Tumbleweed SecureTransport Product Family Overview

A TUMBLEWEED WHITE PAPER
Tumbleweed SecureTransport™
Product Family Overview
A Tumbleweed Communications Whitepaper
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
TABLE OF CONTENTS
Introduction ................................................................................. 3
Key Applications........................................................................... 4
SecureTransport vs. Other Means of Data Delivery....................... 5
Product Overview ......................................................................... 6
User Interfaces ............................................................................ 9
SecureTransport Architecture .................................................... 15
SecureTransport Standard Edition.....................................................................................15
SecureTransport Enterprise Edition ...................................................................................17
Deployment Configuration Options ....................................................................................19
Secure Data Delivery Functionality............................................. 22
Secure File Transfer...........................................................................................................22
Guaranteed Delivery ..........................................................................................................23
User Authentication and Authorization...............................................................................23
Audit Trails and Tracking ...................................................................................................26
Automation and Application Integration .................................... 27
Client-side Automation .......................................................................................................27
Server-side Active Agents..................................................................................................27
Transaction Manager .........................................................................................................28
Integrating Third Party Technologies with SecureTransport ...... 31
LDAP and Microsoft Active Directory .................................................................................31
Single Sign-on....................................................................................................................31
Mail Systems......................................................................................................................31
Sterling Connect:Direct ......................................................................................................31
ERP and EAI Systems .......................................................................................................31
Tumbleweed Products Integrated with SecureTransport............ 32
Tumbleweed Valicert Validation Authority..........................................................................32
Summary .................................................................................... 33
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
2
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
T h is o v erv i e w o f T u m b l ew e e d S ec ur eT r a ns p or t , a s e c ur e f i l e t r a ns f e r a n d a p p l ic at i o n i nt e gr at i o n p r o d u c t
f a m i l y , hi g h li g ht s t y p i c a l a p p li c a t i o ns w h er e T u m b l e w e e d c u s t om er s us e S e c u r eT r a n s p or t t o d a y a n d
d es c r i b es p r o d u c t c o m p o n e nt s a n d f e at u r e s t h at m ak e it t h e m os t s ec u r e a n d h i g he s t p e r f or m i ng s e c ur e
f i l e t r a n s f er s ol u t i o n w i t h t h e l o w e s t t ot a l c os t of o w n e r s h i p. T h e d oc u m e nt s h o w s c o m m o n d e p l oy m e nt
e nv i r o n m e n t s a n d m o d es , d is c us s es a p p li c at i o n i nt e g r a t i o n o pt i o n s , an d d es c r i b es h o w S e c u r eT r a n s p or t
is i nt e gr a t e d w it h e nt er pr i s e t ec h n o l o gi e s a n d ot h er T um b l ew e e d p r o d uc t s .
Introduction
Modern businesses depend on data much like the human body depends on oxygen for its fuel. Reliable and
secure delivery of data within an organization and with its partners, suppliers and customers is as crucial to
business operations as the heartbeat that pushes the oxygen-carrying blood throughout the human body.
Increasingly, traditional paper-based or private network-based methods of data exchange are being replaced by
solutions utilizing the Internet and other IP-based networks for critical data delivery.
Tumbleweed
SecureTransport is the recognized industry-leading open standards-based data transfer and integration solution
with the:
! Most security
! Highest performance, reliability, and scalability
! Best return on investment
! Lowest total cost of ownership
SecureTransport provides secure file transfer and application integration over the Internet and private IP networks.
It supports enterprise-class features including comprehensive authentication and access control, interactive,
automated and scheduled batch transfers, guaranteed delivery of very large files, data integrity, comprehensive
logging and auditing, event-driven agents, data transformation and application integration and a wide range of
inexpensive clients and other partner deployment options.
Based on these attributes, its rapid return on investment (ROI), and its ability to inexpensively enable enterprise
application integration, SecureTransport has been employed extensively in production applications by:
! 8 of the top 10 US banks, 3 of the top 5 Canadian banks, 3 of the top 10 European banks
! 12 of the leading health care insurers and claims processors
! 8 US state governments, 4 Federal civilian agencies and Department of Defense
! Fortune 500 companies in manufacturing, retail, pharmaceuticals, and high-tech industries
! 20,000 enterprise users exchanging data with banks, insurers, suppliers, partners and government
regulators
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
3
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Key Applications
SecureTransport is a proven solution used by major corporations to securely move business-critical data
between their back-office applications and geographically dispersed offices, customers, partners and suppliers.
Over 100 major corporations deploy SecureTransport at over 1000 sites. Use of SecureTransport ranges from
data transfer service for financial messaging to enterprise-wide secure and reliable file transfer infrastructure for
many applications and user communities.
The table below shows some of the more common uses of
SecureTransport.
Industry Sector
Banking,
Brokerage, and
Financial
Institutions
Insurance
Government
High Tech
Manufacturing
and Retail
Applications
!
!
!
!
Straight Through Processing for Treasury/Cash Management, ACH, Lockbox
Payment processing, Electronic Funds Transfer, check image transfer
Purchasing cards transaction reporting, delivery of reconciliation data
Delivery of loan documents, contracts, collateralized mortgage services
!
!
!
!
!
Health care claims processing, payments, remittance advise delivery
Member enrollment, eligibility inquiries and other administrative transactions
Communications with business partners for policy updates and changes
Regulatory reporting, intra-agency secure document delivery
Health insurance claims, retirement benefits services
! Product design collaboration, CAD/CAM, manufacturing and testing reporting
! Software delivery (developer community, product distribution & updates, disk
images)
! EDI, contracts and other supply chain processes
! Product collaboration, contract manufacturing, credit recovery
Tumbleweed’s SecureTransport solutions have been chosen by many of the world’s top Insurance, Healthcare,
Financial Institutions and Fortune 500 corporations to provide secure, reliable and automated data delivery
services. Sample customers include:
BANKING & FINANCE
HEALTHCARE & INSURANCE
GOVERNMENT
ENTERPRISES
ABN AMRO Bank
ADP
Alliance Data Systems
AXA Financial
Bank of Montreal
Bear Stearns
Deutsche Bank
JPMorgan Chase
MasterCard
NASD Regulations
Wells Fargo Bank
AdvancePCS
Aetna
Availity
BCBS Alabama
BCBS Florida
BCBS Kansas City
Independence BCBS
Horizon BCBS
Premera BCBS
Group Health Cooperative
MultiCare
Internal Revenue Service
California HHS Dept.
Connecticut Dept. of Labor
Department of Defense
Hawaii HHS Dept.
LA Dept. of Mental Health
Maryland Education Dept.
Minnesota HHS Dept
Texas Retiree Benefits Dept.
US Treasury FMS
Washington HHS Dept.
Dell Computers
DST Output
General Motors
Harrah’s Entertainment
Hudson Bay
Johnson & Johnson
May Department Stores
Sears
Singapore Airlines
Symantec
Verizon
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
4
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
SecureTransport vs. Other Means of Data Delivery
You may be considering some alternative means of secure data delivery.
The following table summarizes key
weaknesses of some alternatives and the advantages you gain with SecureTransport. A number of these areas
will be explained in further detail.
