wish to login to Password The password to connect with See also Web based file transfers Overview In the context of JSCAPE MFT Server a Reverse Proxy consists of all the necessary properties for connecting to a remote FTP FTPS SFTP server The power of reverse proxy lies in it s ability to be mapped to a virtual path for a user or group This is useful in cases where you want to transparently provide users access to one or more remote FTP FTPS SFTP services via a single account See also Creating a reverse proxy Mapping a reverse proxy to a virtual path Creating a reverse proxy You may create a reverse proxy using the JSCAPE MFT Server Manager To view a list of reverse proxies click on the Reverse Proxies node for the desired domain Figure 48 Chapter 14 WebDAV support 213 214 Reverse proxy management Home Server v Help Logout Domain localhost running Reverse Proxies Banned Files amp Compliance Name Protocol HostiiP Port Username Details ene i ee a a a y DLP amp Connections Ye Triggers E Authentication amp Users amp Groups fy Reverse Proxies 3 Directory Monitors 1j 4 Pagel1 Jott gt woj
153. hts at 48 CFR 52 227 19 as applicable GENERAL PROVISIONS This License Agreement may only be modified in writing signed by you and an authorized officer of JSCAPE If any provision of this License Agreement is found void or unenforceable the remainder will remain valid and enforceable according to its terms If any remedy provided is determined to have failed for its essential purpose all limitations of liability and exclusions of damages set forth in the Limited Warranty shall remain in effect This License Agreement shall be construed interpreted and governed by the laws of the State of Delaware U S A This License Agreement gives you specific legal rights you may have others which vary from state to state and from country to country JSCAPE reserves all rights not specifically granted in this License Agreement TECHNICAL SUPPORT AND UPGRADES Technical support and upgrades is available to all registered users free of charge for a period of one year after date of purchase All technical support questions are to be submitted to the JSCAPE help desk available online at http help jscape com for a prompt reply Following the first year of use users may optionally purchase an annual maintenance agreement Subscription which entitles them to another year of free upgrades and technical support The rate for Subscription is 30 of the current license fee CUSTOM DEVELOPMENT JSCAPE may on occasion collaborate with you on the development of ne
154. i ut Domain localhost running Statistics Services FTP S SFTP SCP AFTP OFTP TFTP HTTP S WebDAVIS amp Description ik Services Protocol HostIP Pot Key Details AS2 HTTP 0 0 0 0 HTTPS 0 0 0 0 HTTP 8080 HTTPS 8443 Logging FTP explicit SSL 0 0 0 0 21 example_rsa me Cepot HTTP HTTP 0 0 0 0 HTTPS 0 0 0 0 HTTP 8080 HTTPS 8443 AS2 Messages SFTP SCP 0 0 0 0 22 example_rsa auth password OFTP Messages 3 Datastore 9 Time Access 8 Banned Files 2 Compliance E IP Access J DLP amp Connections Add Ye Triggers Protocol The service protocol Available protocols are AFTP AS2 FTP S HTTP S OF TP SFTP SCP TFTP WebDAV S Chapter 3 Server configuration Server configuration 3 Host IP The IP address that this service will listen on Port The port that this service will listen on Key The private encryption key that this service will use for encrypted communications Details Any additional details for this service Service types AFTP Accelerated File Transfer Protocol developed by JSCAPE Runs on top of UDP protocol and provides fast file transfers over networks with high latency and or packet loss characteristics AS2 Accepts incoming AS2 messages FTP regular Accepts standard unencrypted FTP connections FTP explicit SSL Accepts both standard unencrypted FTP connections and encrypted explicit SSL connections using AUTH TLS or AUTH SSL client commands FTP forced explicit SSL
155. ia email to the corresponding account representative for further processing Authenticate users against existing LDAP NTLM Active Directory PAM or relational database servers This greatly simplifies the integration process especially in organizations with a large number of users Using triggers you can define one or more actions to be executed in response to matching events and event conditions More than 80 built in actions allow you to do everything from compress files OpenPGP encrypt files send emails and more While this may be enough for most organizations the Action API is a Java based API that allows you to define your own actions should you have more specialized needs For example let s say that you need to parse a PDF document upon upload and communicate the parsed data to another server via JMS This can be easily accomplished using the Action API REST API are available for both client and administrative users Using the REST API users can do everything from performing file transfers to managing the server Large file transfers over the Internet are subject to occasional failure due to network related issues the event of a failed file transfer checkpoint and restart support allows you to restart the transfer from the last byte of data successfully transferred versus re transferring the entire file This is critical in organizations that transfer very large files or have service level agreements with customers to tra
156. ication class field Figure 86 Chapter 3 Server configuration Server configuration Home Serer v Help Logout Domain localhost running 3J Datastore Authentication Two Factor Phone Authentication Web SSO 09 Time Access Banned Files Service type custom authentication v amp Compliance 5 IP Access Authentication class com jscape authentication MyAuthentication 7 Create user if not found using template Default v DLP E Convert username before creation to lowercase wv amp Connections Yq Triggers Authentication Test Parameters amp Users amp Groups eg Reverse Proxies Apply Discard 3 Directory Monitors Drop Zones M URE rent Authentication class The custom authentication class name Create account if not found using template This allows for accounts to be created automatically upon successful authentication If selected an account will be created automatically if it does not exist already using the specified User Template Convert username before creation to If enabled the username supplied will be converted to specified case before passing username to specified User Template Example package test jscape import com jscape inet mft subsystems authentication AuthenticationException import com jscape inet mft subsystems authentication Credentials import com jscape inet mft subsystems authentication AuthenticationService Example class
157. ich consists of an easy to use file transfer scripting language that may be used in triggers Enhancement Added Check Email action which checks for email against a POP or IMAP account stores original message to a directory and extracts any attachments from message and stores these toa separate directory Enhancement No longer necessary to specify driver class for JDBC database drivers Enhancement Added debug logging support to network related actions such as Send Email Ftp File Upload Sftp File Upload etc Bug Fix Fixed JSCAPE MFT Server Web Gateway compatibility issues with IE 5 2 and Safari browsers in Mac OS X Release 2 0 November 2 2006 Enhancement Added support for triggers and over 30 different actions Enhancement Added reporting module to report on log data Enhancement Added ability to add remote FTP resources and map those resources to virtual paths Enhancement Added ability to import existing keys stored in PKCS 12 files Release 1 2 August 16 2006 Enhancement Added JSCAPE MFT Server Web Gateway component to accept web based FTP connections Enhancement Added JavaHelp to JSCAPE MFT Server Manager Enhancement Added service configuration script to be placed in etc init d directory of UNIX environments to assist in auto starting Enhancement Changed logging format to use W3C for improved reporting capabilities Enhancement Added ability to specify log rotation period Enhancement Changed data serializa
158. ider and encryption algorithm to use for starting up the JSCAPE MFT Server Service Using a text editor update the following files relative to the installation directory as follows ssl cfg algorithm Ibmx509 provider IBMJSSE2 webapp filetransfer META INF Owasp CsrfGuard properties org owasp csrfguard PRNG IBMSecureRandom org owasp csrfguard PRNG Provider IBMJCE webapp management META INF Owasp CsrfGuard properties org owasp csrfguard PRNG IBMSecureRandom org owasp csrfguard PRNG Provider IBMJCE Upon saving changes to these files restart the JSCAPE MFT Server Service so the changes may take effect Additional libraries needed for OpenPGP If you are planning to use the OpenPGP features that are included as part of JSCAPE MFT Serer then you may need to install the JCE Unlimited Strength Jurisdiction Policy Files distributed by Oracle OpenPGP features may work without this process but only for PGP keys of limited strengths Due to export restriction the version of the policy files bundled by default with the JDK allow strong but Chapter 2 Installation 49 50 Installation 2 limited cryptography to be used The unlimited strength policy files contain no restrictions on the cryptographic strengths Download Unlimited Strength Jurisdiction Policy Files http www oracle com technetwork java javas e downloads jce 6 download 429243 html JVM 1 6 http www oracle com technetwork java javase downloads jce 7 downloa
159. igger management Home Server v Help Logout Domain localhost running 29 AS2 Messages Triggers Il Recent Settings Actions Functions 5 OFTP Messages 3J Datastore Name E Time PEER File Upload Rename File Upload true Banned Files 2 Compliance E IP Access rie amp Connections Ye Triggers amp Users 1 m Page 1 Jott gt nl o Event Type Enabled Condition Actions Rename File Displaying 1 to 1 of 1 items 6 Groups g Reverse Proxies 3 Directory Monitors amp Drop Zones Stop Pause To add a trigger click on the Add button in the lower right corner The Add Trigger wizard will be displayed Figure 35 m Add Trigger step 1 of 3 f Add Trigger Specify trigger parameters Name File Upload Rename Event type File Upload Description E Ignore trigger events while domain is stopped lt Enabled Run asynchronous lt Fire Trigger Error event if an error occurs lt pac Next gt Cancel Name A unique name identifying this trigger Event Type The type of event you want to listen for Description Description of this trigger Chapter5 Trigger management 137 Trigger management 5 Enabled Enables disables trigger Fire Trigger Error event if error occurs If an error occurs while executing any of the actions asso
160. iggers E Authentication Test Parameters amp Users amp Groups By Reverse Proxies Apply Discard 3 Directory Monitors Drop Zones URL Branding Host The IP address of Windows domain controller Windows domain The name of the Windows domain to which users belong Chapter 3 Server configuration 87 88 Server configuration 3 Create account if not found using template This allows for accounts to be created automatically upon successful authentication If selected an account will be created automatically if it does not exist already using the specified User Template Convert username before creation to If enabled the username supplied will be converted to specified case before passing username to specified User Template PAM Authentication Using PAM Authentication you may authenticate against an existing UNIX PAM user repository In order to use the PAM Authentication module you must install some native libraries that allow JSCAPE MFT Server to communicate with your PAM user repository 1 Download the JPam library for your operating system 2 Copy the native library to the Java Native Libary Path See the Native Library Installation Location table for details Note Step 1 in the JPam instructions should be ignored as the jpam jar file already exists in the Libs directory of your JSCAPE MFT Server installation Additionally JPam instructions state you may optionally place native library in same directory as the
161. import h display this help menu s skip bad lines f js importcontacts command is run without options then user will be prompted for necessary information File Format Import file should be plain text with comma separated values and each contact on a new line Non required fields may be omitted Column Column Description Required Example fh The full name of contact Nes__Heh Smith The contact email jsmith domain com EO B the contact compan E E ABC Corp O The login of contact admin owner Example John Smith jsmith domain ABC Corp admin Henry Jones hjones domain XYZ Corp jS importusers The js importusers command may be used to perform bulk import of users stored in CSV file format Usage js importusers options Options d lt name gt the domain name f lt path gt file to import t lt name gt an account template s skip bad lines h display this help menu If j s importusers command is run without options then user will be prompted for necessary information File Format Chapter 13 Command line utilities 205 206 Command line utilities 1 3 Import file should be plain text with comma separated values and each user on a new line Non required fields may be omitted Column Column Description Required Example te ee eat sare A lt Wee ces E r user root login path Yes No not required if e olate is used 5 fhe user email address No__ ljsmith domain com c
162. in of inactivity with 10 E Authantication IF Fnahle self renistratinn with user temnlate Mofauit Stop Pause Change Logo The logo displayed in upper left corner when using HTML user interface Chapter6 Web based file transfers m Web based file transfers 6 Logout URL The URL to redirect user to upon clicking Logout link Connection timeout The connection timeout for HTTP requests in minutes Enable automatic logout If checked user will be automatically logged out after X minutes of inactivity with grace period of Y seconds Enable web document viewer If checked web document viewer is enabled Enable ad hoc file transfers If checked ad hoc file transfers will be enabled for the domain Show buttons shortcuts If checked button shortcuts e g F2 F5 F7 are displayed on buttons Show login info If checked the current username and domain is displayed in upper right Show search If checked searches on indexed documents may be performed Show ASCIl Binary option If checked user has option of uploading files in both ASCII and binary modes If unchecked only binary is allowed by default and user does not have ability to change this setting Show account link If checked the My Account link is displayed in upper right allowing users to change their account contact information AFTP NAT Host The host to use when connecting to AFTP service using Java applet Forms Forms available during file uploa
163. ion details in JSCAPE MFT Server Manager Beneath this zone you should see a Users folder that lists all the users for this system You may have other folders in this directory Please make note of the folder that contains the users you wish to authenticate with as this will be needed when constructing your User DN Setting Authentication Details Using JSCAPE MFT Server Manager go to the Authentication node and set the Service type to LDAP authentication Enter the connection details for your Active Directory service Figure 61 Chapter 3 Server configuration Server configuration Home Server v Help Logout Domain localhost running noa Authentication Two Factor Phone Authentication Web SSO ou Time Access Banned Files Service type LDAP authentication v 2 Compliance E IP Access jag 92 168 1 1 Port 3 E J DLP Timeout 30 sec amp Connections User DN username ad domain com Y Triggers E Use SSL connection Aaaa E Allow anonymous binding 4 Create user if not found using template Default v amp Users Convert username before creation to lowercase v amp 8 Groups Use failover server fg Reverse Proxies FAILOVER SERVER 3 Directory Monitors Host Drop Zones Port S URL Branding Host The hostname or IP address of the LDAP service Port The port of the LDAP service Timeout The connection timeout when connecting to LDAP service User DN The users distinguished name for authenticating with
164. ional FTP SFTP clients as a browser based platform independent application there is no software to install or maintain drastically reducing the total cost of ownership Additionally since JSCAPE MFT Server Web Gateway runs over HTTP S it bypasses many firewall restrictions while still maintaining the highest level of security See also Enabling web based file transfers Web user interface Customizing the web interface Enabling web based file transfers JSCAPE MFT Server includes JSCAPE MFT Server Web Gateway a browser based file transfer client for performing file transfer sessions with JSCAPE MFT Server JSCAPE MFT Server Web Gateway has all the common functions of a file transfer client without having to go through the trouble and expense of installing file transfer client software on your end users computers Additionally since JSCAPE MFT Server Web Gateway communicates via HTTP S you can easily give your users secure file transfer capabilities without having to deal with complex customer firewall issues often associated with FTP SFTP protocols Step 1 Enable HTTP S services Go to the Server gt Settings gt Web node Here you will find a set of options for enabling HTTP S services Figure 19 Chapter 5 Trigger management 159 160 Web based file transfers 6 Home Serer v Help v Logout E Manager Service Web REST AS2 Miscellaneous Resources Web Document Viewer amp Domain Startup WEB SERVER W
165. ions Yj Triggers Authentication amp Users 6 Groups fg Reverse Proxies 3 Directory Monitors 1 z 4 4 Pagela Joi gt i Drop Zones URL Branding S Trading Partners amp Contacts Stop Pause Add URL Branding Add URL Branding Specify URL branding parameters Name jscape Logo logo jpg Owner URL allocalhostjscape Displaying 1 to 1 of 1 items Add Edit Logo Delete Click the Ada button The Add URL Branding dialog is displayed Figure 138 v OK Cancel Name A unique alpha numeric name used to identify this URL branding instance This name will be used in generating the URL used for accessing the login page Logo The logo to display in login and subsequent pages when accessing and logging in via URL Owner Optional owner field This may be set to a domain administrator If the domain administrator has Chapter6 Web based file transfers Web based file transfers 6 rights to manage URL branding instances then they will be able to manage this URL branding instance from the web interface URL The URL to use to access this URL branded instance Searching and tagging documents Using JSCAPE MFT Server Web Gateway you can search documents based on their indexed file contents filename filesize last modified date or keyword tags that you associate with documents Searching documents Figure 140 JSCAPE Secure FTP Server Web Mozilla Firefo
166. ith the specified path or below Allow assignment of groups to users If checked user can assign a user to a group Allow assignment of reverse proxies to user virtual directories If checked user can map wirtual directories to a reverse proxy Allow enabling of phone authentication for users If checked then user can enable disable the Use phone authentication option for users Drop Zones URL Branding Allow management of drop zones If enabled then user can create drop zones Allow management of URL brandings If checked then user can create URL branding links Max number of drop zones The maximum number of drop zones that user can create Max number of URL brandings The maximum number of URL branding links that user can create See also Web user interface Setting authentication preferences Users may authenticate with JSCAPE MFT Serer using a variety of different authentication protocols To view the current authentication method used click on the Authentication node for the desired domain Domain User Authentication Database User Authentication Database Query Authentication LDAP User Authentication LDAP Query Authentication LDAP Filter Grammar NTLM Authentication PAM Authentication Custom User Authentication Password Hashing Phone Authentication Web SSO Domain User Authentication Domain User Authentication is the most basic form of authentication authenticating against local user accounts created for th
167. ivity to a directory or database to log activity to a JDBC accessible database Directory The directory where to store log files file log File rotation The frequency in which to rotate log files file log Starting a domain Using JSCAPE MFT Server Manager select the domain you wish to start and click the Start button located in the lower left of your screen Figure 6 Home Serer v Help Logout Dashboard Server Domains Network Interfaces Uploaded Downloaded Quota Domain Name State Current Con Current Tran Total Conne Start Date Stop Date Bytes Files Bytes Files Uploads Downloads Transfers Start Stor P Re Add Edit Status Delete Chapter 3 Server configuration Server configuration Stopping a domain Using the JSCAPE MFT Server Manager select the domain you wish to stop and click the Stop button located in the lower left of your screen Figure 133 Home Serer v Help Logout Dashboard Server Domains Network Interfaces Uploaded Downloaded Quota Domain Name State Current Con Current Tran Total Conne Start Date Stop Date Bytes Files Bytes Files Uploads Downloads Transfers Stop Pause Resume Add Edit Status Delete Viewing domain status Using the JSCAPE MFT Server Manager select the domain you wish to view status for Each column for the selected domain provides information on it s status For additional information you may click the Status button Figure 133 Home Serer v Help Logout Dashboard Server Domains Network In
168. ld in comma delimited format e g value1 value2 value3 Capturing upload form data Upload form data can be captured by listening for the File Upload event in a trigger There are two event properties in each File Upload event that you can use to detect whether form data was submitted and the form used FormDataFound Whether or not form data was included as part of file upload UploadFormName The name of the upload form used if form data is found Form field information can be captured using the event property UploadForm UploadFormName UploadFormFieldName For example if you have a form named Comments with a field named Feedback then the event property to get this field would be UploadForm Comments Feedback Chapter6 Web based file transfers Web based file transfers 6 Enabling web document viewer JSCAPE Web Document Viewer is available as port of the Enterprise Edition of JSCAPE MFT Server product JSCAPE Web Document Viewer simplifies content distribution by embedding a document viewer in the JSCAPE MFT Server web interface allowing users to vew documents on the server without having to download files locally or have supporting software installed Note JSCAPE Web Document Viewer may only be used to view files that physically reside on the server Files that are located on another server and are accessible via a reverse proxy are not visible when using JSCAPE Web Document Viewer Installation and Configuration Usage Su
169. les and folders on server using drag and drop Added a Disable Inactive Accounts action Added column sorting support to Recent tab in Triggers module Added ability to force a user to change their password upon first login via web interface Added optional Time Expression dialog for use in creating scheduled triggers when using Current Time event Enhancement Updated a number of file transfer related actions in Triggers module moving advanced connection parameters to an Advanced tab Bug Fix Fixed issue where AFTP UDP and AFTP TCP services could not listen on the same port Release 7 2 Apr 18 2011 Enhancement Added experimental AFTP Accelerated File Transfer Protocol service designed to provide file transfers over low latency networks using UDP or TCP protocols Enhancement Added support for SCP protocol to SFTP service Enhancement Added status of domain next to domain node Enhancement Added ability to pause a domain in order to stop accepting new connections Enhancement Added js copyusers utility that allows for copying or migrating users from one domain to another Enhancement Added ability to specify a private key for for SFTP Reverse Proxy and client certificate for FTPS Reverse Proxy Enhancement Added server vmoptions to System Configuration Backup action Enhancement Added a js importcontacts utility for importing contacts Enhancement Added NewAccount attribute to Account Updated event in order t
