SFTPPlus - FAQ
Secure file transfer using Open Standards
(SSH, SFTP, FTPS, HTTP, PGP etc) plus additional audit & automation for enterprise strength usage 
 
                     


         


What is FTP?
FTP is an abbreviation for File Transfer Protocol and is a method of transferring files across the internet and TCP/IP networks. The standard software is free and operates on most operating systems. It suffers from the disadvantages of a lack of automation, security, control and audit. It is also manually operated and is not easily integrated into enterprise systems.
 

What is SFTP?
SFTP is an abbreviation for Secure File Transfer Protocol (a.k.a. SSH File Transfer Protocol or Secure File Transfer Program). Files may be transferred across the internet and TCP/IP networks with the security of SSH (developed by SSH Communications Security). SSH programs provide strong authentication and encrypted communications and there are standard free versions of SFTP available. It suffers from the disadvantages of a lack of automation, control and audit and is not easily integrated into enterprise systems.

What is SFTPPlus?
SFTPPlus is provided as a fully supported server and/or client for enterprises who wish to use the security of SSH and other open standards together with additional audit and automation for enterprise file transfers. Transfers may be made to/from internal as well as third party external SFTP servers and clients with NO requirement for additional software at the server side. It is designed to be integrated in enterprise systems. SFTPPlus for servers enables both sides to have the same audit and control - if preferred.

Is SFTPPlus supported?
Yes. ProAtria fully supports SFTPPlus and will provide suitable support arrangements to meet your needs – including options for 24x7. ProAtria also fully supports the open source components included.

Do I need to install SFTPPlus at both sides of a transfer?
No. Transfers may be made to/from internal as well as third party external SFTP servers with NO requirement for additional software at the server side. A version of SFTPPlus for servers enables both sides to have the same audit and control - if preferred.

Is there a server as well as client edition available?
SFTPPlus Server edition is also available & enables both sides to have the same audit and control - if preferred.

Which do I need - Server or Client?

The client component is used to send files to the server, or pull files from the server.

With the SFTPPlus server installed at your site, and the client (SFTPPlus or other) installed at a customer site, then the customer can send files to you, and get files from you.
 
With the SFTPPlus client installed at your site, and the server (SFTPPlus or other) installed at a third party site, then you can send files to the third party and pull files from them as well.
 
Therefore the customers and third parties can use a standard sftp client or server as appropriate but if they also use SFTPPlus they can have better control, automation and audit.  They can also have a pre-configured install to work with your system.
 
Therefore in some scenarios you may require the server only or client only or both.

Does SFTPPlus have FIPS 140-2 Certification?
We have started the process of obtaining certification for the SFTPPlus Crypto Module under FIPS 140-2 and expect to obtain certification during 2007 for Windows, Unix and Linux.
However it may help in the short term to note that we provide a FIPS compliant version of SFTPPlus using the OpenSSL FIPS object Module by Open Source Software Institute which is FIPS 140-2 validated and certified by NIST - Certificate No. 733. The certificate states: "......Products which use the above identified cryptographic module may be labeled as complying with the requirements of FIPS 140-2 .....".
The Security Policy for the OpenSSL FIPS Object module is available here by pdf download. (1,363kb 45 pages).

Can I use pre and post processing with SFTPPlus?
 Yes. Typically by incorporating simple commands, bat files or shell scripts.

What authentication options are there?
Currently the options include Windows Services, Active Directory, local or domain users, SSH public/private key certificates and includes database options.

Is there any centralised administration?
Yes. This is available.

What Alerts and Notifications can I receive with SFTPPlus?
Alerts are raised for specified conditions – options include SNMP, SMTP email alerts etc. The messages may be extended to other systems. Messages are comprehensive and allow for a number of conditions including ‘information’, ‘warning’ (e.g. retry), ‘error’ (e.g. continue), ‘severe error’ (e.g. stop) etc.

What audits and logs are created by SFTPPlus?
Comprehensive audit and logs are available to both event logs and message logs and are routed based on severity.

Can transfers be automated with SFTPPlus?
Yes – SFTPPlus will monitor an 'inbox' directory for a file or wait for a triggering event and then make an automatic transfer to single or multiple destinations of any file. Monitoring may be set to specified intervals.

Can the transfer be guaranteed as successful?
Yes. Retry is until successful or timeout. Additionally SFTPPlus will take a copy of the file and generate a checksum. The copy and checksum will be archived with a date & time stamp and write an entry to a log file. The original file is sent to the SFTP server and optionally will also send the checksum file. See also notifications, messages and audit.