Technology
Traditional EDI
Weaknesses
! Very expensive (leased lines,
VAN charges, etc.)
! Complex new partner set up
! Too costly for smaller partners
VPN
FTP over SSL
Tools
Secure E-mail
Home Grown
Solutions
SecureTransport Advantages
! Internet-based delivery infrastructure costs a lot less
! Easily pays for itself in just a few months savings on VAN bills
! Easy to scale down for small partners with just Web access and large
partners demanding automation, mainframe access, etc.
! Protects confidentiality, but
doesn’t manage file transfer
! Complete solution: guaranteed delivery, integrity,
! Not scalable – too complex to
manage for extranet use
! Proven scalability, reliability of SecureTransport – used to link
thousands of commercial clients, business partners, regulators.
automation, integration, and data transformation
! Allows login to OS accounts
! Smaller partners/clients use just a web browser for secure transfers
! No legal-grade audit trails
! Requires only “virtual” users with no OS login
! No guarantee of data integrity or
delivery
! Complete: guaranteed delivery and data integrity, automation, application
integration, rules-based process integration
! No policy-based access control
! No legal-grade audit trail
! Field proven solution with many leading banks, financial networks,
insurance companies, manufacturing firms, etc.
! File size limitations
! More reliable real-time delivery, guaranteed
! No control over delivery or
forwarding
! Business process integration
! Large file support (checkpoint/restart), firewall-friendly
! Must maintain and extend yourself ! Professionally maintained and supported product family
! Platform coverage is expensive
! Available on many platforms with wide range of clients
! Hard to ensure security
! Ongoing security reviews by customers and certification bodies
! Expensive to support new
standards
! Evolving roadmap of new standards support and other features
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
5
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Product Overview
Banks & Other Financial
Services Deployments
A top 10 US bank over US$300 billion
in assets is using SecureTransport to
support over 70% of its file transfers,
including corporate treasury and cash
management data exchange with over
6,000 commercial customers. These
transfers include $35 billion in monthly
ACH payments as well as payroll files,
positive pay, lockbox, and numerous
other applications.
A global investment and commercial
banking conglomerate with over
US$700 billion in assets under
management is using SecureTransport
integrated with an internal PKI to
support secure document delivery for
treasury & loan securitization.
Tumbleweed SecureTransport is a secure, enterprise-class file transfer software
product.
It enables the transfer of valuable and sensitive information over the
Internet
in
a
secure,
reliable
manner
interactively
or
with
automation.
SecureTransport is designed as Web-enabled client-server software utilizing open
standards and technologies including SSL, FTP and HTTP. It includes a range of
server configurations, add-on options, and software clients designed to address the
varied needs of customer deployments at a low total cost of ownership (TCO).
Many companies use SecureTransport to secure their extranet connections,
replace costly leased lines, modem pools, and VANs, and streamline paper, fax and
phone-based processes within and outside the organization. SecureTransport
supports demanding, large-scale production processes in financial services,
insurance, supply chain, and other areas. The figure below shows some of the
common deployment components.
A leading central bank is using
SecureTransport to support treasury
operations for federal agencies and as
part of the national network supporting
clearing services between 13,000
banks.
A global inter-bank payment network
uses SecureTransport to provide a
bank-to-bank bulk data delivery for
automated financial transactions
between its 6,000 member banks.
A top 10 US bank and a leading
issuer of corporate procurement
cards has deployed SecureTransport
within its corporate services portal to
provide reliable and confidential
reporting of p-card transaction data to
its corporate customers.
A leading European bank with global
operations uses SecureTransport in
two business units around the world –
one of them in cash management to
automate treasury operations for its
corporate customers, the other in its
equity trading business to provide
position reports to the investment funds
using their services.
SecureTransport provides several advanced capabilities required for secure, robust
and automated data delivery in business-critical environments.
Security. To provide the highest levels of security SecureTransport incorporates
state-of-the-art features to:
! Protect the data during transfer and in storage
! Verify user credentials and control user access
! Create provable audit records
! Track data transfers between parties
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
6
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
SecureTransport leverages the FIPS 140-1 Level 1 certified crypto library, the highest level of certification
available to software implementations. It also supports Hardware Signing Modules if your environment requires
FIPS 140-1 Level 2 through 4 certifications.
Performance and Reliability. To meet the highest performance and reliability requirements of business-critical
applications, SecureTransport:
! Supports large numbers of concurrent connections
! Optimizes throughput for delivering very large volumes of data
! Leverages clusters of multiple servers for load-balancing and high availability
! Scales well to support many thousands of users
Return on Investment. To maximize your ROI and protect existing investments in enterprise IT solutions,
SecureTransport is designed with maximum flexibility to:
! Support multiple applications with interactive, automated, and scheduled batch transfers
! Support diverse user communities through a wide range of protocol and security options
! Easily integrate with common enterprise authentication and user management solutions Provide robust,
cost-effective integration with back-end applications, databases, and customer’s EAI solutions
Total Cost of Ownership. To ensure that the benefits of maximum ROI flow to the customers’ bottom line,
SecureTransport provides the lowest ongoing total cost of ownership, through:
! A range of low-cost partner deployment options,
! Centralized administration and auto-synchronization for clustered servers
!
Scalable user management methodologies including built-in support LDAP and MS Active Directory, as
well as agent-based integration with centralized identity management systems
! Centralized management for partner communities
User Connections. Interactive and automated access is provided to support internal and external users and
applications. End users have a number of options for interactive, batch, or scheduled connections:
! Web browser with optional SecureTransport ActiveX control over HTTP and HTTP/S
! SecureTransport GUI and command line clients over FTP, FTP/S, HTTP and HTTP/S
! Third party ftp and secure ftp (RFC2228 compliant) clients over FTP and FTP/S
For applications, client side integration capabilities are provided via two options:
! Command line clients callable from a script or an application
! Software Development Kit (SDK) with Java APIs for application integration.
Back-end Application Integration. In addition to using SecureTransport for interactive data exchange many
customers also take advantage of its data and application integration capabilities when using SecureTransport in
conjunction with key business applications.
Secure data exchange over the Internet enables cost-effective
business process integration for legacy and new applications, expanding the reach of new services to a wider
range of customers, suppliers and partners.
Server side integration is rule-based and supports two levels of rules:
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
7
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
! Event-based implicit rules trigger custom agents on a variety of user access and data transfer events,
including login, directory access, upload/download, ftp/http commands.
! Transaction Manager’s explicit rules combine events with extended conditions and trigger multiple
agents; it also supports grouping rules to create comprehensive business processes.
This wide range of extensibility options enables SecureTransport to be used as an enterprise-wide platform,
integrating secure file transfer into multiple business processes and applications. Business processes which
required sending paper documents or computer media by post or courier, using insecure, unreliable file transfers,
or paying VAN charges for EDI connections will benefit from significant reductions in turn-around time, greater
security, and lower cost.
Server Editions. To respond effectively to the range of the deployment requirements, Tumbleweed offers
SecureTransport in Standard and Enterprise Editions.
The Standard Edition supports the full range of the
protocols and clients, includes an event-driven integration framework for custom agents, and supports the
optional Repository Encryption module. The Enterprise Edition offers additional benefits in the area of highergrade security, more manageability for large-scale deployments, and a more advanced integration framework.