170. local directory recursively to remote server lt di rect ory gt Trigger management rename lt path gt lt desti nati on gt set lt vari abl enarme gt lt val ue gt Chapter 5 Trigger management a quoted relative directory name or absolute path Example putdir logs Example put dir c tnp l ogs Renames file on remote server lt pat h gt a quoted relative or absolute file or directory path lt desti nati on gt a quoted relative or absolute file or directory path Example rename I ogs txt logs txt old Example rename var l ogs logs txt var l LI txt ol d Creates a user defined variable for use within a script lt vari abl ename gt A variable name used to reference the variable Must begin with a letter and may be followed by 0 or more letters or digits lt val ue gt The value the variable name represents Valid values include boolean values of true or false any valid integer or any quoted string Example set myNunber Vari able 12 Example set nyBool eanVari able true Example set nyStringVari able testing 1 2 3 153 154 Trigger management Variables created may later be referenced using the lt variablename gt notation Example set myNunber Vari able 12 msg value of aaan able is nber V bl e set aftpcompressi on lt bool ean gt Specifies whether streaming compression is enabled lor disabled in AFTP connections By default compression i
171. located in the DMZ and a private server located behind your firewall IP Access Rules Lock down your server using access rules based on client IP address Virtual File System Define a virtual file system users and permissions without having to create users or permissions at the operating system level Multiple Domains Create multiple virtual servers each with it s own set of users and permissions Remote Administration Securely manage your server remotely from anywhere in the world Server and Account Management API Java based API for integrating account and server management functions within external applications System requirements e Oracle Sun or IBM JVM Java Virtual Machine 1 6 or above e Windows XP 2003 Vista 2008 7 2012 Mac OS 10 x Solaris Linux Linux Z OS and AIX 5 x 6 x 7 x platforms e Current and previous Current 1 versions of IE Firefox Safari and Chrome browsers Evaluation license limitations The Evaluation Edition of JSCAPE MFT Server is fully functional offering all features found in the Enterprise Edition yet is limited to 3 users connections and 1 domain Chapter 1 Introduction 3 Introduction 1 To purchase the Professional or Enterprise Edition of JSCAPE MFT Server please go to http www jscape com secureftpserver purchase html to purchase a license or submit a ticket to the Help Desk for licensing assistance Upgrading Existing users of commercial editions of JSCAPE MFT Server are e
172. lt value gt ftp type regular explicit SSL forced explicit SSL implicit SSL k lt alias gt server key h display this help menu If js addserviceftp command is run without options then user will be prompted for necessary information js addservicehttp The js addservicehttp command may be used to add a HTTP and HTTP S services to JSCAPE MFT Server Usage js addservicehttp options Options d the domain name http enable http true false https enable https true false h display this help menu If s addservicehttp command is run without options then user will be prompted for necessary information js addservicesftp The js addservicesftp command may be used to add SFTP service to JSCAPE MFT Sener Usage js addservicesftp options Options d lt name gt the domain name host lt value gt host address p lt value gt port a lt value gt authentication type password publickey password OR publickey pass word AND publickey k lt alias gt server key h display this help menu If js addservicesftp command is run without options then user will be prompted for necessary information Chapter 13 Command line utilities 201 202 Command line utilities 1 3 js addservicewebdav The js addservicewebdav command may be used to add WebDAV service to JSCAPE MFT Server Usage js addservicewebdav options Options d the domain name http enable http true false
173. mand from within the installation directory This will reconfigure the host port and credentials used for the administrative service 12 Restart JSCAPE MFT Server Service and JSCAPE MFT Server Manager Additional Notes 1 If you are managing your server remotely it is IMPORTANT that both the version of JSCAPE MFT Server Manager used matches the version of JSCAPE MFT Server you are managing 2 Any logos or text label settings that you have made to web interface WILL NOT be migrated during upgrade process License JSCAPE MFT SERVER LICENSE STATEMENT AND LIMITED WARRANTY IMPORTANT READ CAREFULLY This license statement and limited warranty constitutes a legal agreement License Agreement between you either as an individual or a single entity and JSCAPE LLC JSCAPE for the software product Software identified above including any software media and accompanying on line or printed documentation BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE YOU AGREE TO BE BOUND BY ALL OF THE TERMS AND CONDITIONS OF THE LICENSE AGREEMENT Upon your acceptance of the terms and conditions of the License Agreement JSCAPE grants you the right to use the Software in the manner provided below This Software is owned by JSCAPE and is protected by copyright law and international copyright treaty Therefore you must treat this Software like any other copyrighted material e g a book except that you may either make one copy of the Sof
174. me Access Apply Discard 6 Banned Files amp Compliance E IP Access J DLP amp Connections Ye Triggers Connection channel timeout min The time in minutes that client channel TCP connection may remain inactive before server forcefully disconnects client Data channel timeout min The time in minutes that client data UDP connection may remain inactive before server forcefully disconnects client Max loss list size The maximum number of lost blocks of data that may exist in memory for a client session SSL Ciphers The SSL ciphers to enable for AFTP serices OFTP Connection Settings OFTP connection settings may be managed under the Services gt OFTP panel Figure 192 Chapter 3 Server configuration Server configuration Home Serer v Help v Logout Domain localhost running F Statistics Services FIPIS SFTP SCP AFTP OFTP TFTP HTTP S WebDAV S 8 Description ds Services Connection timeout 60 sec Max data buffer size 4096 S bytes Logging Max credit 40 ee lb Reports b AS2 Messages SSUTLS Ciphers Datastore Settings OFTP Messages J Datastore co Time Access Apply Discard Banned Files amp Compliance E IP Access DLP 4 Connections Ye Triggers Connection timeout Connection channel timeout min The time in minutes that client channel TCP connection may remain inactive before server forcefully disconnects client Max data buffer size The maximum data buffer size f
175. ment Added Ftp Create Directory Ftps Create Directory and Sftp Create Directory trigger actions Enhancement Added ability to specify JDBC connection pool size and time to live for connections in Database Log and DB Datastore modules Enhancement Added ability to select multiple files for upload in HTML user interface using optional Flash plug in Chapter 1 Introduction Introduction 1 Enhancement Added ability to automatically start domain services on failover server after synchronization Enhancement Added additional information to server log to detect source of failed user authentications Enhancement Added ability to set expected successful return code s using a regular expression in Run Process trigger action Update Changed logging level for client read timeout messages so they only show up in log with FINE logging level enabled Update Changed Test parameters functionality in LDAP Query Authentication module to check filter parameters in addition to user authentication Update Changed default setting for Create account if not found option in various authentication modules to enabled Update Various updates to API JavaDoc Update Changed behavior in Failover module so that production server will startup even if failover server is down Bug Fix Fixed issue with NTLM Authentication settings not being displayed properly when using multiple domains Bug Fix Fixed issue with improper server response to EPSV command
176. ment Added support for password policies when generating passwords for ad hoc email file transfers Enhancement Updated UI for trading partners module Enhancement Added ability to create a drop zone from the management API Enhancement Added support for multi word phrases when tagging files via web interface Enhancement Added ability to specify what SSL TLS protocols are used Enhancement Added ability to specify a footer message that is appended to all ad hoc email file transfers Enhancement Added support for limiting what top level domains TLD and or email addresses an ad hoc email file transfer may be sent to Enhancement Added additional reporting to activity log showing when a trigger is queued and finished Enhancement Added host key verification support to FTPS SFTP and SCP related actions and trading partners module Chapter 1 Introduction 15 16 Introduction 1 Enhancement Redesigned Key Manager and added section for managing host keys Update Updated license agreement removing SaaS usage restriction Bug Fix Resolved gradual memory leak experienced often over several weeks Bug Fix Resolved CPU utilization issue when connecting to web server using IE 9 browser Bug Fix Resolved issue where a trigger will not fire and nothing is reported to the log in cases where maximum trigger resource limit is reached Bug Fix Fixed issue with dialog disappearing after uploading a file using a drop zone Bug Fix Fix
177. modes Figure 76 Chapter 3 Server configuration Server configuration 3 Add Service x Domain Service Specify service parameters Protocol SFTP SCP v Host 0 0 0 0 Port 2 B Private key example_rsa a Authentication password o x OK Cancel Host IP The IP address that this service will listen on Port The port that this service will listen on Private key The encryption key that this server will use for SSH communications Authentication The authentication mode clients must use when connecting to SFTP SCP service Authentication modes password User must authentication with password only publickey User must authentication with a private key that corresponds with public key installed on server password OR publickey User must authenticate with password OR with a private key that corresponds with public key installed on server password AND publickey User must authenticate with password AND with a private key that corresponds with public key installed on server See also Client keys overview Using public key authentication in SFTP SSH Chapter 3 Server configuration 61 62 Server configuration 3 Using public key authentication in SFTP SSH The SFTP SCP service supports public key authentication In public key authentication the client authenticates with the server using a username and private key optionally password protected accessible only the the user For increased security the SFTP SC
178. mon Verbose Logging If you need to debug a connection related issue it is often helpful to enable verbose logging This can be enabled using the Settings tab and checking the Enable verbose log option This option is disabled by default and should only be used for temporary debugging purposes as verbose logging contains a lot of information that can significantly slow performance and increase the size of log files Figure 65 Chapter 3 Server configuration 67 68 Server configuration 3 Home Server Help Logout Domain localhost running A Statistics Running Search Results Service Syslog Settings 8 Description Max buffer size 100 cs ak Services records z V Enable verbose log Logging iy Reports AS2 Messages Apply Discard OFTP Messages 3 Datastore Time Access Banned Files 2 Compliance GIP Access y DLP amp Connections Yay Triggers EJ Authentication amp Users Restoring a Database Log In the event that the database server cannot be contacted logging data will be directed to a temporary file located in the backups directory of your JSCAPE MFT Serer installation To move the contents of this temporary log file to your database use the backuplog command providing the domain that you wish to restore The backuplog executable may be found in your JSCAPE MFT Server installation directory Example backuplog domain localhost The above command moves the contents of the temporar
179. mp Search Index Encryption required A JMX Signature required Allow messages without filename v Overwrite existing files when found F Bind unauthenticated transfers to user test under domain localhost Upload directory fas2 From Receipt text Save changes Cancel Enable AS2 Check to enable receipt of AS2 messages Messages Datastore Settings Defines where AS2 messages are stored Decryption key This is the private key that will be used to decrypt AS2 messages This key is sourced from the Server Keys panel in Key Manager Receipt signing key This is the private key that will be used to sign MDN receipts This key is sourced from the Server Keys panel in Key Manager Chapter 3 Server configuration 127 128 AS2 Applicability Statement 2 4 Receipt signature algorithm This is the message signing algorithm used when sending MDN receipts Encryption required If checked all incoming AS2 messages must be encrypted Signature required If checked all incoming AS2 messages must be signed Allow messages without filename If checked incoming AS2 messages may optionally have a filename attribute If no filename attribute is provided a unique timestamp based filename will be automatically generated If unchecked AS2 messages must have a filename attribute Overwrite existing files when found If checked and file already exists with matching filename attribute then file will be overwritten If unchecked and file alrea
180. n This is useful in cases where the failover server needs a service to listen on a different IP than is used by the production server Failover considerations There are a few things you must consider when defining a failover server in JSCAPE MFT Server Manager 1 With failover mode enabled an active connection is maintained between the primary server and the administrative service of the failover server This connection ensures that whenever configuration changes Chapter 3 Server configuration Server configuration 3 are made to primary server that they are automatically synchronized to failover server In order to see the changes on failover server you may need to refresh data displayed in JGCAPE MFT Server Manager This can be done by selecting the Home menu item 2 Upon synchronization of data from primary server to failover server the domain and web services on failover server are NOT automatically started unless the Start domain servces after synchronization is enabled This is by design The reasoning behind this is that in the event you are using database logs you may not want duplicate log information to be sent from failover server to database log whenever server configuration is updated Therefore when switching to failover server you will need to first enable any web services in Server gt Settings gt Web section of JSCAPE MFT Server Manager and start the domain 3 User directories and data are not copied during failover sy
181. n addition to a signed certificate If your certificate came with an intermediate certificate you will need to append the contents of the intermediate to the signed certificate issued to you by your CA If your certificate did not come with an intermediate certificate you may skip these steps 1 Open your signed certificate and intermediate certificate files using a text editor e g notepad or vi 2 Copy the full contents of the intermediate certificate and append to the end of signed certificate file 3 Save signed certificate and continue with process of importing signed certificate Importing a third party certificate 1 Open Key Manager 2 Click on Server Keys panel 3 Select existing key that you wish to import certificates for 4 Click Import Certificates button Chapter 17 Key management 221 222 Key management Figure 78 Import Certificates Certificates import Specify certificates file parameters Certificates fle Browse jscape crt File password Alias in file Certificates file The file containing signed certificate File password The password protecting certificate Leave blank if none Alias in file The certificate alias in file Leave blank if none Importing a key OK 17 Cancel You may import existing server keys and certificates for use in encrypting FTPS SFTP and HTTPS connections To import an existing key certificate pair open the Key manager by selecting the Ser
182. n defining a File Transfer Script action as part of trigger The following commands may be used in a script file when invoking File Transfer Command Line end cd connect del deldir disconnect set aftpcompression set aftpcompressionfilesize set aftpcompressionexclude set aftpcongestioncontrol set aftodownloadrate set aftpsecurity set aftpuploadrate set debug set hostname set logfile set passive set password set protocol set port set privatekey set secure set timeout set username set wireencodin wait 146 Chapter 5 Trigger management Trigger management 5 The above commands are reserved words in the FTCL language and may not be used as variable names when using the set orpronpt commands Example Bad prompt dir Enter directory nam The variable named di r may not be used as this is a reserved word for use by the di r command used to get a directory listing Good prompt nydir Enter directory name The variable named nydi r is not a reserved word so may be used append lt file gt lt desti nati on gt Appends contents of local file to remote file with a quoted relative filename or absolute path lt desti nati on gt optional quoted remote filename to append to Example append log txt mylog txt cd lt directory gt lt di rectory gt a quoted relative directory name or absolute path Example cd j smth ia connect SCC Establishes co
183. n fails Release 5 2 Jun 2 2009 Enhancement Added support for submitting custom form data when uploading files via HTML user interface Enhancement Added ability to set syslog facility Enhancement Added integration support for JSCAPE Web Document Viewer product This product allows users to view documents on the server using a web based embedded document viewer Enhancement Added integration support for JSCAPE MFT Server Plugin for Outlook This product allows users to perform ad hoc email file transfers directly from Outlook email clients Enhancement Added ability to copy a group Enhancement Added ability to copy a user Enhancement Added IPv6 support for all protocols Bug Fix Fixed issue with File Upload event being fired twice when using a reverse proxy Chapter 1 Introduction 21 22 Introduction 1 Bug Fix Fixed path editing issue in JSCAPE MFT Server Manager Bug Fix Fixed issue with trigger action information being lost during upgrade Release 5 1 Mar 30 2009 Enhancement Added support for enabling disabling passive transfers in all FTP FTPS related trigger actions Enhancement Added retry interval property to all file transfer trigger actions to define the wait period before retrying a file transfer Enhancement Added extension field to phone number Enhancement Changed adhock email prebody variable in File gt Settings gt Email gt Resources of JSCAPE MFT Server Manager to use user s real name
184. n preferences Authenticating with Microsoft Active Directory Authenticating using custom authentication API Adding anonymous user accounts Defining virtual paths Virtual path permissions Adding groups Setting IP based access Setting time based access Setting banned files Setting connection preferences Backing up server configuration files Defining a failover server Defining password compliance Adding trading partners Monitoring server resources using JMX Contents Chapter 4 Chapter 5 Chapter 6 126 127 127 127 128 129 132 133 134 134 135 136 139 140 142 142 142 143 143 144 145 146 158 159 159 159 162 165 168 169 Performing backups of server configuration data AS2 Applicability Statement 2 Overview Enabling AS2 Receiving AS2 messages Sending AS2 messages Viewing AS2 messages Deleting AS2 messages Trigger management Overview Trigger lifecycle Adding triggers Settings Using time based triggers Manually executing time based triggers Writing conditions Testing conditions Event types Action types Function types Defining custom action types File Transfer Script Language Escape sequences Web based file transfers Overview Enabling web based file transfers Web user interface Customizing the web interface Performing automatic login Specifying logout URL Contents Chapter 7 Chapter 8 Chapter 9 Chapte
185. n trigger actions Enhancement Added ability to limit the user interface options available when using web client Enhancement Added Login FOOTER variable to File gt Settings gt Web gt Resources for use in defining a footer in login page Enhancement Added Zip Regex File action for use in creating ZIP file based on regular expression Enhancement Added ability to define multiple connection settings in File gt Settings gt Connection panel for use in managing many remote servers Enhancement Added restart script to server Bug Fix Fixed issue with files not being properly overwritten when using SFTP reverse proxy Bug Fix Fixed NullPointerException error experienced when upgrading previous version Release 6 3 0 6 Dec 15 2009 Enhancement Added ability to specify banned files for upload Enhancement Added ability to limit days of week and times that users may connect Enhancement Added ability to specify continue argument without specifying login credentials when integrating web interface with external applications Enhancement Added ability to password protect ad hoc email links Enhancement Removed requirement for specifying user account password in Ad Hoc Email File Transfer action Bug Fix Fixed issue with ad hoc email hostname used when server is installed in NAT environment Bug Fix Fixed issue with ad hoc email links becoming invalid if user changes account password Bug Fix Fixed issue with creating reports
186. n uploading files via the client web interface Enhancement Added alternative Label field to be used when presenting file upload forms to web based clients Update Changed name of two factor authentication service PhoneFactor to Microsoft Azure Multi Factor Authentication Bug Fix Resolved compatibility issue with OpenID CAS server Bug Fix Resolved backward compatibility issue with 8 4 Bug Fix Resolved issue related to known SSLv3 POODLE winerability Bug Fix Resolved issue where user is not automatically redirected to login page in event of session timeout Bug Fix Resolve password compliance validation issue when creating or editing a user s password Bug Fix Fixed issue where first entry of new user activity log file is written to previous log file when server is inactive for several days Bug Fix Fixed performance issue with Directory Monitors module Bug Fix Various interoperability fixes for AS2 protocol Bug Fix Fixed issue with file uploads that use a form with option to prompt user for form data for each file uploaded in a batch Bug Fix Various bug fixes for web administrative client interface Release 9 0 Jul 8 2014 Enhancement Added web based administrative user interface Enhancement Added support for password protected archives in ZIP related trigger actions Enhancement Added ability to ignore trigger events when domain is paused or stopped Enhancement Added CurrentTimeMillis event variable to all