How will I know the file was received?
SFTPPlus has the option to retrieve a response file after a successful upload. e.g. it will wait for 30 minutes, or until triggered, and check for response. If the response file is available, retrieve it and place in 'response' directory. Retry is until successful or timeout.

How do I avoid duplicate names in transfers with SFTPPlus?
The date and timestamp may be added to avoid duplicate names.

Does SFTPPlus support other protocols?
Yes. SFTPPlus also supports FTP and FTPS (FTP over SSL) as well as HTTP and HTTPS and PGP

How does SFTPPlus run?
SFTPPlus client runs as a service in Windows (Unix/Linux as a daemon)

Does SFTPPlus archive files?
All files are archived with a date & time stamp.

Does SFTPPlus meet FSA regulatory requirements?
SFTPPlus has been developed in close co-operation with a major insurance company to meet FSA requirements, and has sample configurations provided for both the FSA and Council for Mortgage Lending (CML) reporting environments. It is designed to be easily configured for future systems from these and other regulators as well as corporate requirements.

Can I use SFTPPlus for TRS, PSD, STR and other SFTP reporting?
Yes - SFTPPlus is designed to fully support Financial Service Authority (FSA) interfaces for Transaction Reporting System (TRS) Product Sales Data (PSD) and Securities Trades Reporting (Markets) XML documents using the System to System Interface.

Can I use SFTPPlus for HIPAA, SOX and other compliance purposes?
Yes - SFTPPlus is designed to be used in any environment that requires additional audit and management of Secure FTP. Security is met using options including AES & Triple DES - see the encryption options below. The additional audit and other features assists with compliance. 

Can I use SFTPPlus with NHSnet MTAs?
Yes - SFTPPlus is designed to integrate with users of the NHS Net Messaging Service. SFTPPlus integrates with and adds additional automation options for Message Transfer Agents (MTAs). This provides an easy to use and secure method of transferring the data with sufficient security to meet the requirements of privacy of patient identifiable information.

Does SFTPPlus use proprietary protocols?
NO - SFTPPlus uses standard protocols, such as SFTP, FTPS, HTTPS

What encryption is available?
SFTPPlus supports the standard SSH encryption protocols, including

  • AES (Rijndael) - 256, 192, or 128-bit CBC (SSH-2 only)
  • Blowfish - 128-bit CBC
  • Triple-DES - 168-bit CBC
  • PGP
  • SSL in the case of HTTPS and FTPS

Can SFTPPlus co-exist with other products?
Yes - SFTPPlus can co-exist with products such as CONNECT:Direct (NDM, Network DataMover) from Sterling Commerce and XCOM from CA - to provide additional options for enterprise secure file transfer.

Can I customise SFTPPlus
SFTPPlus has many customisation options. Additionally, the source code is included and may be customised as desired.

Can I guarantee the transferred file is intact?
SFTPPlus will generate an md5sum message digest which can be transferred with the original file to verify integrity.

How does SFTPPlus verify server ssh signatures?
SFTPPlus requires the signature of every server to be cached as part of the configuration. This prevents communications with unauthorised servers.

Can I use SFTPPlus to send to anyone?
Yes, but to ensure the system is not abused, the remote systems have to be pre-configured. SFTPPlus is not designed for uncontrolled transfers.

Does SFTPPlus require it's own hardware?
SFTPPlus is designed to run on an existing server. The overheads are low, and generally the network requirements would be the limiting factor.

Can I trial SFTPPlus?
Software is available for supported trials – please contact us.

What are SFTPPlus requirements and supported platforms?
Standard SSH SFTP
Windows NT/XP/2000/2003
UNIX (HP-UX (Intel & Itanium), AIX, Solaris Sparc, Solaris x86 Tru64)
Linux (Red Hat, SUSE etc) - Intel, PPC, SPARC, Alpha
Mainframe (os/390, z/OS)

What is the roadmap for SFTPPlus?
The Roadmap includes:
FIPS 140-2 accreditation
Support for:
AS/400
Mac
OpenVMS
Tandem/NonStop
and other platforms

Check for availability
 

Enquiries: sales@proatria.com

www.sftpplus.com

See Overview for SFTPPlus

See Features for SFTPPlus

See Other Uses for SFTPPlus

Download Overview for SFTPPlus (pdf)