The chapter on SecureTransport Architecture describes the differences between the two in more detail.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
8
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
User Interfaces
Users and applications can interact with SecureTransport in a variety of ways, including from the command line
of a number of supported operating systems, a native Windows GUI, a Web GUI, through scripts, or the API
provided by the SDK. The SecureTransport administrator can set administrative policies, create users, enable
Active Agents, and perform other administrative tasks from either a web-based administrative interface or from a
command line.
End users also have a variety of choices for how to interact with the SecureTransport system. This section
provides details about the different client-side user interfaces and the abilities each has when interacting with
SecureTransport servers.
The following table summarizes the capabilities of the client-side user interfaces and is followed by more detailed
descriptions of the clients on various platforms.
The following sections provide further details for specific components.
Partner Edition
The SecureTransport Partner Edition works with the SecureTransport Enterprise Edition Hub Manager to
provides secure reliable file transfers from the hub to a spoke and from a spoke to the hub. Its managed
registration process sets up mutually authenticated HTTP/S connections between each partner and the hub;
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
9
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
defines application-specific mailboxes for bi-directional transfers; manages guaranteed delivery, data integrity
checking, full SSL security, and automation for file routing and processing; and consolidates logging for
community-wide auditing and reporting. The Partner Edition is easy to manage and deploy—either as a singleuser or application end-point, receiving incoming files from the hub and monitoring new files in the designated
mailbox folders for delivery to the hub. You can also deploy it as a multi-user gateway with full remote client
access for downloading incoming files and uploading outgoing files.
Partner Edition (Gateway) is a mini-server that registers with the Hub, synchronizes configuration, triggers
mailbox-specific actions for incoming transfers, and manages outgoing transfers. Supports folder watcher and
remote client connections to receive incoming files and upload outgoing files. It also supports all the FTP,
FTP/SSL, HTTP, and HTTP/S protocols for remote client connections and can be deployed as VPN-like data
concentrators for data transfers with an Enterprise Edition Hub.
Partner Edition (Single User) works with the Enterprise Edition Hub in much the same way as does Partner
Edition (Gateway), but is designed for single user or application end-point without support for remote clients.
UNIX Client
The SecureTransport Client for UNIX is a command-line client that runs on Solaris, HP-UX, AIX, and Linux. You
can use the command line interactively, or you can incorporate SecureTransport Client commands into a script.
With the SecureTransport Client for UNIX, users can:
!
Reliably transfer files with auto-restart, data integrity checking, and checkpoint/restart
!
rd
Schedule transfers for automated, unattended operation using native UNIX scheduler or 3 party system
schedulers
!
Log on to SecureTransport using user ID and password or X.509 certificates for authentication
!
Upload and download files using secure FTP or secure HTTP communications, even through a firewall or
proxy
!
Depend on secure communications through SSL encryption
Windows Client
The SecureTransport Client for Windows 98, NT, 2000, XP, and 2003 provides the full SecureTransport client
functionality through an easy-to-use graphical interface that is familiar to Windows users. Users can select files
and folders from a Windows Explorer-like view and can drag and drop icons to control file transfers. The
following screenshot shows a transfer in progress from the local folder in the left pane to the server folders in the
right pane.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
10
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Figure 1. SecureTransport Windows Client with Transfer in Progress
With the SecureTransport Client for Windows, you can:
! Reliably transfer files over unreliable connections with auto-restart, data integrity checking, and
checkpoint/restart
! Schedule transfers for automated, unattended operation
! Depend on secure communications through SSL encryption
! Log on to SecureTransport using user ID and password, digital certificates, or smart cards for authentication
! Upload and download files using secure FTP or secure HTTP communications, even through a firewall or
proxy
The same SecureTransport Client functionality is also available from the Windows command line. You can use
the command line interactively, or you can incorporate SecureTransport Client commands into a script.
OS/390 and z/OS (MVS) Client
For enterprises that use their OS/390 mainframes in an environment that also includes UNIX and/or Windows,
the SecureTransport Client for OS/390 provides secure data transfer operations to move important data to and
from mainframes in a secure manner.
The SecureTransport Client for OS/390 is a command-line client that runs on OS/390 release 2.4 or later. It runs
in the Unix System Services environment and can be executed as an MVS batch job, or as a TSO command
processor. To run in MVS or TSO, it must be link-edited under MVS.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
11
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Like the UNIX command-line client, you can use the command line interactively, or you can incorporate
SecureTransport Client commands into a script.
With the SecureTransport Client for OS/390, you can:
! Reliably transfer files over unreliable connections with auto-restart, data integrity checking, and
checkpoint/restart from a TSO command line or Unix System Services shell
! Include secure file transfers in JCL jobs for an automated, unattended operation
! Depend on secure communications through SSL encryption
! Leverage built-in ASCII/EBCDIC conversion mechanism
! Upload and download files using secure FTP or secure HTTP communications, even through a firewall or
proxy
AS/400 Client
If you or your customers use IBM AS/400 or iSeries servers for applications and need to securely exchange data
with external systems, the Tumbleweed SecureTransport client for OS/400 provides connectivity to Windows,
UNIX, or Linux based SecureTransport Servers. A command line client leveraging OS/400 java environment, it
provides all of the core SecureTransport features, including:
! Reliably transfer files over unreliable connections with auto-restart, data integrity checking, and
checkpoint/restart
rd
! Schedule transfers for automated, unattended operation using native AS/400 scheduler or 3 party system
schedulers
! Securely authenticate to SecureTransport server over SSL session to protect your user ID and password
! Upload and download files using secure FTP or HTTP/S communications, even through a firewall or proxy
! Secure data being transferred through SSL encryption
This command line client can be invoked interactively from qsh shell or used in applications and scripts for
automated batch connections.
Web Browser
For simple deployment and light users of SecureTransport, the Web client is a popular alternative to installing
SecureTransport Clients on every desktop.
With the Web client, users can:
! Log on to SecureTransport using user ID and password, digital certificates or smartcards for authentication
! Upload and download files using encrypted HTTP/S communications, even through a firewall or proxy server
! Depend on secure authentication using userid/password or digital certificates
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
12
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Figure 2. SecureTransport Browser-based Client Interface with Transfer in Progress
When using MS Internet Explorer on a Windows platform with ActiveX enabled, SecureTransport ActiveX control
provides additional features during file uploads and downloads:
! Auto restart in the case of a failed transfer
! Data integrity checking
! Checkpoint/restart
Unlike command line and GUI clients, however, the Web client does not provide the following features:
! Scheduling
! FTP as a communications protocol
! Command-line automation or scripting
Hub-and-Spokes Deployment
Unlike traditional point-to-point systems, which require complex servers to be deployed on both sides of a pointto-point transfer, SecureTransport can use lightweight clients to connect to the server (or a cluster of servers) or
another client via a server “hub.” This hub-and-spokes model makes SecureTransport a preferred solution in
any large deployment where many applications and users need to be interconnected.