187. n which to rotate log files Database Log Discard Logs all server activity to a JDBC accessible database To use the Database log option you must first create the database and necessary tables on your database server and register the appropriate database driver with JSCAPE MFT Server Example database schema for MySQL Microsoft SQL Server and Oracle are provided in the files etc mysql sql etc mssql sql and etc oracle sql respectively Libraries for JDBC drivers must be placed in the 1ibs jdbc directory of your JSCAPE MFT Server installation the JSCAPE MFT Server Servce restarted and the JDBC driver class registered in Server gt Settings gt JDBC in order for the database to be accessible to JSCAPE MFT Server Chapter 3 Server configuration 65 66 Server configuration 3 Figure 63 Home Serer v Help Logout Domain localhost running E Statistics Running Search Results Service Syslog Settings 8 Description Logto database v sk Services Logging JDBC URL jdbc mysq Mocalhost jscape menos Username admin AS2 Messages _ Password eeee f rou 5 connections OFTP Messages Pool timeout 5 Smin 3 Datastore 9 Time Access Banned Files Test Parameters amp Compliance GIP Access y DLP Apply Discard amp Connections Ye Triggers Authentication amp Users JDBC URL The JDBC URL used to connect to the database The above example demonstrates connecting to a MySQL database Contact your
188. ncement Added ability to specify multiple custom logos at a domain level using URL Branding module Enhancement Added option to specify a section Storage or My Account to redirect users to upon login web interface Chapter 1 Introduction Introduction 1 Enhancement Added option to confirm overwriting existing files within applet Enhancement Changed behavior of IP Access Rules Updated and IP Blocked events so that events are only fired if IP does not already exist in IP Access list Bug Fix Fixed issue with missing comments against some API s Release 6 5 Mar 31 2010 Enhancement Added js passwd command line utility for use in changing account passwords Enhancement Added ability to see recent last 1000 trigger executions Enhancement Added ability to pass original event information to Trigger Error event using variables and Trigger Error Message field Enhancement Added ability to enable disable ad hoc email at the domain level Update Removed update of directory monitor quotas when uploading deleting files in order to avoid potential performance issues related to quota synchronization Bug Fix Resolved issue with Check Email action where unique message ID used in storing messages contained illegal filename characters Bug Fix Resolved issue experienced when using Adobe Flash upload component in Internet Explorer browser Release 6 4 0 4 Jan 18 2010 Enhancement Added ability to use built in functions withi
189. nchronization This process should be managed by your SAN Storage Area Network or via manual synchronization If failover synchronization fails further synchronization may be disabled to prevent possible performance issues You may identify this event by creating a trigger to capture the Failover Synchronization event and adding a condition to check whether the Success variable is equal to true You may then add one or more actions to the trigger in order to respond to this condition e g Send Email On demand synchronization JSCAPE MFT Server also supports on demand synchronization This is slightly different than failover mode in that an active connection is not maintained between the source and destination server This allows you to perform a one time synchronization of server configuration files to destination server by clicking the Synchronize State button The Synchronize State button is enabled only when the Enable automatic failover synchronization checkbox is not checked On Demand v s Automatic Synchronization As described above on demand synchronization is performed when clicking the Synchronize State button Automatic synchronization is performed when the Enable automatic failover server synchronization option is enabled There are some important differences between the behavior of on demand v s automatic synchronization that should be noted 1 When using on demand synchronization all domains on failover server are first
190. nd key password needed to decrypt the file Getting started To begin you must create a PGP key pair This key pair consists of both a private key and public key This key pair can be created using the tools provided in JSCAPE MFT Server or by using any of the supported third party PGP clients The private key is yours to keep and may be used for decryption and optional signing of digital documents The private key should be safely guarded and is typically protected with a password that only you know The public key is what you distribute to those individuals organizations with whom you wish to exchange encrypted content Chapter 17 Key management Key management 1 r To encrypt a document the sender encrypts the document using the recipients public key then optionally signs the encrypted document with the senders private key Signing the encrypted document proves to the recipient that the sender is who they say they are All document encryption signing in JSCAPE MFT Server is performed via a trigger and the PGP Encrypt File action To decrypt a document the recipient decrypts the file using the recipients private key password and optionally verifies the sender using the public key that was provided to the recipient by the sender All file decryption in JSCAPE MFT Server is performed via a trigger and the PGP Decrypt File action PGP usage Some typical uses of PGP in JSCAPE MFT Server include e Automatically PGP encrypt sign files upon u
191. nd users computers All user permissions and virtual paths are observed when using JSCAPE MFT Server Web Gateway Figure 25 JSCAPE MFT Server Web Mozilla Firefox ioj x File Edit View History Bookmarks Tools Help JSCAPE MFT Server Web _JScap JSCAPE MFT Server Web Enter domain username and password and click Login Domain Username Password User Interface HTML Java Applet Login Lost password Domain The name of the domain to connect to This is the name of the domain as identified Domain Name column of JSCAPE MFT Server Manager not the IP address or hostname although these may be the same Username The account username Password The account password User Interface The user interface to show upon login Java Applet user interface is only supported in Enterprise version of JSCAPE MFT Server and only if WebDAV senice is enabled for domain Lost password Allows user to reset lost password Figure 32 Chapter6 Web based file transfers Web based file transfers 6 Goa EB JSCAPE MFT Server Web Logged in as jsmith under domain localhost J Sicisp My Bezour Loon oa ale a ll Rename F2 Refresh F5 Change Directory New Directory F7 Delete F8 Email File s Manage Tags Java Applet E Add 9 Clear Files for upload 0 D i Advanced search ASCII Binary Date E Koala jpg Jan 10 2012
192. ned in Server gt Settings gt Manager Service gt Administrators in JSCAPE MFT Server Manager Configuring JMX The JMX service may be configured in Server gt Settings gt JMX in JSCAPE MFT Server Manager Figure 157 Chapter 3 Server configuration 125 126 Server configuration 3 Home Server v Help v Logout ER Manager Service JMX jg Domain Startup Web V Enable JMX support amp JDBC Drivers JMX SERVER Host Email 000o Ee Server port 30051 a v 2 Failover Registry port 30050 amp Search Index Connection URL service jmx rmi 0 0 0 0 30051 jndi rmi 0 0 0 0 30050 server A JMX Save changes Cancel Performing backups of server configuration data It is recommended that you perform a regularly scheduled backup of your JSCAPE MFT Server configuration and user files This may be performed using the System Configuration Backup action as part of a trigger Manual Backup To perform a manual backup of JSCAPE MFT Server create a ZIP archive of the JSCAPE MFT Server installation directory This archive may be used for disaster recovery purposes Automatic Backup 1 Using JSCAPE MFT Server Manager create a trigger that uses the Current Time event When specifying the Condition use a time expression to set the time s of day that you would like the trigger to run 2 When prompted to select the action select the System Configuration Backup action and populate the required fields 3 Click OK and Apply to save t
193. nnection with remote server del lt file gt Deletes remote filename lt file gt a quoted relative filename or absolute path Chapter 5 Trigger management 147 Trigger management Example del logs txt del dir lt directory gt lt di rect ory gt a quoted relative directory name or absolute path Example del dir I ogs ismth lo disconnect Disconnects from remote server exec lt command gt Executes command on local machine lt comrand gt valid command to be interpreted by the local operating system Example exec dir c tmp gt c tmp dirout txt get lt file gt Downloads file from remote server lt file gt a quoted relative filename or absolute path getdir lt directory gt lt di rect ory gt a quoted relative directory name or absolute path Example getdir logs Example 148 Chapter 5 Trigger management Trigger management Pg di var 1 ocs lcd lt di rectory gt Sets current working directory on local machine This directory is used when uploading files using relative paths and when downloading files lt di rect or y gt a quoted absolute path Example lcd c t mp I copy lt path gt lt desti nati on gt Copies a local file to a local destination lt pat h gt a quoted relative or absolute file or directory path lt desti nati on gt a quoted relative or absolute file or directory path Example copy logs txt I ogs txt old Exampl
194. nsfer a file within a given time period In Checksum verification is a post file transfer process that verifies the integrity of files transferred This is accomplished by comparing checksums of the file on both the sender and receiver sides ensuring that files are transferred correctly Receive email notifications on the events that are important to you For example as a system administrator you may wish to be notified via email if a users account is disabled due to a successive number of invalid login attempts OpenPGP Encryption Use OpenPGP encryption to ensure that your data is encrypted while at rest or to automatically Chapter 1 Introduction Introduction 1 decrypt files sent to you by your customers who use OpenPGP encryption Automated File Transfers Automatically transfer files to from the server using FTP FTPS SFTP SCP protocols This is perfect for use in situations where you must transfer files on a scheduled basis or based on other event conditions Database Logging Using the database logging features you can ensure that all server activity is safely stored in a remote database Reverse Proxies Map remote FTP FTPS SFTP WebDAV servces to virtual directories on your server This allows you to grant users access to remote services using a single sign on account Users no longer have to remember multiple hostnames usernames and passwords This feature is also very useful streaming data between a public server
195. nstead of a static username and password Use passive transfer mode Flag indicating whether passive mode is used for connecting to this remote Chapter 15 Reverse proxy management 215 216 Reverse proxy management 1 5 server Map current local directory to remote directory If enabled maps local virtual path to remote virtual path For example if reverse proxy is mapped to virtual path path then when connecting to reverse proxy it will drop user in path directory on target server Debug log directory Directory in which to store debug logs for this reverse proxy Max proxy age The maximum amount of time to keep this reverse proxy connection in connection pool Mapping a reverse proxy to a virtual path Mapping a reverse proxy to a virtual path is a powerful feature that allows users to transparently access one or more remote FTP SFTP servers via a Single client session In order to map a reverse proxy toa virtual path first create a reverse proxy then map that reverse proxy to a virtual path for a user or group of users When users access the virtual path of a reverse proxy they will be connected to the remote server This is completely transparent to the end user See also Creating a reverse proxy Defining virtual paths Overview A session is defined as a connection with the server Current sessions may be seen from the Statistics module in JSCAPE MFT Server Manager Figure 146 Home Serer v Help v Logout Domain l
196. nt Figure 159 Key management 17 Export Public Key X Public key export Specify key file parameters Key filename jscape_pub Format x509 v OK Cancel Key file The path to export public key file to Format The format in which to export public key Client keys Overview Client keys are used for enhanced authentication of clients when connecting to JSCAPE MFT Server For example you may specify that your service requires that the user provide both a password and private key during the authentication process in order to be granted access This is more secure form of authentication than simple password authentication as it requires a secondary token a private key in addition to the password Client keys may be used in the FTPS FTP over SSL and SFTP FTP over SSH secure file transfer protocols Note Not all FTP SFTP clients support authenticating with keys so check your file transfer client documentation for details See also Generating a key Importing a certificate and or public key Exporting a certificate and or public key Generating a key To generate a client key open the Key Manager by selecting the Server gt Key Manager option from the main menu The Key Manager will be displayed Figure 22 Chapter 17 Key management 229 Key management Home Server v Help Logout 17 Server Keys Host Keys Client Keys PGP Keys Key Expiry Report A example_dsa Key algorithm
197. nt Added ability to list amp enable disable users using the command line API Enhancement Added ability to stop an administrator being able to delete their own account Enhancement Added ability to manage large numbers of users via the GUI without sacrificing performance Enhancement Added ability to import existing public keys and have them automatically converted to X 509 Aug 18 2010 format Bug Fix Fixed issue with API Doc and actual functionality being out of sync for AbstractAction Bug Fix Fixed issue with Trigger concurrency limit now set per trigger and not across all triggers as previously Bug Fix Fixed issue with Automatic login no longer working Bug Fix Fixed issue with Default connection being overwritten rather it should add a new connection to the list when adding a connection Release 6 6 Jun 7 2010 Enhancement quota will not Enhancement Enhancement upgrade Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Enhancement Added ability to check disk quota before a file upload web interface to ensure that disk be exceeded Added ability to store the last login date for a user Added ability to migrate changed text labels web interface so that they also appear post Added ability to access the server version number as a function in trigger actions Added abili
198. nt Minor updates to user interface for Reverse Proxies module Enhancement Updated all data tables to use consistent data alignment best practices Enhancement Added visual cues to the web administrative interface that prompt user to save changes in the event they attempt to navigate away from page without saving changes Enhancement Added support to automatically detect whether JavaScript and or cookies are enabled in client s browser Enhancement Updated all drop down GUI components in web administrative interface to be searchable Enhancement Added XSS and CSRF validation to all requests in both client and administrative web interfaces Enhancement Added js syncstate command line utility for performing failover synchronization Enhancement Added DateAdd DateSubtract and DateFormat trigger functions for use in manipulating and formatting dates Enhancement Added Key column in Services module to display the server encryption key used by a service Chapter 1 Introduction Introduction 1 Enhancement Added Domains attribute to Server Key in Key Manager that displays a list of the domains currently using selected key Enhancement Added ability to run actions asynchronously for a Trigger Enhancement Added ability to view event details for an executed Trigger Enhancement Added a unique event ID attribute that identifies the event used in the execution of a Trigger Enhancement Added ability to require user to submit form data whe
199. nt key to the client keys listing Chapter 3 Server configuration Server configuration 3 Figure 103 Export Private Key B Private key export Specify key file parameters Key filename jsmith prv Password cocco Password confirmation eeee Format PEM v OK Cancel 3 The next step is to bind this client key to the user This allows this client key to be used by this user for authentication purposes Go to the Users node select the user for this key and click Edit button In the Client keys section check the client key that you created earlier and click OK Figure 105 Chapter 3 Server configuration 63 Server configuration 3 Add User B Add User Specify new user parameters Info Paths Quotas IP Access Domain Administration Web N SETTINGS V Enabled V Enable ad hoc email transfers Owner E Expires on 06 24 2014 oa lt AUTHENTICATION Require secured connection Use phone authentication is Allow password change Ignore password aging rules WM Client keys cS OK Cancel 4 Next you must add the SFTP SCP service with the option to allow authentication using public keys If you have already done this then you may skip this step Otherwise go to the Services node select the Add button and select the SFTP SCP protocol Set the Authentication option for service to use one of the publickey options Click OK 5 You have successfully enabled
200. nticating against JSCAPE MFT Server file transfer service 2 Query is performed using credentials supplied in Search user DN and Password fields Note these credentials may be different than the credentials used in Step 1 For example a case where these might be different is where the User DN does not have the needed permissions to perform the query but the Search User DN does If one or more records are returned from the query then the user is successfully authenticated Figure 62 Home Server v Help Logout Domain localhost running WEEE Authentication Two Factor Phone Authentication Web SSO i Time Access Banned Files Service type LDAP query v 3 Compliance Host EB IP Access 192 168 1 1 Port 389 g J DLP Timeout 30 sec Connections User DN usename ad domain com Yu Triggers Search user DN qapuser ad domain com Password ccoo Authentication 5 Base DN CN username CN User OU Groups DC ad DC domain DC amp Users Filter memberOf CN Administrators OU Groups DC ad DC domain DC con amp Groups Use SSL connection fg Reverse Proxies N Allow anonymous binding 3 Directory Monitors V Create user if not found using template Default v Drop Zones Convert username before creation to lowercase v URL Branding E Use failover server s Host The hostname or IP address of the LDAP senice Port The port of the LDAP service Chapter 3 Server configuration 85 86 Server configur
201. ntinue Figure 177 Select Start Menu Folder Where should Setup place the program s shortcuts Select the Start Menu folder in which you would like Setup to create the program s shortcuts then click Next Create a Start Menu folder V Create shortcuts for all users 6 Configure management REST services and administrative credentials Chapter 2 Installation 33 34 Installation 2 Figure 178 Server Administration Please enter the Host IP Port Username and Password to be used for administering this server For cient only installations enter the Host IP Port 2 and Password of the remote server you wish to administer 7 Management host IP 0 0 0 0 X Management port 10880 REST HTTP host IP 0 0 0 0 v REST HTTP port 11880 Username Password Confirm password Next gt Cancel Management host IP The IP address that management service should listen on The IP address 0 0 0 0 is a special address that instructs service to listen on all available network interfaces Management port The port that management service should listen on Default port is 10880 REST HTTP host IP The IP address that REST web service should listen on The IP address 0 0 0 0 is a special address that instructs service to listen on all available network interfaces REST HTTP port The port that REST web service should listen on Default port is 11880 Username Administrative username for managing services P
202. ntinue however new connections will not be accepted Usage js pausedomain options Options d the domain name h display this help menu If s pausedomain command is run without options then user will be prompted for necessary information js resumedomain The js resumedomain command may be used to resume a paused domain in JSCAPE MFT Server Usage js resumedomain options Options d the domain name h display this help menu If j s resumedomain command is run without options then user will be prompted for necessary information Chapter 13 Command line utilities Command line utilities 1 3 js runtrigger The js runtrigger command may be used to run a trigger which listens for the Current Time event in JSCAPE MFT Server When running a trigger using j s runtrigger any conditions for the trigger will be ignored Usage js runtrigger options Options d the domain name n the trigger name h display this help menu f js runtrigger command is run without options then user will be prompted for necessary information js sendmessage The js sendmessage command may be used to send an email message to all users for a domain Usage js sendmessage options Options d domain host smtp host p smtp port t smtp connection type plain ssl start tls debug enable debug mode true false u smtp username pass smtp password f from address s subject b body h display this help menu
203. ntitled to 1 year of free upgrades and technical support To obtain access to the latest version please contact JSCAPE via the Help Desk Upgrade Process Graphical User Interface This process is available only to versions 6 2 and above when using GUI installer Upgrades may only be performed against versions 5 0 or above If you are currently using a version prior to 5 0 then you must uninstall delete current version and reinstall reconfigure new version 1 Run the GUI installer for JSCAPE MFT Server 2 When prompted where to install JSCAPE MFT Server select the same installation directory as your current installation 3 The installer for JSCAPE MFT Server will detect that a previous version of JSCAPE MFT Server is installed and will prompt you for a directory in which the current version may be backed up 4 Continue with the installation process as normal Once installation is complete your server configuration settings from previous version will be automatically migrated from previous version to current version Additional Notes 1 If you are managing your server remotely it is IMPORTANT that both the version of JSCAPE MFT Server Manager used matches the version of JSCAPE MFT Server you are managing 2 Any logos or text label settings that you have made to web interface WILL NOT be migrated during upgrade process 3 Note for Windows environments the JSCAPE MFT Server service will revert to using the Local System account after an u
204. o a target server in JSCAPE MFT Serer Usage js syncstate options Options ip lt host IP gt failover server host IP p lt port gt failover server port u lt username gt administrator username pwd lt password gt administrator password s lt IP substitution rules gt comma delimited list of semi colon delimited ip substitution rules e g 1 2 3 4 1 2 3 574 5 6 7 7 8 9 0 h display this help menu f js syncstate command is run without options then user will be prompted for necessary information js triggersreport The js triggersreport command may be used to list all triggers and settings for a domain Usage js triggersreport options Options d lt name gt the domain name h display this help menu If j s triggersreport command is run without options then user will be prompted for necessary Chapter 13 Command line utilities 211 Command line utilities 1 3 information jS users The js users command may be used to list enable or disable users in JSCAPE MFT Serer Usage d lt domain gt 1 fel fd u lt user gt h Options d domain name l list users u user name fe enable flag fd disable flag h display this help menu If s users command is run without options then user will be prompted for necessary information Enabling WebDAV service JSCAPE MFT Server Enterprise Edition offers support for the WebDAV file transfer protocol To enable WebDAV please p
