Documentation

Transcription

Documentation

www.action-soft.com
Action Soft
30, rue de Gramont
75002 Paris - France
Tél. : 33 (0) 1 53 45 44 55
Fax : 33 (0) 1 53 45 44 44
Mail : [email protected]
Objectives
Supervisor
for
data
multi-platform servers
exchange
between
With an increasing amount of servers being used and the
constantly growing necessity for them to communicate, data
exchange between internal and external systems is multiplying
all the time.
The use of data exchange solution is today a necessity to
enable the exchange of valuable and sensitive data in a secure
and reliable manner.
XcMon is a data exchange supervisor specially designed to
manage multiple data transfers between multiple servers.
XcMon offers two large functions :
File Transfer : XcMon manages FTP / FTPS protocols
and supplies the necessary functions to secure and
automate these protocols.
Message Exchange : XcMon provide the exchange of
messages allowing for automatic actions between
servers.
2
System Transparency
Identical functions and interfaces for
all operating systems

Windows (95/98/2K/NT/XP),

Unix (AIX, HP-UX, SCO, SOLARIS ..),

Novell Netware (from Netware 5.1),

IBM iSeries (OS400),

IBM zSeries (OS390 - ZoS and Linux for ZoS),

BULL (Mainframe GCOS),
with the same functions, the same command syntax
and the same interfaces :

Batch command mode (Script, jcl ...)

Operator mode

API (user program interface)
XcMon can also communicate with Foreign systems (that don’t have a XcMon monitor).
XcMon also has an optional graphical module, XcWop, which enables the centralized setup,
management and administration of all the connected XcMon monitors with an identical
display no matter what the system.
3
Architecture
Three simultaneous architectures of file transfers :
Peer-to-peer mode : XcMon to XcMon link – all functions available.
Foreign mode
: XcMon to any system with only a standard FTP / FTPS server.
Client/server mode : The XcLft FTP client is initiator of transfer under control of one XcMon monitor.
4
Three modes
‘Peer to Peer’ mode
‘Foreign’ mode
‘ Client-Server’ mode
XcMon initiator
Xcmon recipient
Negociation before all transfers
Compression/encryption with FTP
SSL/TLS encryption
High level of security
XcMon initiator
Passive Foreign recipient
Direct connexion with FTP server
SSL/TLS encryption
Full management from initiator
No installation on foreign server
Client initiator
Control of XcMon server
Usage of client without licence
SSL/TLS encryption
No FTP parameter needed for client
No permanent program
Sample installation and no configuration
5
Architecture and Implementation
XcMon
communicates with
all systems or
installations that
possess any type of
FTP/FTPS server
6
The monitor
Activation and Management of file transfers and message exchanges
Asynchronous storing of commands no loss of commands
Persistence of commands in all circumstances, commands are resumed or relaunched
7
File Transfer Process
Automatic management of FTP/FTPS file transfers in send or receive mode.
Activation and secure management of transfer queries.
During a file transfer, XcMon can act as the initiator or recipient of the exchange :
The initiator is the XcMon monitor that will trigger the exchange. After negotiation with the recipient
monitor, it activates a FTP client to carry out the transfer with the remote FTP server.
The initiator monitor manages and supervises the whole exchange process.
The recipient is the XcMon monitor which will undergo the exchange.
In the negotiation stage,
the recipient supplies the
initiator, after validation,
with
the
elements
necessary for the transfer
(FTP user, file name,
miscellaneous parameters,
etc.).
There is no direct link
between
the
recipient
monitor and the FTP
server.
8
File Transfer Protocol
XcMon is specialy designed for the management of FTP and FTPS (SSL/TLS) protocols.
The choice of the protocol is executed according to the protocol used by the FTP or FTPS
remote server used by the recipient of the data exchange
FTP protocol
XcMon is compliant with FTP specification according to RFC-959.
XcMon improve the FTP security with strong functions for recipients control, FTP login
management and an integrated encryption feature (PKI).
FTPS (SSL/TLS) protocol
FTPS use TLSv1 (Transport Layer Security Protocol) from SSLv3 (Secure Socket Layer).
XcMon is compliant with TLSv1 using RFC-2246 and RFC-2228 defined in draft Murray.
Strong authentification with X509v3 certificat support :
Authentification of server by XcMon client .
Authentification of XcMon client on request from server.
SSL encryption :
Total encryption of session and data .
Possibility to encrypt only the session commands.
Algorithms : asymetric RSA, DH and symetric AES, DES, 3DES, IDEA, RC2, RC4.
9
File transfer queries
Submission of queries in batch command mode, via API or
interactively with the same syntax, no matter what the system.
Strict control of access rights and logins/passwords carried out through negotiation
between partner monitors.
Transparency of protocol FTP or FTPS.
Data Compression / data encryption : FTP (AES) and FTPS (SSL/TLS)
Configurable multi parallel transfers : For each transfer, a FTP client is activated either
immediately or in deferred time according to the configured parallel parameters.
Schedule : Absolute Schedule (date/time) or relative Schedule (+ssss seconds)
Guaranty delivery by automatic and persistent retries according to the codes returned by
FTP / FTPS protocol.
Automatic triggering of user processes or XcMon commands configurable for normal or
abnormal transfer termination on each system (initiator and recipient).
On normal transfer termination, the local file (send) or remote file (receive) can be
automatically deleted or renamed.
Automatic control of the files size in order to refuse or defer high volume transfers.
Management of recipients lists for transfers with multiple recipients.
Management of file groups using automatic directory scanning (local or remote).
Catalog and history files are updated by both XcMon monitors involved in the exchange.
10
Security and Access Rights
Security :
The configuration of a monitor never contains the users/passwords used to access the
remote recipient FTP server.
The user/password is always supplied by the XcMon recipient in an encrypted format.
A specific user/password can be used for each recipient.
Symbolic users can be used to control access to recipients.
Symbolic file names can be used to manage the real names of files.
The configuration of monitors can be automatically deleted after being taken into account.
Access rights :
Communication between two XcMon monitors is subject to access verification carried out by
each monitor involved in the exchange :
This verification can be general (for all users of a monitor) or strict (for specific users of a
monitor) by associating the recipient name with the names of XcMon users defined in the
transfer commands.
File access verification is subject to FTP access rules specific to each operating system.
XcMon supports the management of virtual directories (alias).
11
Data Compression & Encryption
Compression and encryption for FTP witout SSL
XcMon manage automaticaly temporary spaces to execute these functions.
Compression :