Instead of managing
many one-to-one connections with their own protocol, security, and delivery options, you can manage the
connections from all the spokes through a centralized hub. While each spoke connection can still leverage its
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
13
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
own set of options, the management of these occurs in one place – on the hub servers. And when adding a new
spoke, you need only to define a single connection to the server, instead of several point-to-point connections.
Figure 3. SecureTransport’s Hub-And-Spokes Architecture is Less Costly and Simpler To Manage
SecureTransport’s hub-and-spoke architecture minimizes deployment and operational management costs in
several ways:
!
Much lower acquisition and ongoing software maintenance costs for client software compared to servers
!
Much lower end-user deployment and training costs – client software is designed for ease-of-installation and
ease-of-use within a non-technical user community.
It can be downloaded and installed in minutes,
providing reliable trading partner connections in a few clicks.
!
Much lower trading partner IT costs. Server-to-server extranet deployments require trading partners’ IT and
security personnel to provide operations support and manage their firewalls in a manner that complies with
both partners’ security policies. Once the firewall ports have been opened for these incoming connections,
they need to be monitored for intrusion detection – an expensive and labor-intensive process. Using client
software to initiate all connections significantly reduces and often eliminates these issues and costs.
!
Lower end-user support and helpdesk costs because there are fewer customer questions or issues. There’s
also simpler maintenance and upgrade process when only internally managed servers are deployed.
Upgrading and managing software patches on externally deployed servers can be a significant cost factor
for an IT organization.
SecureTransport also provides the flexibility of Hub-and-Spoke connections for applications that require hubinitiated connections. This deployment mode can leverage Partner Edition as the spoke and SecureTransport
Enterprise Edition as the Hub.
In addition, SecureTransport’s agent framework can be used for outbound
delivery to third party servers.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
14
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
SecureTransport Architecture
This section describes key SecureTransport components and their relationship.
It also highlights the core
differences between the Standard and Enterprise Editions of the product.
SecureTransport Standard Edition
The following diagram shows the key components in the SecureTransport Standard Edition.
Figure 4. SecureTransport Standard Edition Architecture
Key Components of the Standard Edition
Clients
Clients initiate connections to the server and negotiate session security settings. After the session has been
established, clients navigate to user’s home directory on the server and provide a listing of available files. Users
can initiate uploads and downloads, navigate to another accessible directory, and, if permitted, issue commands
to delete files, make sub-directories, etc.
Tumbleweed clients provide additional capability to manage file
transfers and restarts to provide guaranteed delivery and data integrity, and if possible, restart a failed transfer
from the point of failure rather than at the beginning.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
15
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Healthcare Insurance
Customer Deployments
A major insurance company serving
over 65% of US healthcare market
deployed SecureTransport to support
sensitive data exchange, including
Protected Health Information (PHI) with
over 3,000 organizations such as
healthcare providers, pharmacies, other
insurance companies and government
regulators. This customer has vastly
reduced leased line costs, reduced claim
processing time from 60 days to 15,
substantially reduced error rates and
reprocessing costs – in the process
saving an estimated US$25 million in the
first year.
A regional Blue Cross/Blue Shield
insurer implemented SecureTransport
for speeding up and increasing the
effectiveness of their claims processing
solutions. Strict adherence to industry
standards, compliance with HIPAA
security and privacy guidelines, and
ease of use helped them streamline
operations and reduce costs.
Insurance claims processors and
benefits administrators use
SecureTransport to connect with
insurers, MCOs, healthcare providers,
and corporate customers. These
processors securely move files and
messages containing Protected Health
Information (PHI), such as claims,
payments, and patient records and
benefits administration information
around the country. Regulatory
compliance, scalability, and wide range
of inexpensive access options for
interactive and automated transfers are
key requirements for these processors.
State Departments of Health and
Human Services are using
SecureTransport for their secure data
transfer needs. These agencies are
transferring patient records, benefits
administration data, welfare claims, and
Medicaid and Medicare information. All
of these data streams contain
confidential personal information that is
protected by SecureTransport in
accordance with federally mandated
HIPAA privacy and security regulations.
Hardened HTTPD Server
Accepts and validates incoming HTTP and HTTP/S connections, processes HTTP
commands and file transfers. Based on specified event types, it triggers Event
Manager and passes relevant parameters. For some agent types this includes the
incoming data stream.
Hardened FTPD Server
Accepts and validates incoming FTP and FTP/SSL connections, processes FTP
commands and file transfers. Based on specified event types, it triggers Event
Manager and passes relevant parameters. For some agent types this includes the
incoming data stream.
Active Agent Server
A processes event triggered in Event Manager and executes Active Agents in the
Scripting Engine environment. Agents can be triggered to handle:
! Authentication and authorization events to support enterprise authentication
requirements, including LDAP, Single Sign-on solutions, certificates, and
other enterprise authentication solutions.
! Data transfers and user commands, in order to extend server behavior in
application-specific manner, route the incoming data to back-end applications,
notify users or operations staff of key events or exceptions, etc.
Administration Server
Manages all SecureTransport components and provides a Web UI to manage
configuration options, security settings, user accounts and agent specifications.
The administration server also monitors transfer activity and provides a number of
real-time and periodic reports. In a cluster of SecureTransport installations, the
administration server of a defined “master” server can synchronize configurations
for all the defined “slave” servers. This ensures consistent security settings, user
accounts, and other configuration information when multiple servers are used
together.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
16
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
SecureTransport Enterprise Edition
Popular with our banking customers and large enterprises, the Enterprise Edition was designed for customers
with high-grade security requirements, large-scale deployments or more advanced integration needs.
The
Enterprise Edition builds on SecureTransport Standard Edition and includes these additional components and
capabilities:
! An Application Proxy component for secure DMZ streaming deployment
! Transaction Manager for rule-based integration options using Active Agents or Java agents
! Signed Audit Records for tracking file transfer transactions and non-repudiation
! Hub Manager for configuring and automating bi-directional file transfers with Partner Edition
As shown on the following diagram, the Enterprise Edition can be deployed on two servers: an Application Proxy
server in a DMZ and a Data Management server on the secure network, with secure streaming connections
between the two servers.
Figure 5. SecureTransport Enterprise Edition Architecture
Additional Components in the Enterprise Edition
This section describes components unique to the Enterprise Edition. All Standard Edition components described
earlier are included within the Application Proxy and Data Management servers.
Application Proxy Server
Designed for enterprise boundary deployment, SecureTransport Application Proxy is used when enterprise
policies and regulatory requirements preclude storing sensitive data in the DMZ. It provides a multi-protocol
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
17
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
point of connection and authentication in the DMZ without storing any data on disk. It accepts external client
connections and authenticates them using SecureTransport account information or enterprise authentication
solutions, such as LDAP directories or Single Sign-on services. It supports strong authentication, including
digital certificates and smartcards, as well as user ID/password.
For an authenticated connection, the
Application Proxy:
! Validates all commands for protocol conformance
! Converts all supported protocols into a single secure connection to the Data Management server
! Uses the Data Management Server Connector to stream the data on uploads and downloads between
external clients and the Data Management server.