205. o be run on demand or on a scheduled basis using the newly added Run Directory Monitor trigger action Enhancement Several updates to the Java applet user interface Enhancement Various performance enhancements to SFTP protocol Enhancement Updated triggers module to retain recent trigger history regardless of whether changes are made to triggers Bug Fix Resolved issue where some command line utilities would raise an exception when used in combination with custom trigger actions Bug Fix Resolved issue where user was unable to resume a canceled file transfer in Java applet window Bug Fix Resolved issues experienced with reverse proxies when Map current local directory to remote directory option was enabled Bug Fix Resolved variable expansion issue experienced in the email lostpassword body and email lostpassword subject resource properties Bug Fix Resolved issue where PGP keys exported from JSCAPE MFT Server cannot be imported into GnuPG 2 x Bug Fix Resolved issue where failover IP substitution does not work correctly under automatic Chapter 1 Introduction 13 14 Introduction 1 synchronization Bug Fix Resolved issue in Convert File trigger action where UNIX to MS DOS conversions were not working correctly Bug Fix Resolved issue where adding a duplicate account via JSCAPE MFT Server Manager correctly results in an error message but incorrectly lists duplicate account in users list Bug Fix Resolved issue where Cur
206. o detect when a new Chapter 1 Introduction Introduction 1 account is created Enhancement Added js pausedomain in order to stop accepting new connections Enhancement Added js resumedomain to resume accepting new connections Enhancement Added ability to view and manage previous ad hoc file transfers from the web user interface Enhancement Added ability to perform an orderly server shutdown Enhancement Added ability to specify whether existing files should be overwritten when uploading files to a drop zone Change Default service type to explicit SSL when adding a new FTP service Bug Fix Fixed issue where condition expression was rewritten when saved Bug Fix Fixed issue where triggers could be created without using a unique name Bug Fix Fixed documentation issue in Trading Partners module Bug Fix Fixed required field error in File gt Settings gt Email section of JSCAPE MFT Server Manager Bug Fix Fixed issue with Run Process action where double quotes are not stripped before passing argument to executing program Bug Fix Fixed issue where Banned Files are banned from upload but not from renaming Release 7 1 Nov 14 2010 Enhancement Redesign and improved usability of condition builder in triggers module Enhancement Added context sensitive help to triggers module for events event variables actions and functions Enhancement Added contact management capabilities for use in ad hoc file transfers Enh
207. o the 157 158 Trigger management a valid quoted username for remote server set wireencoding lt encodi ng gt Specifies the wire encoding to use on command channel for FTP S protocols lt encodi ng gt a valid quoted character encoding wait lt seconds gt Escape sequences The FTCL language allows for the use of escape characters when defining strings in the same way that the Java programming language does The character is treated specially inside of strings indicating that the next character is to be escaped Escape sequences Escape sequence _ Description Z Z i O T MN Baksh Quote o y O This is especially important to consider when defining local paths on the Windows operating system The local path c tmp must be defined as c tmp or c tmp when using FTCL commands that use local path information Example Incorrect I cd c t mp hore Correct Chapter5 Trigger management Trigger management 5 lcd c t mp hore The first example is incorrect as the t in c t mp hon would be interpreted by FTCL as a tab character instead of a literal t The second example corrects this issue by using a forward slash instead of a backslash Overview JSCAPE MFT Server Web Gateway is a web based file transfer client It has many of the functions of traditional FTP SFTP clients providing the ability to manage upload and download files from a remote server However unlike tradit
208. ocalhost running R Statistics Statistics Sessions amp Description ik Services Type a Server Client User Created UpTime File FIP 0 0 0 0 0 0 0 1 21 0 0 0 0 0 0 0 1 11248 test 7 2 2015 8 40 18 AM 00 00 16 Logging iy Reports AS2 Messages OFTP Messages J Datastore 9 Time Access 6 Banned Files 2 Compliance GIP Access 7 DLP i Connections Ye Triggers Close Session Forcibly terminates selected session Overview JSCAPE MFT Server includes support for FTPS FTP over SSL SFTP SCP and HTTPS connections as well as OpenPGP encryption In order to take advantage of encryption services you must create one or more keys that may be used for encrypting your sessions and or files Key management is accomplished via the Key Manager To access the Key Manager select Server gt Key Manager from the main Chapter 15 Reverse proxy management Key management 17 menu The Key Manager dialog will be displayed Server keys Client keys OpenPGP keys Figure 22 Home Server v Help v Logout Server Keys Host Keys Client Keys PGP Keys Key Expiry Report example_dsa Key algorithm RSA Certificate type X 509 Version 3 Serial 1096452880 Issuer C US ST Florida L Miami O Your Company Name OU IT Department CN www domain com Subject C US ST Florida L Miami O Your Company Name OU IT Department CN www domain com Valid not before 06 03 2013 Valid not after 06 02 2018 Signature 4e 09 92 35 b3 04 c3 e5 0a bd bd 3 a8 c1
209. om E o The user group name No _______ Administrators Example John Smith jsmith secret C users jsmith jsmith domain tx Administrators Henry Jones hjones secret C users hjones hjones domain com js ipaccess The js ipaccess command may be used to perform manage the IP access list for a domain Usage js ipaccess b u d lt domain gt 1 i lt IP address gt h Options d the domain name i insert rule for specified IP address b block specified IP address u unblock specified IP address l lists current IP access settings h display this help menu f js ipaccess command is run without options then user will be prompted for necessary information js kickuser The js kickuser command may be used to forcibly close all sessions for a specified user in JSCAPE MFT Server Usage js kickuser options Options d the domain name u the user nam h display this help menu f js kickuser command is run without options then user will be prompted for necessary information Chapter 13 Command line utilities Command line utilities 1 3 jS migrateadhoc The js migrateadhoc command may be used migrate ad hoc entries previously stored in per domain datastore H2 database to a common datastore user defined relational database in JSCAPE MFT Serer Prior to running j s migrateadhoc you must update the datastore used in Server gt Settings gt Email gt Ad Hoc File Transfer tO Use common database op
210. ompt for password on connect option to File gt Settings gt Connection panel which requires that user provide administrative password when launching JSCAPE MFT Server Manager client or when connecting using API Bug Fix Fixed issue in Send Email action where From and To fields were swapped when sending an email Bug Fix Fixed issue with PGP encryption keys where files encrypted using public keys imported from 3rd party PGP clients could not always be decrypted by those PGP clients Bug Fix Fixed issue in 3 3 release where IE displayed error when trying to download files via HTTPS Bug Fix Fixed issue in HTTP and WebDAV services where domain was reported as stopped even though it was running Bug Fix Fixed issue experienced when generating certificate signing requests in Key Manager Release 3 3 Jul 27 2007 Enhancement Added ability to generate certificate signing request CSR using Key Manager Enhancement Added password hashing support to Database Query Authentication and LDAP Query Authentication services Enhancement Added ability to forcefully disconnect and optionally disable an active user session account using Kick User button in Users node Enhancement Added ability for users to change their password using FTP or FTPS protocols Enhancement Added ability to authenticate users using Custom User Authentication API Enhancement Added ability to sort users by name login or connection status Enhancement Added support f
211. on 3 before passing username to specified User Template Allow non SSO logins If enabled user may login using either SSO or other authentication service Authenticating with Microsoft Active Directory Microsoft Active Directory is an LDAP service that may be used by external applications to authenticate users against a Microsoft domain To use Active Directory for authentication purposes you may use any of the LDAP service types provided in the Authentication node of JSCAPE MFT Server Manager Verifying Active Directory Installation Obtaining Zone Name Setting Authentication Details Testing Connection Firewall Configuration Verifying Active Directory Installation Prior to using LDAP you must first verify that you have Active Directory properly installed on the server you are authenticating against To see if it is enabled on the server goto Start gt Programs gt Administrative Tools gt Active Directory Users and Computers If you do not see this menu option then it is likely you don t have Active Directory installed on this server Please consult your Microsoft documentation for instructions on how to install and configure Active Directory Obtaining Zone Name Open the Active Directory manager from Start gt Programs gt Administrative Tools gt Active Directory Users and Computers Here you should node with a name like ad domain com or something similar This is your zone name and will be used when setting your authenticat
212. on for all domains including services triggers reverse proxies etc email_properties dat Contains email related properties ee eee SSL certificate information for HTTPS service license lic Contains serwer license ke registered at startup Key Manager Manager Key Manager Poe he any public keys listed in Host Keys tab of Key Manager ontains server certificates for HTTPS service client cfg Contains client configuration for connecting to administrative service esc t oor server configuration for administrative service jmx cfg Contains server JMX configuration settings n oe user interface settings for JSCAPE MFT Server Manager manager web cfg Contains settings for administrative web service c list of SSL providers to be used by your JVM eee ee various startup properties such as allocated heap memory for JSCAPE MFT Server Manager eee T various startup properties such as allocated heap memory for JSCAPE MET Server To automatically backup your server configuration files on a scheduled basis create a trigger using the Current Time event and System Configuration Backup action Manager Defining a failover server JSCAPE MFT Server may be configured to synchronize all configuration changes to a failover server The purpose of a failover server is that in the event the production server goes down the failover server can quickly take over the duties of the production server To define a failover server
213. onal groups that this user is a member of Settings Chapter 3 Server configuration 75 76 Server configuration 3 Enabled Check to enable this account Owner Optional login of user who owns manages this account Expires on Date that this account expires leave blank for non expiring account Enable ad hoc email transfers Check to allow user to perform ad hoc email transfers via HTTP interface Authentication Require secured connection Check to force user to login using secure protocol e g FTPS SFTP HTITPS Allow password change Check to allow user to change their password Use phone authentication Check to require user to use two factor phone authentication Ignore password aging rules Check to disable password aging rules for this user Client keys Optional public keys bound to this user for purposes of public key authentication in SFTP SSH protocol See also Phone Authentication Defining user templates A user template is a template that is used for creating users To view a list of available templates click the Users gt Templates panel for the desired domain Figure 112 Chapter 3 Server configuration Server configuration Home Server v Help Logout Domain localhost running J Datastore Users Templates 09 Time Access 8 Banned Files Name 2 Compliance Default IP Access y DLP 4 Connections Ye Triggers Authentication amp Users amp S Groups Be Rever
214. one call from Two Factor Authentication senice asking user to confirm this is a valid login 3 Upon confirmation user is logged into their account Enabling Phone Authentication 1 Select the Two Factor Authentication tab andthe Service type you wish to use 2 Enter details for service and click Apply 3 Enable the Use phone authentication option for those user accounts that you want to use this service Microsoft Azure Multi Factor Authentication a k a PhoneFactor is a multi factor authentication service provided by Microsoft To use this service you must first create an Azure account and Download Azure Multi Factor Authentication SDK for Java Upon downloading the SDK extract the ZIP archive and copy Chapter 3 Server configuration Server configuration the files license xml and cert p12 tothe License directory See Figure 119 Figure 119 Home Serer v Help v Logout Domain localhost running a patastore Authentication Two Factor Phone Authentication Web SSO ci Time Access Banned Files Service type Microsoft Azure Multi Factor Authentication v amp Compliance License directory S IP Access c phonefactor Browse Password EEEE 7 DLP Allow international calls amp Connections Wy Triggers E Authentication Add Variable amp Users amp 8 Groups Apply Discard ty Reverse Proxies 3 Directory Monitors Drop Zones URL Branding License directory The directory containing your Microsoft
215. onnections to this port See also Setting authentication preferences Authenticating using custom authentication API The custom authentication API provides you with a way to authenticate users using your own business rules The custom authentication API is recommended when the other built in authentication modules Database LDAP Domain do not meet your needs To implement your own authentication provider you must perform the following 1 Create a class which implements the com jscape inet mft subsystems authentication AuthenticationService Class 2 Overload the public void authenticate Credentials creds method throwing a com jscape inet mft subsystems authentication AuthenticationException exception if authentication fails 3 Create a JAR file that contains the compiled version of your com jscape inet mft subsystems authentication AuthenticationService implementation To compile your authentication class you will need to include the ftpserver jar library in your classpath The ftpserver jar library may be found inthe libs directory for JSCAPE MFT Server 4 Place the JAR file created in Step 3 as well as any needed 3rd party JAR files into the libs ext directory of your JSCAPE MFT Server installation 5 Restart the JSCAPE MFT Server Service 6 Open JSCAPE MFT Server Manager and select the Authentication node 7 Change Service type to custom authentication Type inthe class name created in Step 1 into the Authent
216. or OFTP connections Max credit The maximum number of packets that client may send to server before receiving an acknowledgment from server that is it ready to receive more data SSL Ciphers The SSL ciphers to enable for OFTP services TFTP Connection Settings TFTP connection settings may be managed under the Services gt TFTP panel Figure 193 Chapter 3 Server configuration 115 116 Server configuration Home Serer v Help Logout Domain localhost running E Statistics Services FTP S SFTP SCP AFTP OFTP TFTP HTTPIS WebDAVIS amp Description dt Services Max retransmit attempts 6 S Retransmit interval 3 sec Logging Generate dirt file if missing iy Reports V Generate md5 file if missing AS2 Messages OFTP Messages J Datastore Apply Discard 9 Time Access 6 Banned Files amp Compliance E IP Access 7 DLP amp Connections Ye Triggers Max retransmit attempts The maximum number of times that sender may unsuccessfully send a message before failure Retransmit interval The retransmission interval Seconds between each message retransmission attempt Generate dir txt file if missing If checked client may request the file dir txt to obtain a directory listing of available files Generate md5 file if missing If checked client may request any filename with a md5 extension to obtain an MD5 hash of filename contents HTTP S Connection Settings HTTP S connection settings ma
217. or PGP keys in Key Manager Enhancement Added ability to specify SFTP SSH version information in Services gt SFTP panel Enhancement Updated PGP related actions to use keys found in Key Manager Enhancement Removed Send PGP Email action and incorporated PGP email operations into existing Send Email action Enhancement Removed PGP Sign File action and incorporated file signing into PGP Encrypt File action Enhancement Removed PGP Verify File action and incorporated signature verification into PGP Decrypt File action Enhancement Added compression and PEM output support to PGP Encrypt File action Enhancement Added requirement to bind public keys to users when using SFTP SSH protocol combined with public key authentication Bug Fix Fixed issue in HTML user interface to prevent users from being able to view cached version of directory listing after clicking Logout Bug Fix Fixed issue experienced in IE7 HTML user interface when clicking on Add or Remove buttons Bug Fix Fixed issue experienced with setting passive port range Release 3 2 5 Jun 30 2007 Enhancement Updated jscape init d script to support SUSE Ubuntu and RedHat operating systems Bug Fix Fixed issue experienced with WS_FTP client when using SFTP protocol Bug Fix Fixed potential file corruption issue experienced when uploading file using SFTP protocol Bug Fix Improved FTP S protocols so that command channel timeout is not observed when client is performing
218. or credentials you only need to update the trading partner details rather than update all trigger actions that depend on this host To add a trading partner select the Trading Partners node within JSCAPE MFT Server Manager and click on the Add button Figure 142 Home Server v Help Logout Domain localhost running Trading Partners 6 Banned Files 2 Compliance Name Company Protocol Server E IP Access fee ji pagene f DLP at Connections YW Triggers Authentication amp Users amp Groups fg Reverse Proxies 3 Directory Monitors 1 z 4 4 Paget jolt gt H OJA Displaying 1 to 1 of 1 items Drop Zones URL Branding 63 Trading Partners Add Edit Copy Test Delete amp Contacts Stop Pause Figure 143 Chapter 3 Server configuration 123 124 Server configuration 3 Add Trading Partner Add Trading Partner Specify trading partner parameters BASIC Name ABC Corporation Company ABC Corporation E mail CONNECTION HostiP 200 200 1 1 Port 21 _ K Timeout 30 gt sec Username jsmith Password eves ADVANCED Postlogin command Test Server OK Cancel Basic Name A unique name to assign to this trading partner Company The name of the company that this trading partner represents E mail The primary email address for this trading partner Server Details vary based on the protocol selected Chapter 3 Server configuration
219. or encrypting files after upload Personal keys are located in pgp key pub file relative to user root login directory and may be created imported from the Web interface Use personal key of user performing upload Use system key John Smith lt jsmith domain com gt v Chapter 17 Key management 17 Settings Settings OK Cancel OK Cancel 243 244 Key management 17 Decrypting files Files uploaded to JSCAPE MFT Server may be decrypted using a trigger listening for the File Upload event and the PGP Decrypt File action For more information on decrypting files using triggers see the documentation on triggers and the inline help for the File Upload event and PGP Decrypt File action See also Trigger management Server Settings Overview Server gt Settings controls various global configuration properties and server side settings for JSCAPE MFT Serwer Service To access select the Server gt Settings menu item from the main menu Figure 164 Home Server v Help Logout E Manager Service Manager Service Access Administrators amp Domain Startup HostlP web 0 0 0 0 v Port 10880 JDBC Drivers Timeout sec 600 K v Email Failover amp Search Index A JMX Save changes Cancel Chapter 17 Key management JSCAPE MFT Server Manager 1 8 Cattinne Manager service settings The Manager Service node may be used to change the administrative password for the JSC
220. ores The dat abase datastore stores all account and group information in a relational database which may be accessed using the JDBC connection parameters that you provide Figure 13 Home Serer v Help Logout Domain localhost running A Statistics Datastore 8 Description ie Services Store data to file perrecord v Logging Bica installdir users domain peme iu Reports AS2 Messages OFTP Messages 3 Datastore 9 Time Access Banned Files Apply Discant amp Compliance E IP Access DLP Connections Y Triggers E Authentication amp Users Directory The directory in which user account data will be stored file per record file See also Storing account details in a database Storing account details in a database To use the database datastore option you must first create the database on your database server Example database schema for MySQL Microsoft SQL Server and Oracle are provided in the files et c mysql sql etc mssql sql and etc oracle sql respectively Libraries for JDBC drivers must be placed in the 1ibs jdbc directory of your JSCAPE MFT Server installation the JSCAPE MFT Server Service restarted and the JDBC driver class registered in Server gt Settings gt JDBC inorder for the database to be accessible to JSCAPE MFT Server Once this is complete you go to the Datastore node and set the Store data to option to database Figure 14 Chapter 3 Server configuration Server configuration 3
221. ort 21 which are then redirected to your listening port of 2121 By leaving the jscape service configuration file in the etc xinetd d directory this redirection will automatically take place whenever you restart your system Port redirection using iptables A solution available in systems running Linux kernel 2 4 and above is to use iptables iptables offers the same approach as xinetd but with less process overhead since iptables is compiled into the kernel rather Chapter 2 Installation Installation 2 than running as a separate process To see if iptables is running on your system run the following command as root user sbin service iptables status If it is running you will see a list of tables displayed to the console Using our original example create a new redirection rule that will redirect incoming requests on port 21 to port 2121 by issuing the following command as root user sbin iptables t nat A PREROUTING j REDIRECT p tcp destination port 21 21 to ports 2121 This will redirect port requests until you restart your system To ensure that this rule is used after a system restart save the rule by issuing the following command as root user sbin service iptables save See also Auto starting in UNIX environments Running under IBM JVM For systems configured to run using the IBM JVM it is necessary to make some changes to various configuration files in order to instruct the JVM on what security prov