Data compression allows a significant reduction of the volume of data transferred.

The compression technique used by XcMon is equivalent to ZIP compression (compression by dictionary).
Encryption :

Data encryption ensures a high level of confidentiality.

XcMon has an integrated PKI system (Public Key Infrastructure), allowing each monitor to possess a
public key and private key (RSA type).

Data encryption is carried out using a symmetric key (AES-RIJNDAEL algorithm) generated for each
transfer (128, 192 or 256 bits according to configuration).

The symmetric key is itself encrypted using the public key of the recipient.

Only the recipient, using its private key, can decrypt the symmetric key in order to decrypt the data.
12
Sending Messages
Message exchanges management for automatic actions between servers.
A Send Message query can be submitted in batch command mode, using API or interactively (local text
operator or graphical operator).
Transmission of messages is carried out using logical structures called “Message Queues”.
A user process may be associated with each defined message queue, to be activated each time a
message is received. Parameters can be automatically applied to the activated processes with all or part
of the received message.
Catalog and history files are updated by both XcMon monitors involved in the exchange.
Message exchanges are very
simpleand very useful for the
automation of procedures.
There are multiple examples of their
use :
Synchronization of processes on
different systems.
Automatic execution of
commands on remote systems.
Automatically sending events or
notices to other applications
(e.g. Job scheduler).
Event logging.
...
13
Backup Function
Automatic management of backup addresses
With the backup function, if there is a system or network failure, recipients can be reached
using a backup address without any modification of the setup file being necessary.
The changeover is carried out automatically for each upcoming transfer and therefore the
main address is reused automatically as soon as the main system is once again operational.
The backup function can be activated :
Automatically : If the monitor’s recipient isn’t accessible, and if a file or message is
being transferred to it, connection retries are made alternating between the main
address and the backup address.
Manually : The changeover to the backup address can be forced with an
administration command.
14
Remote Network Access
Full automation of modem connections.
An XcMon monitor can establish a link with one or several of its recipients (XcMon or Foreign)
using the “Remote Access System” function, which makes connections via modem
completely automatic.
The remote access system (RAS) function allows a XcMon monitor to establish connections
with different networks (notably the Internet) and can be used for exchanges between
isolated stations (e.g. terminal using the circuit switched network) and the company’s local
area network.
Connection to or disconnection from the remote server can be forced at any time using an
administration command.
This command can be very useful for establishing or closing sessions with recipients at agreed
times and thus setting up “rendezvous”.
15
Specific Functions
IBM OS/390
Job activation and spool retrieval
The file transfer command can be used to communicate with the JES2 job manager
in order to send and activate a JCL as well as for spool retrieval on a OS/390
system. This can be done from a XcMon monitor installed on any other system.
This function avoids the use of a 3270 emulator and connection to TSO.
Economizes the resources used on the OS/390 system.
IBM OS/390 & OS/400
Conversion tables
Character set conversion tables (EBCDIC / ASCII and ASCII / EBCDIC) can be
defined for operating systems using the EBCDIC character set (IBM OS/390 and
IBM OS/400).
Depending on the country, and to guarantee data integrity, specific default (or
forced) conversion tables can be used in each transfer command.
16
XcMessenger
XcMessenger : immediat survey of exchanges
