THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Enterprise, version 6.x and later
QUESTION
How Do I Automate Outbound AS400 Data Feeds?
ANSWER
Suppose a business needs to transfer sensitive data to external trading partners. The data is stored internally and processed by an AS400. The AS400 outputs a data file that must be sent to the proper external trading partner using a secure protocol. The AS400 will connect to the Globalscape EFT server, but will have no exposure to the Internet or external client sites.
Requirements
- Ensure all files are sent to the correct trading partner.
- Files will be delivered into the proper folder location on the external site.
- Audit all transactions within the process.
- The file transfers need to be secure.
- Must process in real time.
- Allow the AS400 to uploads files and trigger rules.
- Create an archived copy of each file with a date and time stamp appended to the file name.
- Send internal and external email notifications success and failure.
- PGP encryption is not required.
- Do NOT allow the AS400 and IFS exposure to the external network.
Assumptions
- AS400 is configured to use SFTP on the internal network.
- In this use case, SFTP is used for any available file transfer protocol.
- Transfers from AS400 to Globalscape will be scheduled and automated outside of EFT.
EFT Environment
- Globalscape EFT Enterprise 7.0.0.28 (Active – Passive)
- Globalscape DMZ Gateway®
- Windows 2012 Server
- One site defined for internal and external connectivity
- Many external SFTP connections
Solution Overview
We want to ensure that files are delivered to the correct external trading partner and will be uploaded into the correct external folder. This solution uses the File Uploaded Event with three Conditions to invoke an Event Rule. The file will be uploaded by the AS400 EFT user account to a specific virtual folder, and must match a filename mask.
- File Uploaded Event– Ensures that only uploaded files trigger the move.
- If Login Name Is Condition– Ensures that only the AS400 account can send files to this client
- If Virtual Folder Names does match Condition – Segregates the logic by creating client-specific folders. Allowing the first two triggers to be used for multiple outbound rules.
- If File Name does match Condition – Using filename masks as the fourth trigger gives you a lot of flexibility. Files can be routed to a targeted folder or multiple external servers based on file names.
The combination creates a process that prevents files from accidently being sent to the wrong location by the wrong user or process. This process can be edited to use the If user is a member of a group Condition to replace the If Login Name Is Condition. Physical folders can be used for the If Virtual Folder Names does match Condition. However, virtual folders provide more flexibility. This scenario is not required, but provides a good foundation for building logical filters to trigger events. You can simply apply Events and Conditions that match your requirements and use as many or few as needed.
EFT account for AS400 - Establish the primary upload account that will be configured on the AS400’s SFTP session to the EFT platform. In this case, the account name is AS400. If you have many AS400’s sending files to EFT, this rule can be configured using a list of accounts or a group of users. Each account needs to have access to the outbound folders, so you may want to use virtual folders. Additionally, it is always best practice to use key-based authentication with service accounts.
“Outbound” folder structure – To define the virtual folder name, create an outbound folder system that can be accessed by the AS400 user account. As new Event Rules are added to the site, the folder you create will be populated with unique folders for each outbound feed. The AS400 will need to upload files into the proper outbound client subfolder.
MORE INFORMATION
Refer to the attached PDF for details of how to build the Event Rule.