222. ounts for a domain Enhancement Updated custom authentication API to support validation of client IP address Change Updated system requirements to JVM 1 5 and above Bug Fix Fixed issue with not returning error when creating a directory that already exists using FTP S or SFTP protocols Bug Fix Fixed issue with setting bandwidth quotas under Professional license type Bug Fix Fixed issue with Run Process trigger action Release 4 5 Jan 26th 2009 Enhancement Added ability to hide domain and or specify default domain used in web interface Enhancement Added ability to accept multiple delivery addresses in ad hoc email file transfer module Bug Fix Fixed issue experienced when installing only the JSCAPE MFT Server Manager component using GUI installer Bug Fix Fixed issue with setting user bandwidth quotas under Professional edition Bug Fix Fixed issue with expiration date information sent in password reminders Bug Fix Fixed issue with resuming file transfers in SFTP protocol Chapter 1 Introduction Introduction 1 Release 4 4 Dec 26 2008 Enhancement Added Delete Accounts action to Triggers module for deleting expired or disabled accounts Enhancement Added email address to manage users view in web interface Bug Fix Fixed email notification service so email url host is used if entered Bug Fix Fixed issue with PGP encrypting decrypting files Bug Fix Fixed issue with Send Email action throwing a NullPointerExce
223. ous execution support to trigger definitions Bug Fix Changed default encoding of Country attribute in server certificates from UTF8 to ASCII Bug Fix Resolved zlib issue with SFTP service Bug Fix Resolved a number of issues with File Transfer Command Line langage used in File Transfer Script trigger action Bug Fix Bug Fix Bug Fix Bug Fix Bug Fix Bug Fix Bug Fix Resolved issue where rebuilding index causes tags to be lost Resolved issue with Trading Partner Rename File action Resolved issue with Trading Partner Create Directory action Resolved issue where variables could not be used in the Email field for a user in a User Template Resolved issue where HTTP sessions were not properly closed Resolved issue where File Download event was fired for failed SFTP file downloads Fixed performance issue experienced when navigating to a remote directory that is mapped to a reverse proxy when using Java applet Bug Fix Updated indexing engine to prevent locking issues Bug Fix The Runtime column in Triggers gt Recent panel now displays updated time for running triggers Bug Fix Resolved issue where settings in Server gt Settings gt Web gt Resources were not being maintained across upgrades Bug Fix Bug Fix Bug Fix Bug Fix Bug Fix Bug Fix Bug Fix Bug Fix Bug Fix Bug Fix Bug Fix Release 8 6 Mar 8 2013 Enhancement Enhancement interface Enhancement Enhancement Enhancement Enh
224. p named jscape 2 As root user run the command usermod K defaultpriv basic net_privaddr jscape to grant jscape user permissions to run services on ports less than 1024 3 As jscape user run installer for Solaris as described in Installing on Solaris 4 Open the sample SMF manifest file jscape_smf xm1 found in the JSCAPE MFT Server installation directory using vi or other text editor 5 Change references to opt JSCAPE_MFT_Server with the absolute path of JSCAPE MFT Server installation directory 6 As root user validate SMF manifest file using svccfg validate jscape_smf xml command 7 AS root user import SMF manifest file using svecfg import jscape_smf xml command 8 As root user Check for default Solaris FTP service using command netstat na grep 21 If you wish to disable this service you may do so using svcadmin disable ftp default command 9 AS root user enable service using svcadm enable svc application jscape default command 10 Check that service was started successfully and not in maintenance using svcs x jscape default command 11 Verify that JSCAPE MFT Server Serice is running using netstat na grep 10880 command For more information on creating services using SMF please see the following links http www sun com software solaris howtoguides smfmanifesthowto jsp http www sun com software solaris howtoguides servicemgmthowto jsp Running as non root user in UNIX environments Solaris 10 and above syst
225. part of JSCAPE MFT Server Enterprise Edition release Enhancement Added ability to specify whether ports are included in HTTP headers Enhancement Added ability to tag multiple documents simultaneously via the web interface Enhancement Added Run button to Directory Monitors module providing ability to run a directory monitor manually Enhancement Improved performance for ad hoc file transfers Enhancement Added ability to optionally include all event properties as part of request in Http Request trigger action Enhancement Automatically remove leading and trailing spaces from input fields in JSCAPE MFT Server Manager prior to saving Enhancement Added ability to enable disable display of certain sections in My Account page at User and User Template levels Enhancement Added GetUserlnfo function for use in trigger actions to retrieve information on a user account Enhancement Added IsUserMemberOfGroup function for use in trigger actions to check if a user is a member of a group Enhancement Updated Key Manager to prompt user to save keys if they attempt to exit Key Manager with unsaved changes Enhancement Added optional Reply To field in Send Email action Enhancement Updated client web interface in steps towards 508c compliance Enhancement Numerous usability updates to Java applet used in web interface Bug Fix Resolved issue with virtual paths being duplicated when a domain administrator adds a user via web interface Bu
226. pe Username admin J DLP Password occo Connections SQL query select from users where username Susername and password password Yai Triggers Password hash class E Authentication V Create user if not found using template Default v amp Users E Convert username before creation to lowercase v E Groups ra evetse roses Add Variable Test Parameters 3 Directory Monitors Drop Zones URL Branding Apply Discard amp Trading Partners amp Contacts JDBC URL The JDBC URL used to connect to the database Libraries for JDBC drivers must be placed in the 1ibs jdbc directory of your JSCAPE MFT Serer installation the JSCAPE MFT Server Serice restarted and the JDBC driver class registered in Server gt Settings gt JDBC in order for the database to be accessible to JSCAPE MFT Server User The username to connect with when authenticating with JDBC database Password The password to connect with when authenticating with JDBC database SQL query The query to perform to authenticate the user There are two special variables that may be used when performing the database query susername and password which refer the username and password passed in during the authentication process Note SQL queries and stored procedures may be Chapter 3 Server configuration 83 84 Server configuration used however stored procedures which make use of output parameters may not be used The variables username and Spassword
227. pgrade If JSCAPE MFT Server is accessing shared network resources e g UNC paths then you may need to update JSCAPE MFT Server service to use an account with access Upgrade Process Manual Upgrades may only be performed against versions 5 0 or above If you are currently using a version prior to 5 0 then you must uninstall delete current version and reinstall reconfigure new version Shutdown JSCAPE MFT Server Service and JSCAPE MFT Server Manager Backup current JSCAPE MFT Server installation directory Uninstall current version of JSCAPE MFT Server Install updated version of JSCAPE MFT Server making sure to use same installation directory as previous install 5 Shutdown JSCAPE MFT Server Service and JSCAPE MFT Server Manager 6 Copy all dat cfg lic files and users if exists and domains directories from backup directory to current installation directory 7 Copy all dat files from backup etc directory to current installation etc directory 8 Copy any JDBC driver JAR files you have installed from backup 1ibs jdbc directory to libs jdbc directory of current installation 9 Copy any custom actions you have installed from backup libs actions directory to libs actions directory of current installation ROD Chapter 1 Introduction Introduction 1 10 Copy any custom authentication or 3rd party JAR from backup libs ext to libs ext directory of current installation 11 Run the server configuration com
228. pload ensuring data is protected while at rest e Automatically PGP decrypt verify files upon upload e Send PGP encrypted email messages to protect sensitive data See also PGP compatibility matrix Generating a key Importing a public key Exporting a public key Trigger management PGP compatibility matrix The following is a PGP client compatibility matrix The following PGP clients and functions have been tested successfully with JSCAPE MFT Server Client Key Algorithm __ PGP Desktop 9 x and DSA ElGamal above above D GPG 1 4 x and above SA ElGamal Y GPG 1 4 x and above Definitions Decrypt Create an OpenPGP key in JSCAPE MFT Server Key Manager or via web interfac Import resulting public key into PGP client Encrypt file using PGP client Decrypt File using JSCAPE MFT Server PGP Decrypt File action Encrypt Create a private key in PGP client Import corresponding public key into JSCAPE MFT Server Key Manager under OpenPGP keys tab Encrypt file using JSCAPE MFT Server PGP Encrypt File action Decrypt file using PGP client Note Chapter 17 Key management 235 236 Key management 17 In order to use PGP successfully with JSCAPE MFT Server you must properly install the Unlimited Jurisdiction Policy Files For more information on this topic please see the following See also Additional libraries needed for OpenPGP Trigger management Generating a key pair PGP key pairs may be generated from either the
229. pported Document Formats Installation and Configuration The steps for installation and configuration of JSSCAPE Web Document Viewer are as follows 1 Download and install the latest version of OpenOffice or LibreOffice for your platform 2 Download and install the latest version of SWF Tools for your platform 3 Go to Server gt Settings gt Web gt Web Document Viewer panel in JSCAPE MFT Server Manager 4 Check the Enable document viewer option and set the installation directories of OpenOffice LibreOffice and SWFTools Additionally set a temporary directory to be used for file conversion purposes Figure 124 Chapter6 Web based file transfers 173 174 Web based file transfers Home Server v Help v Logout ER Manager Service Web REST AS2 Miscellaneous Resources Web Document Viewer Ea Doman Sei V Enable document viewer web SETTINGS e JDBC Drivers Office directory Program Files x86 OpenOffice org3 Browse Email SWF tool directory C Program Files x86 SWFTools Browse SA Failover Output directory C tmp swfs Browse 4 Search Index a 10 lt A JMX Save changes Cancel Enable document viewer Enables disables JSCAPE Web Document Viewer service Settings Office directory The installation directory of OpenOffice LibreOffice SWF tool directory The installation directory of SWFTools Output directory Temporary directory to be used for document conversion 5 Enable web document viewer
230. ption Bug Fix Fixed issue with backuplog command line utility Bug Fix Fixed API so that ssl cfg is used when using JVM other than that provided by Sun Microsystems Release 4 3 Nov 14 2008 Enhancement Added NTLM authentication support Change Renamed example dsa and rsa keys to example_dsa and example_rsa Bug Fix Fixed issue with MD5 and SHA1 hashes generated when using MD5Hasher and SHA1Hasher classes in authentication modules Release 4 2 Nov 7 2008 Enhancement Added optional syslog reporting support Enhancement Added js ipaccess command line utility to manage IP access list Enhancement Increased maximum available retry limits in FTP FTPS and SFTP file transfer trigger actions from 3 to 9 Enhancement Change server behavior so adding or deleting an IP access rule does not require a domain restart Enhancement Added regular expression support for event integer values when creating trigger conditions Enhancement Added ability to set domain administration rights when creating a user template Enhancement Added PAM Authentication module to support authenticating users against native UNIX user databases Enhancement Improved ease of use for entering IP addresses when defining services Enhancement Added ability to automatically unblock an IP address after a certain period of time of being blocked due to too many unsuccessful logins Enhancement Added ability to automatically re enable an account after a certain
231. public and private keys Encrypting files and virtual paths Decrypting files JSCAPE MFT Server Manager Settings Server Settings Overview Manager service settings Web settings Email settings Failover settings Search index settings JDBC settings Introduction 1 Overview JSCAPE MFT Server is a platform independent managed file transfer server that supports FTP FTPS FTP over SSL SFTP FTP over SSH HTTP HTTPS AFTP and WebDAV protocols Features of JSCAPE MFT Server include Platform Independent Support for Windows Linux Solaris AIX Linux Z OS and Mac OS X environments provides the flexibility of deploying anywhere within your organization Multiple Protocol Support Support for AS2 FTP FTPS FTP over SSL SFTP SCP Secure Copy AFTP Accelerated File Transfer Protocol HTTP HTTPS and WebDAV protocols means you can easily exchange data with your customers regardless of their file transfer requirements Integrated Web File Transfer Client Licensing and support costs are significantly reduced as there is no client software to install Your clients need only a web browser in order to start transferring files In addition when using the integrated web client users do not have to worry about strict internal firewall policies as most organizations do not restrict web based traffic Accelerated File Transfer AFTP Accelerated File Transfer Protocol is a file transfer protocol developed by JSCAPE AFTP is de
232. public key authentication for the SFTP SCP service To authenticate instruct your SFTP SCP client to use the private key you exported in Step 2 Some SFTP SCP clients e g Putty use a proprietary private key format Therefore it may be necessary that you convert the PEM formatted key to the client proprietary key format prior to connecting For Putty client you may use the puttygen exe utility to make this conversion See also Setting SFTP SSH authentication mode 64 Chapter 3 Server configuration Server configuration Setting logging preferences 3 JSCAPE MFT Server logs all domain activity to a log directory or JDBC accessible database To configure logging preferences go to the Logging node in JSCAPE MFT Server Manager for the desired domain File Log Database Log Syslog Verbose Logging Restoring a Database Log File Log Logs all server activity to a directory Figure 12 Home Server v Help Logout Domain localhost running i EF If Search service Settings amp Description a Services reste be x Logging Directory installdir logs domain Browse Wie Reports File rotation daily AS2 Messages weekly OFTP Messages monthly file size reaches 10 mB 3 Datastore 9 Time Access Banned Files amp Compliance SIP Access y DLP Apply amp Connections Ye Triggers Authentication amp Users Directory The directory where to store log files File rotation The frequency i
233. r 10 Chapter 11 169 173 177 179 181 182 182 182 185 186 188 188 188 190 190 191 192 192 192 192 194 196 196 196 196 197 197 197 197 197 Adding custom forms on file upload Enabling web document viewer Drop zones URL branding Searching and tagging documents Email transfers Overview Enabling email transfers Emailing files Managing contacts Monitoring directories Overview Creating a directory monitor Accelerated file transfer AFTP Overview Adding AFTP service Connecting to AFTP service Data loss prevention DLP Overview Creating DLP Rules Enabling DLP Capturing DLP events Java Management API Overview Requirements Creating a domain Creating an account Creating a group Creating a reverse proxy Stopping and starting a domain Contents Chapter 12 Chapter 13 197 197 197 198 198 199 199 199 200 200 201 201 201 202 202 202 203 203 203 203 204 204 204 205 205 206 206 207 207 REST API Client REST API Management REST API Command line utilities Overview js adddirmonitor js adddomain js addgroup js addgroupdir js addserviceaftp js addserviceftp js addservicehttp js addservicesftp js addservicewebdav js adduser js adduserdir js as2util js copyusers js deldomain js delgroup js deluser js enablehttp js enablehttps js importcontacts js importuse
234. r Keys tab select a server key and click on the Export button The Export dialog is displayed Figure 158 Chapter 17 Key management Key management 17 Home Server 7 Help 7 Logout Server Keys Host Keys ClientKeys PGP Keys Key Expiry Report 2 example_rsa example_dsa Key algorithm Certificate type Version Serial Issuer Subject Valid not after Signature Valid not before RSA X 509 2 2803379338 CN server jscape com OU IT O JSCAPE L Miami ST FL C US CN server jscape com OU IT O JSCAPE L Miami ST FL C US 06 24 2014 06 24 2015 32 3 21 3 a7 8 a5 4e b7 02 a9 e1 06 21 41 69 29 ca 91 5 2c 6a b3 60 71 d1 3d c4 dd 76 3b 65 b7 ea m Import Generate CSR Specify certificate file parameters Certificate filename Format Generate Delete Import Certificates Figure 64 Export Certificate 3 Certificate export jscape crt X509 v OK i Cancel Certificate filename The filename to export the certificate to Format The format in which to export certificate Chapter 17 Key management Figure 159 225 226 Key management Export Public Key Public key export Specify key file parameters Key filename jscape pub Format x509 v OK Cancel Key filename The filename to export public key file to Format The format in which to export public key Figure 190 Export Priv
235. r all files in this directory and subdirectories when determining quota and looking for new edited or deleted files Once the directory monitor has been created you can capture any changes made to the directory using triggers and events The available events for a directory monitor include Directory Monitor File Added Directory Monitor File Changed Directory Monitor File Deleted and Directory Monitor Quota Exceeded See the user documentation on triggers for more information on how to capture and respond to these events See also Trigger management Event types Overview What is AFTP AFTP Accelerated File Transfer Protocol is a file transfer protocol developed by JSCAPE AFTP is designed to accelerate file transfers over high speed networks that are unable to fully utilize network throughput due to high latency and packet loss Under these conditions AFTP can accelerate file transfers up to 100 times faster than FTP and other file transfer protocols How does it work Popular file transfer protocols such as FTP S SFTP and HTTP S depend on an underlying protocol named TCP The problem with TCP is that as network conditions such as latency and packet loss increase network throughput is significantly reduced This is largely to due to the algorithm used to ensure TCP s reliability TCP uses a sliding window algorithm that reduces throughput as latency and packet loss increase The result is that file transfer protocols based on TCP
236. r automating AFTP file transfer processes Overview Data Loss Prevention DLP are systems that identify and prevent the loss of sensitive data The DLP module in JSCAPE MFT Server Enterprise Edition can be used to identify sensitive data at rest and prevent it s unauthorized distribution over all file transfer protocols supported by JSCAPE MFT Server Creating DLP Rules DLP rules are regular expressions that are used in identifying sensitive data at rest JSCAPE MFT Server has a number of built in rules that may be used to identify sensitive data at rest such as credit card numbers Visa MasterCard Amex Discover U S social security numbers UK national insurance numbers and IBAN account numbers To create a DLP rule go to the DLP module in JSCAPE MFT Server Manager Here you will find a list of currently available DLP rules Figure 148 Chapter 9 Accelerated file transfer AFTP Data loss prevention DLP Home Server v Help v Logout Domain localhost running DLP Banned Files amp Compliance i Name Description Scope Regular Expression grans American Express American Express card FleComtemts 3 A7NO 9133IA7NAZM JAMON TOM TAL FATT PAM J DLP Diners Club Diners Club card File Contents 3 0 0 5 68 0 9 af 046 1G4 I1 1 31 1 01 1 10 511 68 1 1 amp Connections Discover Discover card File Contents 6 011 5 0 92 0 9 12 ey Triggers gt IBAN FRANCE IBAN accoun
237. r dialog is displayed Select the PGP Keys tab and click the Import button The Import PGP Key dialog is displayed Figure 110 Chapter 17 Key management Key management 17 Import PGP Key X PGP key import Specify key file parameters Key type Publickey Secret key Key file Choose File pgp key pub File password OK Cancel Key file The PGP public key file Importing public keys via web interface To import a public key login via web interface and click on the My Account gt OpenPGP Encryption gt Import Public Key link The Import OpenPGP Key dialog is displayed You will notice that upon generating your PGP key pair that a file named pgp key pub will be placed in your home directory DO NOT DELETE this file as it will be used for encrypting files uploaded to virtual paths that have PGP encryption enabled NOTE only one PGP public key may be associated with each account Generating a new key pair or importing a new public key will overwrite the existing public key file Figure 154 Chapter 17 Key management 239 240 Key management 17 Import OpenPGP Key Public key Browse_ Public key Location of public key on local system Exporting public and private keys Using JSCAPE MFT Server Manager you can export an existing public PGP key A typical scenario in which you would export a PGP public key would be the case where you want to distribute your public key to individuals organizations who will
238. r level IP Access rules Bug Fix Resolved issue where changes made by a domain administrator to the Allow password change option for an account are not saved when updating user via web interface Release 8 4 Aug 14 2012 Enhancement Major upgrade to the JSCAPE MFT Server Manager user interface in order to more effectively support multiple domains and reduce overall memory and CPU consumption Enhancement Added automatic ssl cfg update to work with graphical installers using IBM JVM Enhancement Added optional expiration date to ad hoc file transfers allowing users to send non expiring ad hoc file transfers Enhancement Added ability for users to register for new accounts using the web interface Enhancement Improved update process so that customizations made to language files are not lost during an upgrade Enhancement Added optional argument to specify a user template when using the js adduser command line utility Enhancement Added ability to test SMTP server settings and send a test email message Enhancement Improved error message displayed when invalid credentials are entered and manual synchronization is performed Enhancement Improved firewall support for remote JMX sessions providing settings for both server and registry ports Enhancement Various performance enhancements made to the AFTP protocol Enhancement Changed Monitor interval sec field for directory monitors to be optional allowing for directory monitors t
239. r more entries which each column in the entry delimited by a comma The first column in the entry is the key alias In the above example the key alias is mykey PKCS 12 keystore From your command line issue the following command in the directory that contains the keystore keytool list keystor xample pfx storetype pkcs12 Figure 80 Chapter 17 Key management 223 224 Key management 17 cx C WINDOWS system32 cmd exe C tmp keys gt keytool list keystore example pfx storetype pkcs1i12 Enter keystore password secret Keystore type pkcsi2 Keystore provider SunJSSE our keystore contains 1 entry mykey Apr 3 2607 keyEntry Certificate fingerprint lt MDED 6A DE 5D 1B AB E EE 4C E3 26 DA 1C 25 62 34 A6 iC tmpNke ys gt This will list one or more entries which each column in the entry delimited by a comma The first column in the entry is the key alias In the above example the key alias is mykey See also Generating a key Exporting a certificate public or private key You may export existing server key certificates and or public keys for use by clients in validating trusted FTPS SFTP and HTTPS servers or for having a third party certificate authority e g Thawte Verisign or JSCAPE sign your certificate To export an existing server certificate and or public key open the Key Manager by selecting the Server gt Key Manager option from the main menu The Key Manager will be displayed Click on Serve