Data Management Server
Managing the data repository and providing back-end integration are the two key roles of the Data Management
Server. It provides the following services:
! Manages streaming connections with the Application Proxy server in DMZ
! Provides secure repository (with optional encryption) for the transferred data
! Manages access control based on specified access policies and permissions
! Provides an embedded Application Proxy to support internal client connections
! Creates and manages signed digital receipts for all transfers and exceptions
! Triggers Active Agents based on specified events for custom processing
! Runs Transaction Manager’s Rules Engine, which evaluates rule conditions and, when met, triggers external
and in-process agents.
Data Management server components in the Enterprise Edition are described below.
Transaction Manager
Designed to provide richer and more flexible integration framework, Transaction Manager is based on a powerful
rules-based parallel execution engine. Rules are defined with simple or compound conditions, which include
SecureTransport events, environment variable evaluations, and external functions. Each rule also specifies one
or more agents to be executed when conditions are met. Transaction Manager provides a Web-based rules
editor to define and manage rules and combine application process or policy-related rules in to a rules package.
At run time, Transaction Manager’s engine evaluates all enabled rules in the system and triggers actions for
rules whose conditions have been satisfied. Actions can include externally executed scripts or programs and inprocess Java agents executed within Transaction Manager’s persistent Java Virtual Machine (JVM.) Because
the JVM is always loaded, the in-process Java agents start up much faster compared to invoking a JVM in a
script agent. The Transaction Manager includes a session-keyed state manager, which allows in-process Java
agents to maintain and to share session information, transaction attributes, or other context with each other.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
18
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Hub Manager
The Hub Manager in the Enterprise Edition server works in tandem with Partner Edition Clients or Gateways to
automate the configuration, partner registration, mailbox setup and authentication processes. All of the security
and protocol settings are predefined by the Hub and downloaded to the Partner on the first connection, relieving
the Partner from many administration tasks. It includes
▪
Partner Community Manager which defines and authorizes Partner registrations, predefines Partner
mailboxes and security settings, and communicates these to the Partner on the first connection, relieving
the Partner from many administration tasks. It also includes an agent for consolidating Partner logs
(transferred by the Partners on a regular schedule using a built-in utility) in to a relational database over a
JDBC connections. Sample reports are provided based on Crystal Reports.
▪
Web Mailbox Viewer which provides Web clients with access to mailboxes, allowing them to upload files
for outgoing delivery, retrieve or delete incoming files, and view mailbox reports.
▪
Partner Transfers Manager which ensures reliable and secure delivery of outgoing files to Partners,
manages pre-defined transfer schedules, provides a file watcher for external directories, and includes
monitoring and reporting functions within the administrator interface.
Hub and partner communicate over HTTP/S protocol for greater security with mutually authenticated 128-bit SSL
sessions and easier firewall navigation. SecureTransport’s guaranteed delivery and data integrity features
combined with checkpoint/restart mechanism assure reliable delivery of very large files even over unstable
network connections. Hub Manager includes a folder watcher process allowing files for delivery to a Partner to
be dropped in a monitored folder associated with a specific mailbox. Files for outbound delivery to a Partner can
also be uploaded into a mailbox’s outgoing folder by authorized users and applications using a remote client or
browser connection. The transfers to the Partner are based on the schedule set up for the Partner or a specific
Mailbox. End-users and applications access the mailboxes using SecureTransport’s Web Client interface or any
supported clients to securely and reliably download incoming files and upload files for outgoing transfers. Web
Client users can also view status of transfers, delete files, and restart transfers for pending files.
Hub Manager also includes an agent for consolidating Partner logs (transferred by the Partners on a regular
schedule using a built-in utility) in to a relational database over a JDBC connections. Hub administrator can then
use any enterprise reporting tool for a community-wide view of all transfers provided by consolidated logging.
Sample reports are provided based on Crystal Reports.
Deployment Configuration Options
Tumbleweed customers have a range of SecureTransport deployment options that extend this basic
configuration to meet their specific requirements.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
19
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
High Availability. An automatic fail over and load-balancing configuration can be achieved using a cluster of
SecureTransport servers set up with a load-balancing solution (hardware or software) that can detect a failed
server and reroute client requests to the other available servers. SecureTransport clients feature automatic
restart for failed connections, making the fail over a transparent event from the user’s point of view.
SecureTransport HA configurations can be run as active/passive whereby some servers are on standby and
aren’t used unless an active server fails, or as active/active where all servers are running concurrently and can
take over a failed server’s load if required. The diagram below illustrates a typical High Availability configuration
using replicated SecureTransport Enterprise Edition servers.
Figure 6. SecureTransport Enterprise Edition in High Availability Deployment
SecureTransport Standard Edition can also be deployed in a load-balanced configuration for load sharing and
automatic fail-over.
To ease the management of such configurations, SecureTransport provides “master/slave” synchronization
capability that allows a single “master” server to automatically mirror its configuration and user administration
information to one or more “slave” servers. This capability allows any SecureTransport configuration changes or
new account creation to be made once on the “master” server and be automatically replicated to other
SecureTransport servers.
Remote Agents. The Active Agent Framework can reside on a separate server from the SecureTransport data
transfer processes (httpd and ftpd.)
This allows customers to offload agent processing for reasons of security,
load management, or when agents require access to dedicated resources.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
If you want to deploy this
20
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
configuration you can install SecureTransport on the front-end machine handling Internet connections and the
Active Agent Server on a remote machine. When defining agents on the front-end machine, you can specify the
IP address of the remote machine for any agent defined. This will allow SecureTransport to trigger these agents
using remote machine’s Active Agent Server.
Server-to-Server Transfers.
Some customers deploy SecureTransport in Server-to-Server mode for bi-
directional connection initiation. The Hub server running SecureTransport Enterprise Edition is typically used as
a gateway whereby a file uploaded by a client to its “home” server is automatically transferred to another server
running SecureTransport Partner Edition. In a typical gateway connection, the triggering event is client’s upload
of a file for delivery to another server or appearance of a new file in a server directory designated for folder
monitoring. Partner Edition can be deployed with a Client license for a single user/application connection, or with
a Gateway license, which supports remote client connections. The guaranteed delivery transfers with data
integrity verification, auto-restart on failures, checkpoint/restart for mid-file recovery, and scheduling capability
are available in the Enterprise Edition Hub server and both versions of the Partner Edition.
Consolidated
logging allows the Hub server to provide centralized reporting for the entire community in addition to local
reporting capabilities provided by each server.
Figure 7. SecureTransport Server-to-Server Delivery
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
21
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Secure Data Delivery Functionality
SecureTransport provides secure file transfer over multiple protocols. At several points before, during, and after
a file transfer operation, SecureTransport agents and rules can be triggered by the application events. This
section describes core aspects of SecureTransport file transfer, including a range of security options.
Secure File Transfer
The core functionality of SecureTransport is the ability to transfer data
securely. From a client at the UNIX command line, a Windows GUI, a Web
browser, a client at the MVS or AS/400 command prompt, or a custom client
built using the SecureTransport SDK, users can securely connect to a
SecureTransport server, navigate to an appropriate directory or mailbox,
and initiate upload, download and file system commands. An application
can initiate the same actions using a native or Java command line client in a
script, an API provided by the Java SDK, or using an MVS client as a TSO
command processor or in a batch JCL job.
