Over the years many businesses have evolved from using FTP to exchange files to using managed file transfer (MFT) software. MFT software addresses many of the things that are lacking in the FTP protocol including but not limited to security, data integrity and automation of business processes. This article discusses some key issues you should be concerned with when evaluating an MFT software vendor.

Key Issues

  • Protocol support - In order to integrate easily with trading partners an ftps.exe mit ssl support MFT solution should be able to support the following file transfer protocols: FTP, FTPS (FTP over SSL), SFTP (FTP over SSH) and HTTP/S.

  • Platform independence - Most businesses today run on a variety of interconnected servers running on Windows, Linux, Solaris and Mac OS X platforms. MFT vendors should be flexible enough to be deployed to any operating system. This allows you to deploy an MFT solution to any server that hosts your data versus being forced to move your data to an operating system supported by the MFT vendor.

  • Data Security - The ability to protect data both during transit and at rest is quickly becoming a requirement for organizations who host highly sensitive data. File transfer protocols such as FTPS (FTP over SSL) and SFTP (FTP over SSH) can be used to protect data in transit while encryption protocols like PGP (Pretty Good Privacy) can be used to protect data at rest. Protecting data at rest ensures that even if your server were to be compromised the data could not be read without the private key needed to decrypt the data.

  • User Management and Authentication - Tools for managing users and access to resources must be easy to use yet flexible enough to meet the needs of your organization. In order to easily integrate with existing company access policies, MFT vendors should be able to authenticate users against single sign-on (SSO) repositories such as relational databases, LDAP and Active Directory. Support for secondary token authentication such as user IP address and/or client SSL and SSH certificates should also be supported.

  • Event Handling and Process Automation - Capturing events and automating processes in response to those events is often the heart of any MFT solution. MFT vendors should be able to capture a wide variety of file transfer events and provide a set of common built-in actions that can be executed in response to those events. The ability to write your own actions using an API is also a big plus, especially in organizations that have complex processes or business rules that cannot be easily created using the built-in actions provided by the MFT vendor.

  • Logging - For public companies who need to meet HIPAA and/or Sarbanes-Oxley requirements it is important that an MFT vendor be able to log detailed information about each file transfer session. In addition to meeting compliance requirements logging can also help you to identify file transfer trends. MFT vendors should be able to store log data in both files and relational databases.

  • Reporting - Answering the who, what and when is important when considering any MFT solution. MFT vendors should include built-in reporting tools and standard reports that allow you to quickly see who is accessing what and when.

  • Data Integrity - Upon transferring a file it is a often good idea for the client to request a checksum verification from the server in order to verify that the file was transferred without any data corruption. If the checksum provided by the server does not match that expected by the client then the transfer can be restarted. MFT vendors should support checksum verification when using FTP and FTPS (FTP over SSL) protocols.

  • Resume Transfer Support - In the event that a simple ftps und sftp client file transfer is aborted due to loss of connectivity or aborted by the user, client should be able to request that the server resume the transfer starting from the last byte successfully received. This is critical in organizations transferring very large files and/or who have service level agreements that specify files must be transferred within a specific time period.

  • Server Initiated Transfers - In most cases trading partners will be uploading files to you or downloading files from you. These are known as client initiated transfers. There are however cases where you may want to have your MFT server initiate the file transfer on the server side, uploading a file to your trading partner (push) or downloading a file from your trading partner (pull) on a scheduled or event driven basis. MFT vendors should be able to support automated server initiated transfers using FTP, FTPS (FTP over SSL) and SFTP protocols. MFT vendors should also be able to report on all data that leaves the MFT server as a result of a server initiated transfer. In other words, if an MFT vendor is only logging client initiated transfers then they are not seeing the full picture of the data entering and leaving your organization.

Van Glass is a senior developer with JSCAPE. JSCAPE offers secure file transfer and networking components for both Java and Microsoft .NET development environments, as well as secure managed file transfer servers for Linux, Solaris, Windows and Mac OS X platforms.