240. r the key Figure 109 Chapter 17 Key management Key management 17 Generate PGP Key x PGP key generation Specify key parameters Real name John Smith Email jsmith domain com Key algorithm RSA v Key length 1024 v OK Cancel Real name The full name of the key pair owner e g John Smith Email The email address for the key pair owner e g ismith domain com Key algorithm The encryption algorithm used Key length The length of encryption key Generating a key pair via web interface To generate a key pair login via web interface and click on the My Account gt OpenPGP Encryption gt Generate OpenPGP Key link The Generate OpenPGP Key dialog is displayed Upon clicking the Generate button you will be prompted to save the private key on your local system Make sure to save this key in a safe place as without it you will be unable to decrypt files encrypted using the public key Furthermore anyone who obtains your private key may be able to decrypt your PGP encrypted files so it is recommended that you apply a password to your private key You will notice that upon generating your PGP key pair that a file named pgp key pub will be placed in your home directory DO NOT DELETE this file as it will be used for encrypting files uploaded to virtual paths that have PGP encryption enabled Note only one PGP public key may be associated with each account Generating a new key pair or importing a new public key will overw
241. railing spaces will be included as part of the parameter 3 If the function parameter contains a comma then you must surround the parameter with quotes to prevent it from being misinterpreted as a parameter separator 4 If you are nesting a function or variable within a function then you should omit the leading and trailing symbols e g LocalDir ToUpperCase Name RENAMED In this case the leading and trailing symbol from the Name variable is removed Using event variables within functions Each trigger listens for a server event which in turn has several event variables that you can use in your trigger actions when executed These event variables may be used in functions as well For example let s assume you are listening for the File Upload event and you want to rename the file to an upper case version of it s filename with a RENAMED file extension To achieve this you would create a trigger that listens for File Upload event and executes a Rename File action The Rename File action has two required fields File and Destination File which would be as follows File sLocalPath Destination File sLocalDir ToUpperCase Name RENAMED In this case the ToUpperCase function is used it s argument being the name of the file uploaded as represented by the Name event variable Using patterns in Format function The Format function is very powerful in that it allows you to format data in a language
242. ransfer send a very small email message to the user with one or more automatically generated web based links embedded in the body of the message The web based links embedded in the email message provide information on the files sent and allow the recipient to download the files at their own leisure Ad hoc email transfers provide the following benefits Avoid bounced emails due to large file attachments or strict firewall rules at the email server Avoid clogging recipients inbox with large file attachments allowing user to download files at their convenience Email multiple files or entire directories with ease Receive optional notification when recipient picks up files Streamline document collaboration both internally and with customers Restrict access to content after a given period of time Email files to users without having to create a user account on the server See also Enabling email transfers Emailing files Managing contacts Enabling email transfers Email transfers may be enabled inthe Server gt Settings gt Email panel For a user to be able to perform ad hoc email transfers the Enable email service option must be enabled in both the Server gt Settings gt Email panel andthe Enable ad hoc email transfers option must be enabled for the specified user account and inthe Server gt Settings gt Email gt Ad Hoc File Transfer panel Figure 91 Chapter6 Web based file transfers Email transfers T Home Ser
243. ransfer quota is exceeded no further file transfers are allowed until transfer quota is reset Transfers are the combined sum of uploads and downloads Disable account after X invalid password attempts in Y min Disables account for a certain period of time if too many login attempts fail within a certain period of time Disable IP after X invalid password attempts in Y min Blocks IP from further access for a certain period of time if too many login attempts fails within a certain period of time Flag IP after X invalid password attempts in Y min Flags IP for a certain period of time if too many login attempts fails within a certain period of time Note flagging an IP has no affect on the users ability to connect This will result in an IP Flagged event being raised and is intended primarily for integrating with other applications such as JSCAPE MFT Gateway FTP S Connection Settings FTP S connection settings may be managed under the Services gt FTP S panel Figure 70 Chapter 3 Server configuration 111 112 Server configuration 3 Home Serer v Help Logout Domain localhost running A Statistics Services FIP S SFTP SCP AFTP OFTP TFTP HTTP S WebDAV S B Description a Services CONNECTIONS Logging Banner im Reports ELLOS Command channel timeout 5 Almin OFTP Messages Data channel timeout 4 A min v J Datastore Passive IP E Passive port range 10000 9 Time Access p 9 Data channel send buffer 64
244. rd Wy Triggers E Authantication Stop Pause Logo The logo displayed in upper left corner when using WebDAV user interface Logout URL The URL to redirect user to upon clicking Logout link Enable Java applet If checked Java applet interface is enabled for WebDAV connections Enable web document viewer If checked web document viewer is enabled Show login info If checked the current username and domain is displayed in upper right Show account link If checked the My Account link is displayed in upper right allowing users to change their account contact information Resources The current language resource file Language resource files are used for specifying alternative user interface labels based on client browser default language Backing up server configuration files JSCAPE MFT Server has several configuration files that are used to store server details such as services triggers server keys and more You should backup these files on a regular basis should emergency recovery be needed These configuration files may also be used for mirroring configuration settings to other servers for the purposes of failover support All configuration files are located in the installation directory of JSCAPE MFT Server These files are described below certificates dat Contains any client certificates created using the Key Manager Chapter 3 Server configuration Server configuration 3 email ee Lee directory of informati
245. rent connections and Total connections since start values reported by JSCAPE MFT Server Manager are corrupted from incoming WebDAV connections Release 8 3 May 9 2012 Enhancement Added support for streaming compression to AFTP protocol Enhancement Added ability to use search results as argument to a report Enhancement Added ability to re run a report Enhancement Updated syntax for functions to be consistent across trigger conditions and actions parameters Enhancement Added GetPathSeparator function in triggers module to return the OS specific path separator used Enhancement Disabled form auto complete in web interface for sensitive fields Enhancement Updated login and account reset password error messages to prevent attackers from trying to guess valid usernames Enhancement Added HttpOnly flag to session cookie to prevent session information from being potentially exposed to scripts Enhancement Added input validation for all fields in web interface to prevent potential XSS attacks Enhancement Added old password verification when changing password via web interface requiring that users enter their old password to set a new password Enhancement New session ID is now generated after login when using web interface Enhancement Exposed syslog service descriptor in management API Enhancement Added check to prevent importing of certificates into key manager without a valid matching private key Enhancement Improved
246. ries Accelerated file transfer AFTP 9 locations and will benefit from the use of AFTP Conversely a file transfer between two hosts on a LAN Local Area Network over a 100Mbps connection is unlikely to have high latency or benefit from the use of AFTP What is latency In a network latency is a measure of the amount of time it takes for a packet of data to get from one network point to another Latency can be affected by many variables including distance between points the number of gateways between points and the medium used e g wireless fiber optics Latency is typically measured in milliseconds ms Example The latency between Host A in Los Angeles and Host B in Tokyo is 200 ms What is packet loss Packet loss is a network condition when one or more packets of data fail to reach their intended destination Packet loss is measured as a percentage of packets that do not reach their destination also known as lost or dropped packets Example The packet loss between Host A in Los Angeles and Host B in Tokyo is 1 0 What is throughput Throughput is the actual rate of data delivery over a network Throughput is typically measured in bps bits per second Throughput is often a fraction of bandwidth due to network conditions such as latency and packet loss Example The throughput between Host A in Los Angeles and Host B in Tokyo is 5Mbps What is bandwidth Bandwidth is the theoretical maximum rate of data delivery over a net
247. ription of this domain Step 2 Figure 3 New Domain step 2 of 4 B Domain Service Setup domain service Protocol FTP S v Host 0 0 0 0 v Port 24 A Type explicit SSL v Private key example_rsa v lt Back Next gt Cancel Protocol The service type to add FTP S SFTP SCP HTTP S AS2 AFTP and WebDAV S protocols are available Chapter 3 Server configuration Server configuration 3 Host The IP address that this service will listen on Port The port that this service will listen on Private key The private key that this service will use for encrypting communications Available only when adding FTP S SFTP SCP and AFTP servces Step 3 Figure 4 New Domain step 3 of 4 x Domain Datastore Service Setup domain datastore service Store data to file per record v Directory installdir users domain Browse lt Back Next gt Cancel Store data to The type of datastore File per record file or database to use for storing user account and group data Directory The directory to store user account data and group data file per recordor file Step 4 Figure 5 Chapter 3 Server configuration 55 56 fi Server configuration 3 New Domain step 4 of 4 Domain Log Service Setup domain log service Log to file v Directory installdir logs domain Browse File rotation daily weekly monthly g file size reaches 10 gt MB lt Back OK Cancel Log to file to log act
248. risdiction Policy Files include but are not limited to aes twofish serpent idea and cast Due to export restriction the version of the policy files bundled by default with the JDK allow strong but limited cryptography to be used The unlimited strength policy files contain no restrictions on the cryptographic strengths Chapter 2 Installation Installation 2 Download Unlimited Strength Jurisdiction Policy Files http www oracle com technetwork java javas e downloads jce 6 download 429243 html JVM 1 6 http www oracle com technetwork java javas e downloads jce 7 download 432124 html JVM 1 7 http www oracle com technetwork java javas e downloads jce8 download 2133166 html JVM 1 8 Installation 1 Determine the location of the JVM JDK you are using by opening the install44j inst_jre cfg file located in your JSCAPE MFT Server installation directory This file will contain the path to the JRE used when running JSCAPE MFT Sener Example c program files java jre 2 Extract the contents of the Unlimited Strength Jurisdiction Policy Files to a temporary directory 3 Copy the local_policy jar and US_export_policy jar files extracted in the previous step to the lib security directory of your JRE making sure to backup previous versions of these jar files should you decide to revert back to the previous installation Example c program files java jre lib security 4 Restart both the JSCAPE MFT Server Service and JSCAPE M
249. rite the existing public key file Figure 153 Chapter 17 Key management 237 238 Key management 17 Generate OpenPGP Key Real name Email Type Length File password Confirm password Generate _ Cancei Real name The full name of the key pair owner e g John Smith Email The email address for the key pair owner e g jsmith domain com Key length The length of encryption key Key algorithm The encryption algorithm used File password Optional private key password Importing public key Using JSCAPE MFT Server Manager you can import an existing public PGP key A typical scenario in which you would import a PGP public key would be the case where you want JSCAPE MFT Server to PGP encrypt documents using a PGP public key provided to you by a third party PGP key pairs may be imported from either the Key Manager available in JSCAPE MFT Server Manager or viathe My Account gt OpenPGP Encryption gt Import Public Key link in the web interface Keys imported via the Key Manager are system keys that may be used anywhere in the system whereas keys imported via the web interface are private to the user that imported the key and may be used only to encrypt files uploaded to virtual paths that are accessible to the user and have PGP encryption enabled Importing public keys via Key Manager To import a PGP public key click the Server gt Key Manager menu option in JSCAPE MFT Server Manager The Key Manage
250. roxies and trading partners to support extended set 11 12 Introduction 1 of ciphers Enhancement Updated client web interface to provide protection against CSRF Cross Site Request Forgery attacks Enhancement Updated web interface so the View icon is only enabled for those document types supported by web document viewer Enhancement Updated web document viewer to display a user friendly error message in the event that a document cannot be displayed Enhancement Added client REST API for use in performing file transfers ad hoc file transfers and contact management Enhancement Added support for displaying SWF files in web document viewer Bug Fix Resolved issue where administrator is unable to update a Contact name in JSCAPE MFT Server Manager Bug Fix Resolved failover synchronization issues Bug Fix Resolved issue where REST services are not automatically started after failover synchronization Bug Fix Resolved unresponsive Cancel button when deleting a Contact URL Branding or Drop Zone via the web interface Bug Fix Resolved issue with canceling Check Email trigger action Bug Fix Resolved class name obfuscation issues in management API Release 8 5 Jan 11 2013 Enhancement Added REST API for use in managing JSCAPE MFT Serwer Enhancement Added web administration interface for adding deleting starting stopping and pausing domains Enhancement Updated web document viewer to be automatically included as
251. rs js ipaccess js kickuser js migrateadhoc js migrateas2 Contents Chapter 14 Chapter 15 Chapter 16 Chapter 17 207 208 208 208 209 209 209 210 210 210 211 211 211 211 212 212 212 212 213 213 213 216 216 216 216 216 217 217 217 219 221 js migrateoftp js passwd js pausedomain js resumedomain js runtrigger js sendmessage js setdomainquota js setuserquota js shutdown js shutdowndomain js startdomain js stopdomain js syncstate js triggersreport js users WebDAV support Enabling WebDAV service Establishing a connection Reverse proxy management Overview Creating a reverse proxy Mapping a reverse proxy to a virtual path Session management Overview Key management Overview Server keys Overview Generating a key Obtaining a trusted certificate Importing third party certificates Contents Chapter 18 222 224 226 227 227 227 229 229 229 232 232 234 234 234 235 236 238 240 242 244 244 244 244 245 246 248 248 248 249 Importing a key Exporting a certificate public or private key Host keys Overview Importing a host key Exporting a host key Client keys Overview Generating a key Importing a certificate and or public key Exporting a certificate and or public key OpenPGP keys Overview PGP encryption primer PGP compatibility matrix Generating a key pair Importing public key Exporting
252. rs and permissions at the OS level Virtual paths may be defined at the User User Template or Group levels Defining virtual paths at the Group or User Template level is recommended when you want to assign multiple users the same set of virtual paths Creating virtual paths for a User account 1 From the Users node select the user you wish to define the virtual paths for and click the Edit button The Edit User dialog is displayed Figure 120 Chapter 3 Server configuration Server configuration Edit test User B Edit User Specify user parameters Info Paths Quotas IP Access Domain Administration Web USER Name Change Password Email Company Phone 2345555555 SETTINGS v Enabled V Enable ad hoc email transfers _ Owner v F l Expires on 07 02 2014 Pat AUTHENTICATION Require secured connection Use phone authentication S OK Cancel 2 Click on the Paths tab to see a list of virtual paths for this user To add a new virtual path click on the Add button Figure 42 Chapter 3 Server configuration 99 100 Server configuration 3 Edit Virtual Path X Virtual path Setup virtual path parameters Path I Real path installdir users domain username Browse Reverse proxy v V Create directory if not found V Include in search index PGP encrypt uploads F Enable DLP
253. rs you have the option of securing these transfers using HTTPS The HTTPS protocol requires an SSL certificate to be used You can either generate your own self signed certificate using the Key Manager found in JSCAPE MFT Server Manager or you can create a certificate signing request CSR and have your certificate signed by a third party known as a certificate authority CA Note When using your own self signed certificate the client web browser may display a warning message letting the user know that the certificate in use is not signed by a known CA This is not an error but rather a warning to the user that the certificate has not been validated by a trusted authority If you wish to avoid this message you should create a certificate signing request and have that certificate signed by a trusted certificate authority Generating a private key The first step in obtaining a CA signed certificate is to generate your own server key The most important thing to understand when generating your server key is that the Common Name field should match the domain name that clients will use when connecting to your FTPS or HTTPS server For example if your HTTPS or FTPS server will be served under the domain www mydomain com then this is the value you should use in your Common Name field when generating your private key See also Generating a key Generating a CSR The next step is to create a certificate signing request for your server key The CSR will b
254. running To connect to this service and manage your server see the following topics Server configuration gt Launching the administrative client Auto starting in UNIX environments Chapter 2 Installation 39 40 Installation 2 Installing on Mac OS X To install JSCAPE MFT Server on a Windows platform perform the following 1 Download and run the install dmg installation file for JSCAPE MFT Server Click Next to continue Figure 181 Welcome to the JSCAPE MFT Server Setup Wizard This will install JSCAPE MFT Server on your computer The wizard will lead you step by step through the installation Click Next to continue or Cancel to exit Setup Next gt Cancel 2 Read and accept license agreement Click Next to continue Figure 182 Chapter 2 Installation Installation 2 License Agreement A Please read the following important information before continuing fi Please read the following License Agreement You must accept the terms of this agreement before continuing with the installation JSCAPE MFT SERVER LICENSE STATEMENT AND LIMITED WARRANTY IMPORTANT READ CAREFULLY This license statement and limited warranty constitutes a legal agreement License Agreement between you either as an individual or a single entity and JSCAPE LLC JSCAPE for the my 5 fe shave includina anu accept the agreement C do not accept the agreement lt Back Next gt
255. ry B DLP Entry Specify DLP entry parameters DLP rule American Express v Access allow all v Enabled OK Cancel DLP rule The DLP rule to add Chapter 10 Data loss prevention DLP 195 196 Data loss prevention DLP 1 0 Access The level of access to grant when DLP rule regular expression is matched The allow all option allows access and raises a DLP Rule Matched trigger event The deny all option denies access and raises a DLP Rule Matched trigger event The deny ad hoc option denies access to email recipients via ad hoc file transfer and raises a DLP Rule Matched event Enabled Enables disabled DLP rule Capturing DLP events As part of any DLP implementation you may want to be notified anytime a DLP rule has been triggered This can be accomplished using a trigger and the DLP Rule Matched event See also Trigger management Overview The JSCAPE MFT Server Java Management API is a Java based API for programmatically managing your JSCAPE MFT Server Using the JSCAPE MFT Server Java Management API you may perform functions like creating domains adding user accounts creating groups stopping and starting domains and various other management functions The JavaDoc for the JSCAPE MFT Server Java Management API may be found in the doc api directory of your JSCAPE MFT Server installation See also Command line utilities Client REST API Management REST API Requirements The JSCAPE MF
256. s Email transfers T Home Serer v Help Logout Domain localhost running e m Contacts Banned Files l 2 Compliance Name Company Email Owner Le Co a y DLP Connections Y Triggers E Authentication amp Users Groups Bp Reverse Proxies 3 Directory Monitors EE aj Pagel1 j lola Displaying 1 to 1 of 1 items rop Zones zu 4 URL Branding Refresh Add Edit Delete amp Trading Partners amp Contacts Stop Pause Re e Figure 145 Add Contact B Add Contact Specify contact parameters Name John Smith Email jsmith domain com Company ABC Corporation Owner jsmith bad OK Cancel Name The full name of the contact Email The contact email address Company The company name of contact Owner The owner of contact If an owner is selected then contact will be marked as private and will only be visible to the owner otherwise contact will be marked as public and will be visible to all users for the domain Chapter 7 Email transfers 187 188 Monitoring directories 8 Overview JSCAPE MFT Server includes support for monitoring local directories for files added files deleted or files changed Using a directory monitor you can capture these events and respond to them using a trigger Generally you should use a directory monitor only when the directory is not managed using a service like
257. s as2util command may be used to get information about AS2 messages in JSCAPE MFT Server Usage js2 as2util options id lt message id gt target message id f lt file gt write message to specified filenam k lt key alias gt decryption key alias d decrypt the specified messag s display certificate alias and serial used in signing message h display this help menu If js as2util command is run without options then user will be prompted for necessary information jS copyusers The js copyusers command may be used to copy users for one domain to another domain in JSCAPE MFT Server This utility is typically used for user migration purposes Usage d lt destination domain gt s lt source domain gt h Options s the source domain name d the destination domain name h display this help menu If s copyusers command is run without options then user will be prompted for necessary information js deldomain The js deldomain command may be used to delete a domain in JSCAPE MFT Server Usage js deldomain options Options d the domain name h display this help menu If js deldomain command is run without options then user will be prompted for necessary information js delgroup The js delgroup command may be used to delete an existing group from JSCAPE MFT Server Usage js delgroup options Chapter 13 Command line utilities 203 204 Command line utilities 1 3 Options d the