Security is provided by:
! Strong user authentication, validating user credentials against
SecureTransport user accounts or accounts maintained in an enterprise
authentication system
! Encrypted transfer channel securing the connection between the client
and the server with SSL, using FIPS 140-1 certified software and,
optionally, HSMs.
! Transparently encrypted repository which secures the data on the
server and in the server file system backups
! Restricted access policies specified by the administrator for various
user classes
! Shared folder permissions specified by their owners in Access Control
Lists
When
a
user
logs
in
to
the
SecureTransport
Server
using
a
SecureTransport Client (or Web browser), SecureTransport opens a secure
session between the client and the server so that important information,
such as user ID, password, commands, file names, and data are encrypted.
It does this by utilizing end-to-end SSL encryption during control and data
channel setup and file transfer.
SecureTransport supports several
encryption algorithms including DES, 3DES, RC4 and RC2. Unlike many
FTP servers, which allow passwords to be exchanged in the clear (and thus
easily
intercepted),
SecureTransport
does
not
pass
authentication
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
Enterprise/Supply Chain
Customer Deployments
A major security software vendor uses
SecureTransport to deliver sensitive data
to its customers. In response to one
security incident, their SecureTransport
servers securely moved more than a
terabyte (1000 GB) of data a day with
over 1,400 concurrent connections.
A leading clothing and sportswear
manufacturing company has deployed
SecureTransport in US and in Europe for
secure exchange of sensitive design and
manufacturing information between its
many contract design shops and
factories spread throughout the world.
Securing their intellectual property while
taking advantage of Internet data
delivery has allowed them to bring new
products to market sooner with lower
costs – resulting in market share gains
for their products.
A billing services company is using
SecureTransport for reliable and
confidential delivery of a large volume of
bills and invoices from utility companies
into its bill printing and electronic bill
presentment services. This resulted in
significant cost savings compared with
proprietary data collection networks and
attracted new customers.
A major global logistics firm is using
SecureTransport to manage the software
distribution and upgrades for terminals
installed by their clients, allowing them to
reliably deliver customized software
upgrades to thousands of users.
A major computer vendor is using
SecureTransport to deliver pre-release
software to its large, globally dispersed
community of external developers,
creating watermarked packages for
every access to enable them to track any
unauthorized release of the software.
22
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
information until the encrypted SSL session is established. After authentication, all files are transferred through
this encrypted tunnel.
In addition, SecureTransport can be deployed to minimize the exposure of data stored in a sensitive location.
The Enterprise Edition provides a 2-tier solution based on the SecureTransport Application Proxy, which streams
the data securely across a sensitive location such as the DMZ and delivers it reliably and securely to the
SecureTransport Data Management server on the secure network. Further, to ensure that system administrators
or backup managers (including offsite backup custodians) do not have clear access to the sensitive data,
SecureTransport provides an optional Repository Encryption module, which will encrypt all data stored on disk
with a master key set transparently to the users.
The data remains encrypted on the server and is only
decrypted on download.
Guaranteed Delivery
The file transfer functionality in SecureTransport is based on industry-standard protocols: FTP and HTTP.
When you’re transferring business data, data integrity is paramount. You need the assurance of knowing that
the data values are correct and that you have received the whole file, not just a portion of it.
However, neither protocol by itself can protect against a dropped connection resulting in a corrupted or partial
file. SecureTransport adds special extensions to the transfer protocols to ensure a more robust, reliable, and
efficient transfers. Each transfer between a SecureTransport client and SecureTransport server is checked for
data integrity by having a checksum of the transferred file calculated and compared by the two sides. If the
checksums agree, the file transfer is considered complete and accurate; if not, the file is retransmitted until the
checksums match.
In case of a dropped connection, the client will automatically attempt to reconnect after a specified wait period.
SecureTransport’s checkpoint/restart feature allows the client and the server to determine if the partially
transferred data is accurate up to the point when the connection dropped. If it is, the transfer is restarted from
that point to ensure it completes quicker and uses the least amount of bandwidth. For example, if a 4 MB file
fails after 3 MB has already been transferred, the restarted transfer transmits only the remaining 1 MB. This
saves time, improves performance, and uses less bandwidth. If the transfer cannot be restarted from the point
where the connection was interrupted, SecureTransport restarts it at the beginning to ensure complete data
integrity.
User Authentication and Authorization
Key components of the SecureTransport security model are user authentication and permissions.
User
authentication and permissions specify who is allowed to use the system, what credentials they have to present,
what actions they can take, and which directories and files they are allowed to view and manipulate.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
23
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
User Authentication
Before a user or an application can upload or download files from SecureTransport Server, the system requires
the user or the application to provide identification credentials. (SecureTransport can allow anonymous access,
like a standard FTP server, but even that case involves a user authentication step.)
The SecureTransport Server can be used with a number of authentication methods:
! User ID and password (with configurable strong password requirements)
! LDAP and Microsoft Active Directory authentication
! Digital Certificate authentication (soft certs or smartcards) with OCSP validation and Identrus rules
! Custom authentication using Active Agents and, in the Enterprise Edition, the Transaction Manager rules.
SecureTransport customers use a number of enterprise authentication and Single Sign-on systems,
including:
»
Network authentication systems such as RADIUS
»
RSA SecurID/Ace Server with SecurID tokens
»
IBM Tivoli Access Manager/WebSeal (former Policy Director)
»
Single Sign-on environments, e.g., Netegrity SiteMinder, IBM WebSphere
»
Mainframe security systems such as ACF2.
Custom development of Active Agents for individual customer environments can be provided by the Professional
Services organization.
When used with digital certificates, SecureTransport accepts standard X.509v3 certificates. It works with most
PKIs, but also provides a built-in PKI for issuing certificates when customers prefer the convenience of an
integrated solution.
This wide range of authentication options preserves customers’ investment in their existing enterprise security
solutions and allows them to maintain central control over user credentials to optimize user management costs.
Access Permissions and Policies
After the SecureTransport Server checks the user’s credentials, it determines what the user should be allowed to
do, based on a number of factors. Access policies can be defined broadly on the basis of user classes or
narrowly based on the IP address of the user (Host Access), user’s role and the group to which the user belongs.
SecureTransport administrators can use a combination of application-level access controls and file system-level
access controls to define a user’s authorization. Through these mechanisms, user access can be restricted in
several dimensions, including:
! Restricting the client IP address
! Restricting the user to a specific home directory
! Allowing a group of users to share directories
! Restricting which actions may be performed in each directory (upload, download)
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
24
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
! Restricting which commands a user may perform (e.g. disable “DELETE”)
! Requiring a group of users to use encryption
Government Deployments
! Restricting user access to within certain days/times
In addition, other access controls can be added with the use of ActiveAgents,
including external authorization lookups (e.g., an enterprise-wide partner access
rights database) and Web-based interaction with the user (e.g., asking the user to
agree to specific access terms or enter an additional password).
User Classes
The user permissions in SecureTransport are based on membership in different
A state government in the US
Northeast has deployed
SecureTransport to replace a traditional
process for regulatory reporting, which
required tens of thousands of companies
to send paper and/or magnetic media to
state’s Department of Labor every
quarter. Replacing this process with
secure Internet data delivery enabled the
State to significantly reduce their internal
costs and reduce compliance costs for
companies in the state.
groups and classes. SecureTransport can use user classes to apply broad
policies. For example, you can require a specific user class to connect over SSL.