Download FAQ for SFTPPlus (pdf)

Download Features for SFTPPlus (pdf)

Download Introduction to Pro:Atria (pdf)

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)

Windows XP (WindowsXP, WinXP, Win XP, WXP) windows NT (WindowsNT, WinNT, Win NT, WNT), Windows 2003 (Win 2003, Win2003, W2003), Windows .Net Server (Win .Net Server, Win.Net Server), Windows Server 2003 (Win Server 2003, WinServer 2003) Windows 2000 (Windows2000, W2K, Win 2K, Win2K, Win2000, Win 2000, W2000) Windows 98 (Windows98, Win98, Win 98), Vista

Mainframe, IBM OS/390 (os390, MVS, zSeries, z/OS, zos, z series, V2R10, V1R1, V1R2, V1R3, V1R4), VM, VSE, Linux, IBM OS/400 (os400, A/S 400, as400, iSeries, i series, AS/400, i5/OS V5R3, i5os) UNIX, IBM AIX (pSeries, p series), HP-UX (HPUX, HP UNIX), Sun Solaris, Compaq Tru64 (Tru 64), Novell Netware (Bindery, NDS), Linux, DEC VAX/VMS, Open VMS, OpenVMS, Oracle, SAP, MQ,

SSH server, SSH client, SFTP server, SFTP client, FTPS server, FTPS client, HTTPS, HTTP, FTP/S, solaris sparc solaris x86, mac osx, mac os x, mac 10, mac 9, Tandem, non stop, NonStop, HPUX Itanium HP-UX, PGP

TCP/IP (TCPIP), ODBC, FTP, Lotus Notes, Lotus Domino, Websphere, Apache Tomcat, BEA Web Logic (WebLogic), Tivoli Netview, Sun ONE Application Server, Microsoft .NET, SQL, LDAP, SQL Server, RACF (SecureWay Security Server), CA-ACF2, CA-Top Secret, Internet Explorer 6.x (IE6, IE 6), Internet Explorer 5.x (IE5, IE 5), Netscape 7.x, Netscape 6.x, Firefox, Mozilla, Opera

Completing the jigsaw
with solutions from:

 Identity Management, IdM, IAM, Provisioning, enhanced, managed, Secure File Transfer, Network, website, availability, performance, monitoring, monitor, Password Management, enterprise software solutions. CyberFusion, SIFT, SecurPass, Pro:Atria, EUA, RBAC, web site, single signon, sso, password synchronisation, password, self reset, Windows XP (WindowsXP, WinXP, Win XP, WXP) windows NT (WindowsNT, WinNT, Win NT, WNT), Windows 2003 (Win 2003, Win2003, W2003), Windows .Net Server (Win .Net Server, Win.Net Server), Windows Server 2003 (Win Server 2003, WinServer 2003) Windows 2000 (Windows2000, W2K, Win 2K, Win2K, Win2000, Win 2000, W2000) Windows 98 (Windows98, Win98, Win 98) Mainframe, IBM OS/390 (os390, MVS, zSeries, z/OS, zos, z series, V2R10, V1R1, V1R2, V1R3, V1R4), VM, VSE, Linux, IBM OS/400 (os400, A/S 400, as400, iSeries, i series, AS/400, i5/OS V5R3, i5os) UNIX, IBM AIX (pSeries, p series, rs6000, rs/6000), HP-UX (HPUX, HP UNIX), Sun Solaris, Compaq Tru64 (Tru 64), Novell Netware (Bindery, NDS), Linux, DEC VAX/VMS (OpenVMS, Open VMS), Oracle, SAP, MQ, TCP/IP (TCPIP), ODBC, FTP, Lotus Notes, Lotus Domino, Websphere, Apache Tomcat, BEA Web Logic (WebLogic), Tivoli Netview, Sun ONE Application Server, Microsoft .NET, SQL, LDAP, SQL Server, RACF (SecureWay Security Server), CA-ACF2, CA-Top Secret, Internet Explorer 6.x (IE6, IE 6), Internet Explorer 5.x (IE5, IE 5), Netscape 7.x, Netscape 6.x, Firefox, Mozilla, Opera , proatria, uk, Pro:Atria, proatria, uk, yeovil, somerset, west country, england, united kingdom, uk, great britain, gb,website design, webs by design, webs-by-design.co.uk, webs by design (global) ltd, bob osborn