XcMessenger allows the centralization and display in a specific window of :
All or part of the user messages exchanged between different XcMon monitors.
Warning messages detected by one or several XcMon monitors (extracts from the log files).
XcMessenger is particularly useful for :
Visualizing in real time the arrival of messages in one or several specified message queues.
Centralizing the display of user messages originating from different systems (error messages, end of
file transfers, abnormal termination of applications, etc …).
Automatically centralizing error messages from the log files of a monitor’s recipients and the local
monitor itself.
17
XcWop
Supervisor of XcMon monitors
The Centralized Operator Station (XcWop) is an optional module of the XcMon
package that can be used from a standard Windows (95/98/2K/NT/XP) workstation.
Management and
administration of remote
XcMon monitors.
Running XcMon queries.
18
XcWop
Administration of monitors
The remote monitors are listed in the tree structure of the centralized operator
station.
The administrator is provided with commands that allow control of each monitor’s
status (active, inactive) and the visualization of the log files.
The administrator can shutdown and restart remote monitors, validate new setup
values, download and display monitor operation parameters.
19
XcWop
Configuration of monitors
The administrator can access the configuration of the defined XcMon monitors.
The setup file specifies the properties and the behavior of each monitor.
The configuration of a monitor is guided by specialized windows.
Each setup file can be :
Generated automatically,
Distributed to the remote systems,
Dynamically taken into account.
20
XcWop
Monitor Community
The community concept is used to group several XcMon monitors together.
This function is used to facilitate the task of running queries on the catalogs
and history files of not one monitor, but all monitors defined in the
community.
21
XcWop
Running queries
The queries folder contains tools enabling the user of the operator station to run any command available on
each declared XcMon monitor.
Transfer queries : Submitting or relaunching File Transfer and/or Send Message queries.
Catalog browsing : Displaying File Transfer and/or Message catalogs.
History management : Displaying / Exporting / Initializing File Transfer and/or Message history files.
Right
click
The administrator version of XcWop allows access to all functions.
The user version of XcWop only allows access to defining and running queries.
22
The economical context
Attractive pricing adapted to each user context
XcMon pricing is composed of the following elements :
The XcMon monitor
Pricing depending on the type of OS and the power of the system. For Windows and
UNIX, pricing depends on the number of processors. For other operating systems,
pricing depends on the system model.
The basic price includes a communication fee allowing for 5 recipients (XcMon type).
The Recipients
there is a supplementary communication fee for additional recipients. The pricing of
additional recipients is depending on the recipients type (XcMon, Foreign or XcLft
recipients).
XcWop option
Centralized Graphical Operator.
Administrator Version : Price depending on number of monitors to be
administered.
User Version
: For defining and running queries only. Unit price.
23
Our references
ABBEY NATIONAL France ACE DISTRIBUTION
ALCATEL AMCOR FLEXIBLES ATLAS COPCO ATOS
ORIGIN BACOU DALLOZ
BOUYGUES TELECOM
CARDIF CETI GENEVE CHU DE TOULOUSE CIBAMA
CLUST CONSEIL GÉNÉRAL DE LA SEINE MARITIME
CRÉDIT AGRICOLE CHARENTE MARITIME DEUX SÈVRES
CRÉDIT AGRICOLE CHARENTE PÉRIGORD CRÉDIT
AGRICOLE HAUTE NORMANDIE CRÉDIT AGRICOLE DE
L’OISE CRÉDIT AGRICOLE DU PAS DE CALAIS DCN
DIRECTION DES JOURNAUX OFFICIELS GARCZYNSKI ET
TRAPLOIR GFI GICAB ÉQUIPEMENT GIE COMETE
GROUPAMA KOBA LG GOLDSTAR WORLDWIDE
MGEN MERCK EUROLAB MORIN LOGISTIC OFFICE
WORLD MORIN ORION TRIDOME PORT
AUTONOME DU HAVRE REMY COINTREAU S.E.M.
SEMA GROUP OUTSOURCING TOP.ACHAT.COM
UNION SET …….

Over 200 users in France
International distribution via authorized dealers
24