A user class can be defined as a combination of user type, user name, user group,
and IP address. The user types are described further below.
You can make
classes more restrictive by specifying values in all the fields, or more open, by
using wildcard characters, for example, to specify that all virtual users from any
address must connect using SSL-enabled clients.
User Types
There are three types of users in SecureTransport:
!
Real – Users who have system permissions based on OS accounts (e.g.,
Windows accounts or UNIX users defined in /etc/passwd or NIS/+)
!
Anonymous – Standard FTP unprivileged access with no credentials
!
Virtual – User who can ONLY authenticate to SecureTransport. Creating
virtual user accounts has several advantages in a secure environment:
- No account on the system where the SecureTransport Server runs. The
virtual
user’s
permissions
ONLY
authenticate
the
user
to
the
A state government in the US
Northwest, a leader in electronic
government services initiatives, is using
SecureTransport to streamline the
secure collection and processing of
electronic payment files, state employee
records, and healthcare insurance
administration information. Managed by
the statewide IT organization, the service
is being rolled out to many departments
in the state government as a standard
infrastructure for secure data and
document delivery for high value and
highly sensitive applications.
A state government in the US South
has deployed SecureTransport to
streamline its benefits administration and
related data sharing for retired state
employees. Secure online exchange of
the benefits data between the agencies,
private sector, and the retired employees
allows them to improve the turnaround
time on inquiries, cut costs, and improve
customer satisfaction.
SecureTransport application. This prevents unauthorized access to the
system where SecureTransport resides or to other parts of your network.
- Virtual home directory, which restricts the virtual user to a small segment
of the file system. As with anonymous users, virtual users see their home
directory as the root of the file system (i.e., like UNIX chroot.)
For
example, if the virtual user’s home directory is /export/users/user1, after
authentication, the user simply sees "/" and can only access file system
space that is "below" their home directory.
A large county government in the US
is using SecureTransport as the
cornerstone of secure data delivery for
its health care administrative and
financial processes. Secure Internet
delivery of Protected Health Information
(PHI) with healthcare providers and other
insurers allows it to automate the
process for significant cost savings while
complying with HIPAA regulations.
SecureTransport virtual users can access shared directories. In general, most customers opt for virtual users
because of the significantly higher level of security they offer. SecureTransport can also limit users so that they
can only upload or download into certain directories and restrict which hosts they can access (using Access
Control Lists, for example.)
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
25
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Audit Trails and Tracking
Secure data and document delivery needs strong audit trails for tracking and proof management.
SecureTransport provides two levels of auditing: transfer logs available on the Standard and Enterprise Edition
servers and MDN receipts available only on the Enterprise Edition server.
Transfer logs capture all user sessions and file transfer information. Optional command logging can be turned
on to capture individual user commands.
Additional logs are maintained for SSL sessions, errors, and
administrative actions.
The Enterprise Edition provides an option for digitally signed audit records of all transfers using Messaging
Disposition Notification (MDN) receipts. These digital receipts capture all the relevant file transfer and status
data as well as non-repudiation information such as date/timestamp, data integrity check, and user credentials.
For tracking purposes, reports can be extracted based on user ID, disposition status, time period and other
parameters. These digital receipts are available only in the Enterprise Edition and are designed to provide not
only tracking and reporting, but also proof management required for non-repudiation of data delivery. Since
digitally signed records can not be altered without invalidating the signature (which is easily verified), they are
suitable as evidence based on accepted legal practices surrounding the use of business records in a court of law
or similar setting.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
26
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Automation and Application Integration
Client-side Automation
You can use the SecureTransport Client in “interactive” mode (see User Interfaces section II.A for more
information), or you can automate transactions to happen in “unattended” mode, at a future time or on a periodic
basis.
Scheduling
The SecureTransport Client for Windows has a scheduling user interface you can use to specify uploads and
downloads on a periodic or time-delayed basis. On other platforms, native schedulers or job managers can be
used to schedule file transfer activities (e.g. UNIX cron, MVS JCL)
Client-side Scripting
The SecureTransport Client on Windows, UNIX, AS/400 or MVS has a command-line interface you can
incorporate into scripts. The scripts can then be executed later, called from another application, or started by a
scheduling mechanism. SecureTransport does not restrict your choice of scripting languages; you can write your
scripts in any language supported by the platform.
Software Development Kit (SDK)
SecureTransport offers an optional client software development kit (SDK) that provides access to application
programming interfaces (APIs) for all the functions of the SecureTransport Client. You can use the SDK to
create your own custom SecureTransport client or integrate SecureTransport client functionality into software
distributed to the end-points of your extranet. The SDK is available for Java 1.2 and later.
In one case, a customer has used the SDK to integrate secure data transfer into their electronic funds transfer
(EFT) application to enable their clients to securely route the EFT transaction files. Another customer has used
the SDK to build a custom-branded client for their user community.
Server-side Active Agents
Active Agents provide server-side automation and enterprise application integration. Active Agents are scripts,
external programs or in-process java classes executed by the server when triggered by any of the thirty three
SecureTransport application events. Using these triggers, you can start custom processing on client connections
to the server, on file uploads and downloads, and on errors and exceptions. The following table shows specific
actions, which can trigger an Active Agent.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
27
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Agent Name
When Agent Runs
Login
When a user logs into the SecureTransport Server
Logout
When a user disconnects from the SecureTransport Server
Incoming
Start/End
Outgoing
Start/End
When files are being uploaded to the SecureTransport Server, at the start or at the
end of the upload
Cert
During the SSL negotiation if certificate verification is enabled
Auth
When the PASS(word) command is received from a client
Config
When the USER command is received from a client
FTP/HTTP
commands
When particular FTP or HTTP commands are received from a client
When files are being downloaded from the SecureTransport Server, at the start or
the end of the download
Active Agents are used by Tumbleweed customers for a variety of customization needs. The following list shows
a sample of different uses of Active Agents:
! Extend the authentication framework to support Single Sign-on or enterprise authentication solutions
! Provide user notifications and operational alerts on user login, directory access or file transfer
! Transfer incoming data to a back-end application, repository or message queue for further processing
! Notify back-end systems of data arrival or user requests to retrieve data
! Watermark file requested for download with user-specific marking for auditing or tracing of external
distributions
! Perform local data management and archival on the server
Transaction Manager
The Transaction Manager server available in the Enterprise Edition provides a flexible and scalable way of
defining and triggering Active Agents, based on attributes of events that occur as files traverse through
SecureTransport. The Transaction Manager adds greater flexibility and more powerful execution environment to
the Active Agent capability available in the Secure Transport Standard Edition server. It provides the following
key benefits:
! Ease of development of agents to extend SecureTransport using a rule based paradigm and a visual editor
! Flexible triggering mechanism that adds conditions and custom functions to core event model
! High performance agents that can be written in Java and run in Transaction Manager’s provided JVM
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
28
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
The Transaction Manager allows developers to define two kinds of agents:
! External Agents - External agents are server-side scripts or executables that run when rule conditions are
met. However, they are managed by the Transaction Manager and can be run as independent server
processes.