258. s enabled set aftpconpr essi onfil esi ze Specifies the minimum filesize in bytes for compress stil esi 26 gt connections The default minimum filesize is 104857 A valid integer between 1 2 147 483 647 Example set aftpconpressi onfil esi ze 100000 set aft pconpr essi onexcl ude Specifies a case insensitive comma delimited list of lt filter gt file extensions to exclude when using compression in AFTP connections Default value is bz2 F gz 1z Izma IZo rz sfark xz z Z infl 7z 7Z ace afa alz apk arc arj ba oh cab cfs cpt dar dd dgc dmg gca ha hki ice j kgb Izh lha 1Zx pak partimg paq6 paq7 paq8 pea pim pit qda rar rk sda sea sen sfx sit sitx sqx tgz toz2 tlz uc uc0 uc2 ucn ur2 ue2 uca uha wim Xar Xp3 YZ1 Zip Zipx Z00 ZZ lt filter gt a comma delimited list of file extensions set aftpcongesti oncontrol lt bool ean gt Specifies whether congestion control is enabled or disabled when connecting using AFTP protocol By default congestion control is enabled lt bool ean gt Chapter5 Trigger management Trigger management set aftpdownl oadrate lt bitrate gt set aftpsecurity lt rode gt set aftpuploadrate lt bitrate gt set debug lt bool ean gt set hostname lt host name gt Chapter 5 Trigger management Specifies the download rate in Kbits per second The default rate is 45000 Kbps lt bi trat e gt A
259. se Proxies 1 le 4 lt 4 Pagel1 of1 oO Displaying 1 to 1 of 1 items 3 Directory Monitors Drop Zones Add URL Branding 43 Trading Partners amp Contacts To add a user template click on the Add button in the lower right corner The Add User Template dialog will be displayed Figure 113 Chapter 3 Server configuration 78 Server configuration Add User Template Add User Template Specify new template parameters Info Paths Quotas IP Access Domain Administration USER Template name Employees Name Email Company Phone Groups F Admins SETTINGS W Enabled W Enable ad hoc email transfers Owner _ Expires on 06 24 2014 lt ALU AIT ATI Add Variable User Template name The name of this template Name The full name of this user Email Optional email address for this user Company The company that this user is associated with Web 3 m OK Cancel Phone The phone number for this user The first field is the country code e g 1 for United States and the second field is the telephone number including any area code the third field is the phone extension This field is used primary in conjunction with Phone Authentication Groups Optional groups that this user is a member of Settings Enabled Check to enable this account Owner Optional login of user who owns manages this account Chapter 3 Server configuration Server configuration 3 Expir
260. signed to accelerate file transfers over high speed networks that are unable to fully utilize network throughput due to high latency and packet loss Under these conditions AFTP can accelerate file transfers up to 100 times faster than FTP and other file transfer protocols Web Document Viewer JSCAPE Web Document Viewer simplifies content distribution by embedding a document viewer in the JSCAPE MFT Server web interface With support for numerous document formats users can view documents on the server without having to download or have supporting software installed Data Protection Your sensitive data is protected during transit and at rest using high grade OpenPGP and SSL encryption technologies This is critical for many companies who are now subject to PCI DSS HIPAA and Sarbanes Oxley data protection requirements Data Loss Prevention Prevent the loss of sensitive data using an embedded DLP rules engine Ad hoc File Transfers Perform email based file transfers while avoiding the issues commonly experienced with large email attachments Chapter 1 Introduction 1 Introduction ra Authentication Integration Action API REST API Checkpoint and Restart Support Integrity Checksum Email Notifications Using triggers you can quickly automate business processes based on events and conditions For example whenever a file is received by a customer you may wish to automatically compress that file and then forward it v
261. sposition type Error description Errors Failures Final recipient From MDN gateway Message ID Message digest Original message ID Original recipient Recipient URL Raw View Deleting AS2 messages You may wish to delete purge AS2 messages from your system in order to save storage space To do so select the desired messages you wish to delete hold shift key to select multiple message and click the Delete button A confirmation dialog will be displayed asking you to confirm deletion Value me you 09 59 53 06 25 2015 automatic action MDN sent automatically processed you as2mdn jscape com u lt 2060160846726450384 6062013681680935692 7175 l lt 340938784284127702 7359613741647825050 92627 you http 127 0 0 1 6697 Figure 170 Chapter 4 AS2 Applicability Statement 2 Close User test Trading Partne MDN sync localhostas2 sync localhostas2 sync sync sync sync sync sync sync sync Displaying 1 to 10 of 55 items AS2 Applicability Statement 2 4 Home Serer Help Domain localhost running 2 Statistics AS2 Messages amp Description k Date Type Direction Message ID AS2 From AS2 To Filename Status User Trading Partne MDN 6 25 2015 9 59 53 AM receipt outgoing lt 20601608467 you me desktop ini successful test sync Logging 6 25 2015 9 M receipt incoming lt 20601608467 you me desktop ini localhostas2 sync du Reports 6 25 2015 9 5 M r
262. t numbers for France File Contents i FR 14 s 0 9K4 s 0 9K4 s 0 9K2 a zZA Z0 9K2 s IBAN GB IBAN account numbers for GB File Contents 2 4 GB 29 s 1JA Z 4 s 0 9 4 s 0 9K4 s 0 9K4 s Authentication Miisa MasterCard Master Card card File Contents 5 1 5 0 9114 15 1 SNdf2H HAM AKAM IAML 1 5 11 514 amp Users UK NIN UK National Insurance numbers File Contents abceghj prstw zl abceghj nprstw z 7 d 2 d 2 d 2 a dfm amp Groups US SSN US social security numbers File Contents 71000 7 666 0 6 d 2 7 0 356 d 7 0 12 17 7 00 df2 R Visa Visa card File Contents 410 9K1242 10 9K3 AHIM AHAA AHAH TAPAHIHAL IA 3 Directory Monitors oja Paget oft gt nola Displaying 1 to 9 of 9 items Drop Zones beers URL Branding amp Q Trading Partners Add Edit Delete amp Contacts Stop Pause Resu To create a new rule click on the Ada button The Add DLP Rule dialog will be displayed Figure 149 Add DLP Rule B f DLP Rule i Specify DLP rule parameters Name Files ending with txt extension Description Scope Filename File contents Regular expression j txt OK n Cancel Name Unique name for the DLP rule Description Description of DLP rule Chapter 10 Data loss prevention DLP 193 194 Data loss prevention DLP 1 0 Scope Scope of rule when applying regular expression A scope of File
263. t will be created automatically if it does not exist already using the specified User Template Convert username before creation to If enabled the username supplied will be converted to specified case before passing username to specified User Template Custom User Authentication Using Custom User Authentication you may define your own custom authentication class Figure 86 Home Server v Help v Logout Domain localhost running Authentication Two Factor Phone Authentication Web SSO T B Datastore 9 Time Access Banned Files Service type custom authentication v 2 Compliance GIP Access Authentication class com jscape authentication MyAuthentication V Create user if not found using template Default v 7 DLP Convert username before creation to lowercase v amp Connections Yq Triggers Authentication Test Parameters amp Users ES Groups g Reverse Proxies Apply Discard 8 Directory Monitors Drop Zones URL Branding Authentication class The custom authentication class name Create account if not found using template This allows for accounts to be created automatically upon successful authentication If selected an account will be created automatically if it does not exist already using the specified User Template Convert username before creation to If enabled the username supplied will be converted to specified case before passing username to specified User Template Se
264. ted then you may start it manually as root user using the start_service sh command from a terminal shell prompt In order to have service start automatically upon system reboot edit the Library LaunchDaemons com jscape MFTServer plist file and set the value for the OnDemand parameter to false 9 Verify that JSCAPE MFT Server Service is running using the following commands from your shell prompt netstat a grep 10880 netstat a grep 11880 where 10880 is the listening port for JSCAPE MFT Server Service and 11880 is listening port for REST web service See also Server configuration gt Launching the administrative client Chapter 2 Installation 45 46 Installation 2 Auto starting in Linux and Solaris 9 environments For Linux and Solaris 9 environments you may have JSCAPE MFT Server Service start up automatically during system startup by creating a service configuration file for JSCAPE MFT Server Service and placing it in your etc init d directory This same configuration file will be used for gracefully stopping the JSCAPE MFT Server Service when shutting down the system A sample service configuration file jscape has been placed in the init d directory of your JSCAPE MFT Server installation Installing the service configuration file 1 As root user copy the jscape sample service configuration file to your etc init d directory 2 Grant execute permissions to this file using the command chmod 755 jscape 3 Using a
265. terfaces Uploaded Downloaded Quota Domain Name State Current Con Current Tran Total Conner Start Date Stop Date Bytes Files Bytes Files Uploads Downloads Transfers Stop Pause Resume Add Edit Status Delete Chapter 3 Server configuration 57 58 Server configuration 3 State Indicates current status of domain as running or stopped Current Connections The current number of client sessions connected to domain Current Transfers The current number of file transfers in progress Total Connections The total number of client sessions since start date Uploaded The total number of bytes uploaded since start date Uploaded Files The total number of files uploaded since start date Downloaded The total number of bytes downloaded since start date Downloaded Files The total number of files downloaded since start date Uploads Quota The current upload quota if upload quota is enabled Downloads Quota The current download quota if download quota is enabled Transfers Quota The current transfer quota if transfer quota is enabled Start Date The date time server was started Stop Date The date time server was stopped Adding services A service is an IP Host Port and Protocol combination that accepts client requests To view existing services for a domain select the desired domain and click the Edit button Next select the Services node A list of services for the domain are displayed Figure 9 Hom Server v Help v L
266. th pub OK Cancel Key alias The local alias which will be used for storing in the servers local keystore This may be any value of your choice Key file The source certificate public key file path to import from Exporting a certificate and or public key To export an existing client certificate open the Key Manager by selecting the Server gt Key Manager option from the main menu The Key Manager will be displayed Select the Client Keys tab select a certificate and click on the Export button The Export dialog is displayed Figure 104 Chapter 17 Key management Key management Home Server 7 Help 7 Logout 17 Specify certificate file parameters Certificate filename Format jsmith crt x509 v Server Keys Host Keys Client Keys PGP Keys Key Expiry Report Ea Certificates Key algorithm RSA Certificate type Xx 509 Public Keys Version 1 Serial 3163671963 Issuer CN John Smith OU IT O Your Company L Miami ST FL C US Subject CN John Smith OU IT O Your Company L Miami ST FL C US Valid not before 06 24 2014 Valid not after 06 24 2015 Signature 14 8a cc e8 66 43 8b 62 91 33 5 78 c0 fa 6a fe 4a 21 2e a2 35 2 7 ea 4 93 16 07 da c0 29 c1 Sb 4 3 fa m Import Export v Generate Delete Figure 188 Export Certificate j E Certificate export OK Cancel Certificate file The filename to export the certificate to
267. the LDAP service The variable username may be used which refers to the username passed in during the authentication process Use SSL connection Connect to LDAP server using SSL connection Allow anonymous binding Sets whether user can bind anonymously to LDAP directory Create account if not found using template This allows for accounts to be created automatically upon successful authentication If selected an account will be created automatically if it does not exist already using the specified User Template Convert username before creation to If enabled the username supplied will be converted to specified case before passing username to specified User Template Use failover server If enabled and primary LDAP server is inaccessible then authentication will be attempted against failover server Testing Connection To test your Active Directory connection click the Test Parameters button on this panel and enter a valid username password for the Active Directory service when prompted Firewall Configuration You may need to change your server configuration to allow inbound requests on port 389 If needed this can be done via the Control Panel gt Network Connections menu in Windows From here right click on the desired network interface and click the Properties gt Advanced gt Settings menu Chapter 3 Server configuration 95 96 Server configuration 3 option In the Exceptions tab add port 389 to allow inbound c
268. the doc api examples create_account directory of your JSCAPE MFT Server installation Creating a group Please see the source code example available in the doc api examples create_group directory of your JSCAPE MFT Server installation Creating a reverse proxy Please see the source code example available in the doc api examples create_resource directory of your JSCAPE MFT Server installation Stopping and starting a domain Please see the source code example available in the doc api examples start_stop_domain directory of your JSCAPE MFT Server installation Client REST API The client REST API may be used to perform file transfers over HTTP and HTTPS services in JSCAPE MFT Server To enable client REST services you must enable the HTTP or HTTPS services for JSCAPE MFT Server Documentation and Examples For API documentation on client REST services available visit http localhost doc api where localhost is the hostname listening for HTTP requests Additional REST API examples may be found in the doc api examplesyrest directory relative to your JSCAPE MFT Server installation directory See also Enabling web based file transfers Management REST API The management REST API may be used to manage JSCAPE MFT Server over HTTP S senices in JSCAPE MFT Serer To enable management REST services you must enable the REST HTTP and or REST HTTPS services for JSCAPE MFT Server To achieve this goto Server gt Settings gt Web gt RE
269. then use your public key for encrypting documents that they then send to you for decryption To export a PGP public key click the Server gt Key Manager menu option in JSCAPE MFT Server Manager The Key Manager is displayed Select the PGP Keys tab select the key alias you wish to export then click the Export button The Export PGP Key dialog is displayed Figure 160 Chapter 17 Key management Key management 17 Home Serer Y Help 7 Logout Server Keys Host Keys Client Keys PGP Keys Key Expiry Report Elg Secret Keys Public Keys Key algorithm RSA Can encrypt yes Can decrypt yes Can sign yes Can verify yes Fingerprint eb 7 87 bb 7d 01 2b a6 57 be cd 27 92 Of 01 bf ab 9f 79 9a Generate _Delete n View Signatures n Figure 161 Export PGP Secret Key X PGP key export Specify key file parameters Key file pgp key sec File password Dessa OK Cancel Key file The private key File password Optional password used to protect private key Figure 162 Chapter 17 Key management 241 242 Key management 17 Export PGP Public Key X PGP key export Specify key file parameters Key file pgp key pub OK Cancel Key file The public key file Encrypting files and virtual paths Files uploaded to JSCAPE MFT Server may be encrypted using a trigger listening for the File Upload event and the PGP Encrypt File action or b
270. tion pointing to a relational database of your choice Additionally you must create the necessary tables in your database to store ad hoc file transfer records Example database schema for Oracle MySQL and MSSQL can be found in the etc oracle sql etc mysql sql and etc mssql sql files relative to your JSCAPE MFT Server installation directory Usage js migrateadhoc options Options d delete the original data h display this help menu If js migrateadhoc command is run without options then user will be prompted for necessary information js migrateas2 The js migrateas2 command may be used migrate AS2 messages previously stored in per domain datastore H2 database to a common datastore user defined relational database in JSCAPE MFT Serer Prior to running j s migrateas2 you must update the datastore used in Server gt Settings gt Web gt AS2 t0 Use common database option pointing to a relational database of your choice Additionally you must create the necessary tables in your database to store AS2 messages Example database schema for Oracle MySQL and MSSQL can be found in the etc oracle sql etc mysql sql and etc mssql sql files relative to your JSCAPE MFT Server installation directory Usage js migrateas2 options Options d delete the original data h display this help menu If j s migrateas2 command is run without options then user will be prompted for necessary information js migrateoftp The js migr
271. tion method used Enhancement Added keyboard mnemonics to JSCAPE MFT Server Manager Enhancement Updated JSCAPE MFT Server Manager so it is no longer necessary to manually stop server prior to applying changes Release 1 1 June 22 2006 Minor bug fixes Release 1 0 June 15 2006 Initial production release Software components JSCAPE MFT Serer consists of two installable components which are JSCAPE MFT Server and JSCAPE MFT Server Manager These components are described in more detail below JSCAPE MFT Server Chapter 1 Introduction Installation 2 This component is required and is typically installed on one or more servers to provide managed file transfer services JSCAPE MFT Server Manager This component is optional and is typically installed only when you are using the JSCAPE MFT Server Java Management API If you are not using the JSCAPE MFT Server Java Management API then this component is not necessary as all management may be performed via the web based administrative interface Installing on Windows To install JSCAPE MFT Server on a Windows platform perform the following 1 Download and run the install exe installation file for JSCAPE MFT Server Click Next to continue Figure 173 Welcome to the JSCAPE MFT Server Setup Wizard This will install JSCAPE MFT Server on your computer The wizard will lead you step by step through the installation Click Next to continue or Cancel to exit Setup
272. to override the behavior of a parent directory where access to parent directory is granted but access to this sub directory is denied 3 To finish click OK Your new virtual path will be displayed in the virtual path listing for the Group Variables Variables may be used in Path and Real Path fields for purposes of creating dynamic paths Available variables are described below installdir The absolute path of JSCAPE MFT Server installation directory domain The domain that this user group belongs to sessionid Unique session ID for the user This ID is unique for each login username The username of connected user group The optional group name that this user belongs to Note this variable is deprecated and is provided only for backwards compatibility Users may belong to more than one group This variable will return only the first group that user belongs to if found queryattr name lf LDAP or Database authentication methods are used this will return the attribute of the matching record found during authentication For example if user is authenticating against a relational database using the query select name from users where username S Susernam and password password the variable queryattr name would return the matching name value returned by the database query Virtual path permissions In the Permissions column of a virtual path you will find a series of letters and optional dashes In the e
273. trolled using the Up and Down buttons with those triggers located at the top taking priority Note depending on the optional settings in the Triggers gt Settings panel of JSCAPE MFT Server you may limit the number of triggers that will execute concurrently Those triggers that are waiting to be executed will have a status of pending inthe Triggers gt Recent panel of JSCAPE MFT Server 5 Execute trigger For each trigger there are one 1 or more actions to execute These actions are executed in sequence In the event that an action fails a Trigger Error event is raised and subsequent actions will not be executed To listen for these errors a separate trigger that listens for the Trigger Error event may be used Triggers that fail execution will have a status of failedinthe Triggers gt Recent panel of JSCAPE MFT Serwer Triggers that successfully execute will have a status of completedinthe Triggers gt Recent panel of JSCAPE MFT Sener 6 Log results The full lifecycle of a trigger is written to the server log for historical and auditing purposes You may also view the status of the most recent one thousand 1000 triggers in the Triggers gt Recent panel of JSCAPE MFT Sener Adding triggers A trigger is a method of listening for events and responding with actions based on whether conditions are met To view a list of triggers click on the Triggers node for the desired domain Figure 34 Chapter5 Trigger management Tr
274. tware solely for backup or archival purposes or transfer the Software to a single hard disk provided you keep the original solely for backup or archival purposes You may transfer the Software and documentation on a permanent basis provided you retain no copies and the recipient agrees to the terms of the License Agreement Except as provided in the License Agreement you may not transfer rent lease lend copy modify translate sublicense time share or electronically transmit or receive the Software media or documentation You acknowledge that the Software is a confidential trade secret of JSCAPE and therefore you agree not to reverse engineer decompile or disassemble the Software You further acknowledge and agree that you may not use the Software to create any product or service that directly or indirectly competes with the Software or any JSCAPE offering ADDITIONAL LICENSE TERMS FOR SOFTWARE EVALUATION LICENSE Chapter 1 Introduction 5 Introduction 1 JSCAPE grants to you either an individual or single entity nonexclusive license to install and use the Software free of charge for evaluation purposes in a non production environment You may redistribute the software free of charge as long as the software and documentation are maintained in their original form PROFESSIONAL AND ENTERPRISE EDITIONS JSCAPE grants to you either an individual or single entity non exclusive license to install and use a single instance of JSCAPE MFT
