Glossary

Alternatively, smaller data volumes can be sent as an e-mail attachment to business partners with the i‑effect^® *EMAIL module. *FTP can be combined with all the other i‑effect^® modules, so that you can convert and compress your IBM i data according to the particular workflow and distribute them cross-platform.

Advanced security with SFTP and FTPS

In conjunction with the i‑effect^® *CRYPT module *FTP supports both the SFTP (Secure File Transfer Protocol) and the FTPS (FTP over SSL) functionality. This provides more security for file transfer and confidential data stream. FTPS enables encryption over SSL by using additionally defined security extensions to the FTP protocol, whereas SFTP provides authentication and encryption using SSH. This way a secure transfer is established preventing passwords and sensitive data from being transmitted in plaintext form.

Functions

All *FTP functions can be menu-driven or completely automated by the *SERVER module.

• Partner-steered automation of all TCP/IP-FTP data transfer requirements
• Conversion into EBCDIC
• Automatic restart in case of a transmission cut-off
• Logbook (detailed protocol on all sessions and activities)

Background

The File Transfer Protocol, FTP, was one of the first data transmission processes that was used with TCP/IP networks and the internet for especially large files and between differing computer systems (RFC 959). FTP, which can also be used to transmit EDI (Electronic Data Interchange), is thus a cost-effective and widely used process for point-to-point business data exchange. Business partners exchange their user names and passwords to login to their partner’s internet server.

Highlights

If high transaction volumes, time-critical applications (just-in-time supply chain), conversion between different message standards, or connection with large trading partners require an EDI solution, i‑effect^® offers a flexible basis for creating your own EDI structure.

Combined with the EDI converter, i‑effect^® *EDIFACT, i‑effect^® *FTP provides the communication component for your complete EDI solution on the IBM Power System. With the *FLATFILE module, you can convert your ERP in-house data (including SAP IDOC) bi-directionally into EDIFACT.

More safety with SFTP and FTPS with module *FTP & *CRYPT

Together with the i‑effect^® module *CRPYT, *FTP supports the SFTP and the FTPS-functionality. This leads to higher security for data transfer and an intimate data flow.

What is FTP?

FTP is able to copy files onto another computer/server (Upload), download (Download), to copy (Copy) and delete (Delete). Additionally folders can be created, read and deleted.

What is FTPS?

To ensure security, a security standard for FTP was created after RFC 2228, to encrypt the data channel by the use of SSL (Secure Socket Layer) or TLS (Transport Layer Security). This security function for FTP is called FTPS.

With i‑effect^® FTP (in connection with module *CRYPT) you can choose between “explicit FTP over TLS” and “implicit FTP over TLS”

Where is the difference?

• FTPS Method explicit
  For the explicit mode, which is also known as FTPES, the FTP client has to demand the safety of the connection explicitly from a FTPS server and accept this connection together with the server via an encryption afterwards. If the FTP-Client-PC does not demand this safety, the FTPS server could agree on an unsafe connection or the connection is blocked or slowed. This mechanic of authorization-alignment of the safety over FTP was added in RFC with the “AUTH” order.
• FTPS Method implicit
  In the implicit mode the negotiation of a method is not allowed. Instead, the FTP-Client will be prompted by an instant TLS/SSL ClientHello message by the FTPS-Server. If no correspondent answer is received by the FTPS server, the server refuses the connection.

What is SFTP?

For UNIX systems, generally another protocol-safety standard emerged: SSH. The main function of SSH was, back then, the encryption of the remote access on the UNIX Shell, later it was extended by the File Transfer Protocol. – initially with SCP, then with SFTP. SFTP is a binary protocol which is written in RFC 4253. All orders are send as binary packages to the server, which then answers with binary data packages. In later versions SFTP was extended to do more than one data up-/ and download.

Summarizing, SFTP is the "SSH File Transfer Protocol", which encrypts an active SSH-connection.

The common mistake

The shortcut SFTP is mostly used (in the wrong way) to describe “Secure FTP”, which it de facto is not. A similar mistake is, that the term SFTP is commonly used as “FTP over SSL”, which similarly is not correct in this context. “FTP over SSL” is FTPS!

What SFTP and FTPS have in common?

As there are many differences, FTPS and SFTP still have something in common. Both use a combination of asymmetric algorithms (RSA and DSA precisely), a symmetric algorithm (DES/TRIPLEDES (3DES), AES, etc.) as well as a key-exchange-algorithm. For the authentication, FTPS or better its SSL/TLS protocol uses so called “x.509 certificates”, where SFTP uses appropriate keys through the “SSH protocol”.

The difference between X.509 and SSH

X.509 certificates include a public key and information about the owner of the certificate. By this information another side can check if the signed certificate and the data of the certificate-owner are correct. This test can be done by a computer or a human being. An X.509 certificate has got an according “Private Key”, which is normally stored separately due to safety reasons.

A SSH Key includes a public key (the according private key is saved separately) and includes no information about its owner. Even the information for a validation are not existent, because only the public key is used, by which the authentication is incomplete and similar to the common SSH key authentication.

Summarized

While FTPS enables an encryption via SSL by additionally defined safety instructions of the FTP-protocol, for SFTP an authentication and encryption is realized with the help of SSH. By this it is ensured, that passwords and data are not transmitted in plaintext.