! In-Process Agents - In-process agents are Java classes or jar files that are executed when rule conditions
are met. The Transaction Manager manages them within its JVM.
Rules and rule packages are created in Transaction Manager using the built-in Rules Editor with the Web User
Interface shown in the screenshot below. Rule packages can be imported and exported for ease of deployment
across multiple servers, or staging from development to production environment.
Figure 8. SecureTransport Transaction Manager – Rule Packages
Rules in SecureTransport Transaction Manager are organized into rule packages. An individual rule can be
replicated in multiple packages. Rule packages can consist of a collection of rules that are applicable to a
business process. Rules are made up of conditions and actions as described below.
! Condition - A condition is a boolean expression that can contain a comparison operator or a condition
function. It defines events and event attributes.
! Action - An action is a set of agents that should be triggered if conditions are matched. The actions are
typically agents that are written in Java and allow in-process sharing of information between agent
invocations. Alternatively, out-of-process mechanisms can be integrated with agents written in scripting
languages such as Perl or Python; such actions are executed through a shell mechanism.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
29
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Figure 9. SecureTransport Transaction Manager - Rules Editor View
At runtime, the Transaction Manager receives events from the SecureTransport server. Depending on the event,
the Transaction Manager selects the rules, evaluates their conditions, and when a match is found, executes
defined actions within an embedded JVM or through an external process.
The diagram below illustrates
Transaction Manager flow.
Figure 10. SecureTransport Transaction Manager - Rule Evaluation and Execution
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
30
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Integrating Third Party Technologies with SecureTransport
SecureTransport is extensible at the client side via the SDK and at the server side via Active Agents, Data
Integration Suite, and Transaction Manager. So if you need to integrate with technology deployed in your
environment, you and Tumbleweed consulting can make it happen. This section shows common integration
rd
options for 3 party technologies.
LDAP and Microsoft Active Directory
SecureTransport can use user credential information stored in an LDAP (Lightweight Directory Access Protocol)
database or MS Active Directory for user authentication.
Single Sign-on
Single Sign-on products manage authentication of each user and provide their authentication credentials to
different systems and applications, so the user is only prompted and authenticated once. SecureTransport has
“hooks” that can be used to integrate with single sign-on systems (via PSO engagement.)
The first
implementation of Single Sign-on integration to SecureTransport was with IBM Tivoli Access Manager (also
known as IBM Policy Director/WebSeal.) Other popular Single Sign-on systems used with SecureTransport
include Netegrity SiteMinder, IBM WebSphere and Entrust GetAccess.
After authentication is complete, the Single Sign-on system stores the user's credentials in an encrypted form,
perhaps in a cookie or a database by process ID. When the authenticated person accesses an application on a
different Web server, or even in a different domain, the Single Sign-on system can use these stored credentials
instead of prompting the user for credentials again. Using a Single Sign-on system makes it much easier for the
user, and simplifies the administrative problem of user credential management.
Mail Systems
SecureTransport can create email-based notifications, which can be sent through any available SMTP server.
Sterling Commerce Connect:Direct
SecureTransport can interoperate with Sterling Connect:Direct product using file-level integration to receive and
forward files.
For stronger integration requirements customers can use mutual client-based invocation:
Connect:Direct command line utility can be invoked from SecureTransport agent, and SecureTransport
command line client can be called within a defined Connect:Direct job to provide bi-directional transfer of files.
ERP and EAI Systems
SecureTransport can interoperate with variety of EAI systems leveraging file system level integration. The Active
Agent “hooks” can also be used for integration with message buses like IBM MQ Series and JMS,
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
31
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Tumbleweed Products Integrated with SecureTransport
SecureTransport is part of the end-to-end electronic transaction security product line offered by Tumbleweed.
This section describes how SecureTransport interacts with other products available from Tumbleweed. More
information on these and all Tumbleweed products are available from your Tumbleweed sales representative or
at www.tumbleweed.com. Please see the back page of this document for additional contact information.
Tumbleweed Valicert Validation Authority
With SecureTransport release 3.0 and later, customers have the option of using Tumbleweed Valicert Validation
Authority to check users’ digital certificate credentials when logging in to SecureTransport.
SecureTransport
with Validation Authority can be used for simple certificate status check or full validation using Identrus rules.
Validation Authority provides high-performance, reliable, and scalable digital certificate validation, with all the
tools necessary to identify and validate certificates, and if necessary, to disable expired, revoked, or bogus
certificates Validation Authority provides validation regardless of the applications being used or the Certificate
Authority (CA) issuing the certificate. In addition to generic certificate validation, the Validation Authority can be
used in Identrus environments to validate the certificates using the specific rules defined by the Identrus
consortium of leading global banks.
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
32
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
Summary
The major advantage of Tumbleweed SecureTransport is that it is built with security in mind from the ground up.
Unlike many data center-oriented file transfer solutions designed to work within a closed enterprise, this solution
leverages a proven security infrastructure to provide the highest levels of performance and reliability with the
lowest total cost of ownership from initial deployment to large-scale rollouts. With SecureTransport, Internetfocused security, broad range of inexpensive access options and robust Internet-facing deployment
configurations are not an afterthought – these are the core attributes of SecureTransport product family.
Over 100 leading banks, insurers, enterprises, and government organizations and over 20,000 of their internal
and external users benefit from these key attributes of SecureTransport:
Security: ensures confidential, private transfer
!
!
!
!
!
SSL-based high performance transport encryption
Transparent repository encryption
LDAP, SSO, and PKI-based authentication
Wide range of authorization policies
Agent-based custom extensions for authentication and authorization
Low cost of ownership: ease-of-deployment
!
!
!
!
Inexpensive and easy-to-use client software
Web browser access and optional thin client
Broad range of clients for enterprise platforms
Firewall-enabled protocol implementation
Speed: increases information velocity via automation and application integration
! Client-side scheduling and SDK
! Event-driven Active Agents
! Rules-based Transaction Manager
Efficiency: eliminates need for paper proof
! Guaranteed delivery and data integrity
! Legal-grade audit trail through digitally signed MDN receipts
Cost: cuts hardware and shipping costs
! Can replace leased lines, crypto links, and courier use
! Eliminates per-MB costs of EDI VANs
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
33
SecureTransport Product Family Overview
A TUMBLEWEED WHITE PAPER
FOR MORE INFORMATION, PLEASE CALL 650.216.2121
Tumbleweed Communications Corp
© 2004 Tumbleweed Communications Corp. All rights reserved.
Tumbleweed is a registered trademark and Tumbleweed
700 Saginaw Drive
Redwood City, CA 94063
SecureTransport, SecureTransport Standard Edition,
SecureTransport Enterprise Edition and SecureTransport Partner
Edition are trademarks of Tumbleweed Communications Corp. All
other brand names are the trademarks of their respective owners.
Phone 650.216.2000
Fax 650.216.2001
www.tumbleweed.com
STFWP0304
[email protected]
Copyright 2004 Tumbleweed Communication Corp. All Rights Reserved.
34