275. ty to access the user group as a function in trigger actions Added ability to access the users root directory as a function in trigger actions Added ability to disable a user account as an action Added ability to define global parameters available to all trigger actions as a function Added ability to limit the number of concurrent triggers Added ability to print a report of all users and their attributes Added ability to list inactive active users via the management API Added ability to specify a Secondary LDAP server for failover authentication purposes Added ability to remove an IP from IP Access list without domain restart Added option to specify if a remote file should overwritten web interface Added ability to run a report showing expiring encryption keys Added ability to specify domains to startup on initialization Added ability to synchronize sub folders when synchronizing directories in Directory Upload Synchronization and Directory Download Synchronization actions Enhancement Added ability to set user permissions via the command line in js adduser js adduserdir js addgroup and js addgroupdir utilities Enhancement Added ability to disable resume file upload operation Enhancement Added ability to cancel an upload when viewing a form Enhancement Added ability to ensure that a user has download access before sending an email Enhancement Added ability to upload files anonymously using a Drop Zones module Enha
276. ursive lf enabled this rule will be applied to all directories beneath virtual directory path Pattern The regular expression to use for this rule Scope The scope of this rule See also Regular expression reference Setting connection preferences There are various connection preferences that may be used to define how users may connect to domain services you create These preferences may be managed under the Connections and Services nodes General Connection Settings FTP Connection Settings SFTP SCP Connection Settings AFTP Connection Settings OFTP Connection Settings TFTP Connection Settings HTTP S Connection Settings WebDAV S Connection Settings General Connection Settings General connection settings apply to all file transfer protocols including AS2 FTP S SFTP SCP HTTP S WebDAV and AFTP and may be set using the Connections node Figure 28 Home Serer v Help v Logout Domain localhost running 3 Datastore Connections ci Time Access Banned Files Max concurrent connections 100 S Compliance Max connections IP 100 gt Max connections user 100 gt GIP Access A Max downloads session 100 Ee g DLP Max uploads session 100 gt 2 Connections Max file download size 100 MB E Max file upload size 100 MB Ye Triggers P Max downloads 1000 MB resetevery 1 days EE aoin Max uploads 1000 as MB reset every 1 days amp Users Max transfers 1000 MB resetevery 1 days E Groups Disable user
277. vent one or more permissions are not granted this will be represented by a dash character indicating the specified permission has been taken away A character map defining these letters in order of occurrence is provided below R Download file W Upload file A Append file D Delete file R Rename file L List files C Make dir D Delete dir L List subdirs B Browse subdirs Figure 134 Chapter 3 Server configuration 103 104 Server configuration Edit test User x Edit User Specify user parameters Info Paths Quotas IP Access Domain Administration Web in Path Real Path Reverse Proxy Permissions I installdir users domain username RWADRLCDLB Add OK Cancel Adding groups A group is a named set of virtual directories and file system permissions that may be assigned to zero or more user accounts This is useful in the event you wish to manage permissions for multiple users based on user roles To view a list of groups click on the Groups node for the desired domain Figure 26 Chapter 3 Server configuration Server configuration 3 Home Server v Help Logout Domain localhost running Groups 9 Time Access Banned Files Name E IP Access 7 DLP amp Connections Y Triggers E Authentication amp Users amp Groups yg Reverse Proxies gt M 1je 4 Pasji Joi w o a Displaying 1 to 1 of 1 items GJ Directory Monitors
278. ver Help v Logout E Manager Service Email Miscellaneous Ad Hoc File Transfer Resources JANE EE 7 Enable ad hoc email transfers Web SETTINGS JDBC Drivers Link expiration range 5 S tol90 days with 5 day increment Email Max downloads default 5 x r z Enable password protection generate random password w 3 Failover Datastore Settings amp Search Index amp JMX ALLOWED RECIPIENTS Allow recipients listed as public contacts E Allow recipients in specified TLD Top Level Domain Add Save changes Cancel Ad Hoc Email File Transfer Settings Enable ad hoc email transfer Check to enable email transfers Settings Link expiration range The minimum and maximum values that will be displayed to user for setting email link expiration Max downloads default If maximum downloads are enabled then this is the default value supplied in web interface Enable password protection Check to password protect email links Datastore Settings Specify how ad hoc email transfer records are stored Allowed Recipients Allow recipients listed as public contacts Email addresses for public contacts created in Contacts module will be automatically allowed Allow recipients in specified TLD Email addresses which belong to specified TLD top level domains will be allowed Chapter 7 Email transfers Email transfers T See also Adding users Emailing files To email files via the JSCAPE MFT Server Web Gateway select one
279. ver gt Key Manager option from the main menu The Key Manager will be displayed Select the Server Keys tab and click on the Import button The Import Server Key dialog is displayed Figure 50 Import Server Key Server key import Specify key file parameters Key alias jscape Key fle jscape ph File password ccoo Key alias in file Key password OK Cancel Key alias The local key alias which will be used for storing key in the servers local keystore This may be any value of your choice Chapter 17 Key management Key management 17 Key file The private key file to import from File password The password protecting the keystore Leave blank if none Key alias in file The private key alias in keystore Leave blank if none Key password The password protecting the private key Leave blank if none Note If you are unsure of the alias for the source keystore this may be obtained as follows JKS keystore From your command line issue the following command in the directory that contains the keystore keytool list keystor xample jks Figure 79 cx C WINDOWS system32 cmd exe C tmp keys gt keytool list keystore example jks Enter keystore password secret Keystore type jks Keystore provider SUN our keystore contains 1 entry mykey Apr 3 2007 keyEntry Certificate fingerprint MD5 gt 4D 66 13 2D F1 61 6B 64 FF D 7 66 46 23 7D 76 64 iC tmpNke ys gt This will list one o
280. ver Manager is incorrectly incremented by two for each file uploaded when using SFTP protocol Bug Fix Resolved potential memory issue experienced when using verbose database logging Bug Fix Resolved authentication issue experienced when connecting to ApacheDS LDAP service Bug Fix Resolved issue with potential incorrect remote directory used in Trading Partner Regex File Download action Chapter 1 Introduction Introduction 1 Bug Fix Resolved issue with IP host not being properly saved when making changes to JMX settings Bug Fix Resolved text label issue with dialog displayed in IE when attempting to overwrite an existing file Release 8 2 Feb 20 2012 Enhancement Added support for listing available domains in a domain drop down field when logging in via web interface Enhancement Added AFTP file transfer actions to triggers module Enhancement Added check to see whether a private key is in use before allowing key to be deleted from Key Manager Enhancement Added sessionid variable which reports a unique session ID for user operations that are part of a user session The sessionid variable is available for use in triggers module Enhancement Added GetFileExists and GetFileSize functions to triggers module These functions may be used to check whether a file exists and it s size Enhancement Updated progress dialog from modal to non modal Enhancement Added ability to pause resume in Running log view Enhancement Added
281. ver Manager uses Java reflection to build the GUI dialogs used to collect action properties Therefore all properties of your action should have corresponding getter setter methods using Java naming conventions and an empty argument constructor for constructing the action Using the PropertyDescriptor property you can define the order of properties and whether they are required The resultMessage property is the message that will be written to the log file upon executing the action Note Action properties may consist only of Java primitive values e g String int boolean etc For actions to be made available you must create a JAR archive e g myactions jar that contains your actions and place it inthe 1ibs actions directory of your JSCAPE MFT Server installation Any third party libraries that your action depends on should be placed in the 1ibs directory of your JSCAPE MFT Server installation For your action to be recognized by JSCAPE MFT Server restart the JSCAPE MFT Server Service Example For a tutorial and complete source code example please see the following http blog iscape com jscape 2008 1 1 iscape secure f html See also Adding triggers Event types Action types Function types Chapter 5 Trigger management 145 Trigger management 5 File Transfer Script Language The File Transfer Script Language is a very basic scripting language that allows you to automate routine file transfer processes This language may be used whe
282. version banner displayed when connecting Note it is important that this not contain any spaces Startup banner The banner to display to SFTP clients prior to displaying SSH version banner Authentication banner The banner to display to SFTP clients prior to displaying authentication prompt Connection timeout The time in minutes that client connection may remain inactive before server forcefully disconnects client Connection send buffer The size of send buffer Default is send buffer size for JVM Connection receive buffer The size of receive buffer Default is the receive buffer size for JVM Disable expanded longname format for SSH_FXP_REALPATH May be required for some SFTP clients that cannot handle long paths in SSH_FXP_REALPATH packets Algorithms Lists all algorithms and ciphers their order of preference and whether they are enabled See also Chapter 3 Server configuration 113 114 Server configuration Additional libraries needed for SFTP ciphers AFTP Connection Settings AFTP connection settings may be managed under the Services gt AFTP panel Figure 163 Home Serer v Help Logout Domain localhost running amp Statistics Services FTP S SFTP SCP AFTP OFTP TFTP HTTP S WebDAVIS amp Description A Services Command channel timeout 5 amp min Data channel timeout 4 S min Logging Max loss list size 10 blocks Ib Reports AS2 Messages SSUTLS Ciphers OFTP Messages J Datastore mi Ti
283. w features in the Software In some cases this development may be done for a negotiated fee between you and JSCAPE You acknowledge and agree that any such development is exclusive property of JSCAPE and waive any and all rights to intellectual property created as a result of aforementioned development INCORPORATED SOFTWARE This Software incorporates various 3rd party libraries and open source software These libraries and their respective license agreements may be found in the ibs directory relative to the Software installation directory Chapter 1 Introduction Introduction 1 Version history Release 9 2 Jul 10 2015 Enhancement Improved performance for storing rendering and searching of AS2 and OFTP messages Enhancement Added OFTP messages module providing ability to see OFTP messages exchanged Enhancement Added dashboard to web interface for tracking various performance metrics of server over time Metrics include threads heap memory max memory allocated memory connections uploads and downloads Enhancement Added support for OpenID Connect standard in SSO authentication module and verified compatibility with Google Apps Enhancement Updated Disable Inactive Accounts trigger action to include accounts that have never logged in Enhancement Added ability to define From email header for AS2 messages Enhancement Added option to edit immediately after copying a Trigger User or Trading Partner Enhancement Updated r
284. wed to complete while no new connections are accepted Usage js shutdown options Options h display this help menu If js shutdown command is run without options then user will be prompted for necessary information js shutdowndomain The js shutdowndomain command may be used to perform an orderly shutdown of all services for the specified domain in JSCAPE MFT Serer In an orderly shutdown all existing processes are allowed to complete while no new connections are accepted Usage js shutdowndomain options Options d the domain name h display this help menu If s shutdowndomain command is run without options then user will be prompted for necessary information Chapter 13 Command line utilities Command line utilities 1 3 js startdomain The js startdomain command may be used to start a domain in JSCAPE MFT Server Usage js startdomain options Options d the domain name h display this help menu f js startdomain command is run without options then user will be prompted for necessary information js stopdomain The js stopdomain command may be used to stop a domain in JSCAPE MFT Server Usage js stopdomain options Options d the domain name h display this help menu If js stopdomain command is run without options then user will be prompted for necessary information js syncstate The js syncstate command may be used to synchronize server configuration information from this server t
285. wing topics Server configuration gt Launching the administrative client Auto starting in UNIX environments Installing on Linux Z OS See also Running under IBM JVM Installing on Linux Chapter 2 Installation 37 38 Installation 2 Installing on Solaris ZIP Console Installation To install using the ZIP file perform the following steps as a user with root privileges If you plan on running JSCAPE MFT Server as a non root user under Solaris 10 or above please consult the topic Auto starting in Solaris 10 environments topic before continuing 1 Place the install zip file in a directory on the destination server 2 Install Run the following command from the directory containing the ZIP file you placed on your server unzip install zip 3 Configure Administration Service Go to the JSCAPE MFT Server installation directory located in the JSCAPE_MFT_Server directory relative to where the unzip command was executed and run the following command server configuration host ip address port port rest host ip address rest port rest port user username password password For example server configuration host 0 0 0 0 port 10880 rest host 0 0 0 0 rest port 11880 user admin password secret This will configure your JSCAPE MFT Server Serice where ip address and port are the IP port that you want the JSCAPE MFT Serer Senice to listen on rest port is the port that you want the REST web servc
286. wnloads connector j 5 1 html Adding a JDBC driver 1 2 3 4 pre Place the JDBC driver JAR file in the 1ibs jdbc directory of your JSCAPE MFT Server installation Shutdown JSCAPE MFT Server Manager and JSCAPE MFT Server Service Restart JSCAPE MFT Server Manager and JSCAPE MFT Server Service From JDBC drivers panel click on the Add button When prompted enter the JDBC driver class and ss enter 250 Chapter 18 JSCAPE MFT Server Manager Settings Copyright USCA PE 1999 2014 All rights reserved Product and company names mentioned in this manual may be trademarks or registered trademarks of their respective companies Mention of third party products is for informational purposes only and constitutes neither an endorsement nor a recommendation The author assumes no responsibility w ith regard to the performance or use of these products All understandings agreements or warranties if any take place directly betw een the vendors and the prospective users Every effort has been made to ensure that the information in this manual is accurate The author is not responsible for printing or clerical errors The product described in this manual incorporates copyright protection technology that is protected by method claims of certain U S patents and other intellectual property rights This user manual w as created with Help amp Manual 252 Index D Directory Monitor Deleted 143 Index
287. work Bandwidth is typically measured in bps bits per second Example The bandwidth between Host A in Los Angeles and Host B in Tokyo is 45Mbps What is TCP TCP Transmission Control Protocol is a reliable IP based network protocol in that all packets are sent in order and if a packet is lost it will automatically attempt to resend that packet See also TCP on Wikipedia What is UDP UDP is a sibling to the TCP protocol both of which are dependent on the underlying IP stack Unlike TCP UDP does not require that packets be sent in order and does not automatically attempt to retransmit lost packets Retransmission and reordering of packets are the responsibility of the higher level protocol in this instance AFTP See also UDP on Wikipedia Adding AFTP service The AFTP service may be added using the Services node in JSCAPE MFT Server Manager The AFTP senice is available only in the Enterprise edition of JSCAPE MFT Server See also Adding services Chapter 9 Accelerated file transfer AFTP 191 192 Accelerated file transfer AFTP 9 Connecting to AFTP service In order to connect to the AFTP service you must use an AFTP client JSCAPE currently offers the following AFTP clients AnyClient AnyClient Enterprise AnyClient Web AFTP Java Client Library contact JSCAPE for access File Transfer Command Line Trigger actions There are also a number of AFTP trigger actions in JSCAPE MFT Server that may be used fo
288. x Cole ea File Edit View History Bookmarks Tools Help JSCAPE Secure FIP Server Web m Logged in as jsmith under domain localhost JSC p Ta inpren Advanced search Search on file content Search on file name e g txt Search on file tag Search on file size greaterthan v KB Search on last greaterthan v modified date Advanced Search Tagging documents To tag a document select the checkbox next to the filename in the web interface Next click the Manage Tags button to associate tags with this document and the Manage Tags dialog will be displayed prompting you for a space separated list of keywords or phrases to associate with this document Phrases consisting of multiple words should be quoted To remove tags for a document click the Manage Tags button remove desired keywords or phrases from the Keywords field and click OK to save Figure 141 Chapter 6 Web based file transfers 181 182 Web based file transfers 6 Manage Tags Document Koala jpg Keywords Animals Koala Bear ok _Cancet_ Overview JSCAPE MFT Server Enterprise Edition supports ad hoc email transfers Ad hoc email transfers offer a method in which users of JSCAPE MFT Server Web Gateway can email files to any valid email address while avoiding the problems typically associated with emailing files Unlike a typical email client that attaches files to an email message and sends the email message to the recipient ad hoc email t
289. xtreme caution as deleted files may not be recovered To purge files from a drop zone go to the Drop Zones module in JSCAPE MFT Server Manager select the drop zone you would like to purge and click the Purge button See Figure 135 above Detecting files uploaded to a drop zone Files uploaded to a drop zone will fire a File Upload trigger event similar to the way that files uploaded using the standard web interface or other file transfer services will also fire a File Upload event This event can be captured using a trigger and responded to based on your needs For example anytime a file is uploaded to the drop zone you may wish to move the file to another location using Move File action followed by sending out an email notification using the Send Email action See also Trigger management URL branding URL branding allows you to specify one or more custom login pages when using the web interface This is useful in shared environments where you have several customers users accessing a single domain and you want them each to have their own custom logo displayed Creating URL branding To create a URL branding instance go to the URL Branding module in JSCAPE MFT Server Manager Figure 137 Chapter6 Web based file transfers 179 180 Home Server v Help Logout Domain localhost running URL Brandin Banned Files gt 2 Compliance Name Web based file transfers 6 URL aras i a aa Sa 7 DLP amp Connect
290. y be managed under the Services gt HTTP S panel Figure 89 Chapter 3 Server configuration Server configuration 3 Home Serer v Help Logout Domain localhost running E Statistics Services FTP S SFTP SCP AFTP OFTP TFTP HTTPIS WebDAVIS amp Description ul Services Logo Logano J p iy Reports AS2 Messages Change OFTP Messages Show buttons shortcuts J Datastore v Show login info v Show search 19 Time Access 4V Show ASCII Binary option Banned Files 7 Show account link 3 Compliance Resources E IP Access MISCELLANEOUS DLP d Connection timeout 10 min v Connections Logout URL Y Triggers Enable auto logout after 1 min of inactivity with 10 sec warning E Authentication Fnahle self renistration with user temnlate Mofault se Logo The logo displayed in upper left corner when using HTML user interface Logout URL The URL to redirect user to upon clicking Logout link Connection timeout The connection timeout for HTTP requests in minutes Enable automatic logout If checked user will be automatically logged out after X minutes of inactivity with grace period of Y seconds Enable web document viewer If checked web document viewer is enabled Enable ad hoc file transfers If checked ad hoc file transfers will be enabled for the domain Show buttons shortcuts If checked button shortcuts e g F2 F5 F7 are displayed on buttons Show login info If checked the current us
291. y enabling PGP encryption for a virtual directory Triggers are recommended when you want to limit encryption of files to certain conditions e g filename file type etc Enabling PGP encryption at the virtual path is recommended when you want to encrypt all files uploaded to a certain virtual path Encrypting files using triggers For more information on encrypting files using triggers see the documentation on triggers and the inline help for the File Upload event and PGP Encrypt File action See also Trigger management Encrypting files using virtual paths To PGP encrypt all files uploaded to a virtual path select the virtual path for the user or group and click Edit Next enable the PGP encrypt uploads option and click the Settings button Here you will be prompted for which key to use when encrypting files You may select either a system key that has been generated via the Key Manager in JSCAPE MFT Server Manager or a personal key that was created using the web interface Figure 155 Chapter 17 Key management Key management Edit Virtual Path Virtual path Setup virtual path parameters Path Real path installdir users domain username Reverse pron Create directory if not found Include in search index PGP encrypt uploads Enable DLP Secured Denied Permissions Add Variable Figure 156 PGP Encrypt Uploads Settings PGP Encrypt Uploads Settings Select the public encryption key f
292. y log file for domain localhost to the log database assigned to this domain Viewing log data Log data may be viewed using any text editor or SQL client depending on the logging datastore used Optionally you may use the Logging gt Running tab of JSCAPE MFT Server Manager to view up to the last 1000 records of log activity Figure 39 Chapter 3 Server configuration Server configuration Home Serer v Help Logout Domain localhost running Statistics Running Search Results Senice Syslog Settings amp Description View last x ade Senices 1000 gt records J 2015 06 25 09 13 21 127 0 0 1 58843 127 0 0 1 11880 admin administrator logged in Logging 2015 06 25 09 14 02 127 0 0 1 58843 127 0 0 1 11880 admin administrator logged in 2015 06 25 09 15 57 domain stopped localhost Du Reports 2015 06 25 0 21 stopped FIP Service c 2015 06 25 0_ 22 stopped SETP Service 2 AS2 Messages 2015 06 25 0 21 started FIP Service SEE 2015 06 25 0 0 0 22 started SFTP Service 2 OFTP Messages 2015 06 25 730 domain started localhost B Datastore 09 Time Access Banned Files Compliance GIP Access y DLP G5 Connedions Pause Log Ye Triggers E Authentication amp Users View last x records The number of records you want to view
Download Pdf Manuals
Related Search