Previous Topic

Next Topic

Book Contents

Book Index

FTP - Overview

The MOVEit FTP server provides both FTP over SSL and insecure (regular) FTP services. SSL client certificate support is also available with the click of a checkbox. FTP access is provided to the same underlying folder and file structure made available through MOVEit's SSH and Web Interface as well.

Be aware that although "SSL" and "FTP over SSL" are Internet standard protocols (RFC 2228, etc.), Secure FTP is not implemented by all FTP clients. Since, for your protection, MOVEit FTP insists that all communications with the client be encrypted, not all FTP clients will work with MOVEit FTP by default. See Client Support for a current list of compatible clients. (Any client which supports AUTH SSL, AUTH TLS, EXPLICIT, IMPLICIT or RFC 2228 will generally work.)

Insecure FTP

To enable insecure (regular) FTP on your MOVEit FTP server, you must use the MOVEit DMZ Config utility to explicitly turn this feature on. The main disadvantage of insecure FTP is that usernames, passwords and sensitive data are passed in the clear in this mode.

To mitigate risk, it is usually recommended that insecure FTP be opened to internal hosts only. Where this is not an option, it is recommended that files at least be encrypted before they are sent, even though the username and password will still be transported unprotected across the Internet. (It is usually much less work to configure and deploy a secure command-line FTP client, such as MOVEit Freely, than it is to deploy a system relying on client-based encryption, however.)

Notable Features

MOVEit FTP runs as a standalone application (not part of IIS). Some of its notable features are listed below.

Installation

MOVEit FTP is installed by the same setup program that installs MOVEit. The setup program offers the option to install MOVEit FTP as a service. The option is set by default.

Normally, you will install the program as a service. However, you can instead run the program manually by choosing the Start menu shortcut RunMOVEit DMZ FTPmanually after installation. In manual mode, MOVEit FTP displays a window containing two subwindows, one containing the status of the current connections and the other showing a scrolling list of messages.

MOVEit FTP's window is normally not displayed when it is running as a service. However, you can cause it to be displayed by changing the service to allow it to interact with the desktop. To do this on Windows 2003, choose Start / Settings / Control Panel / Administrative Tools / Services, and choose the MOVEit DMZ FTP service. Right-click and choose Properties. Choose the Log On tab. Choose Allow service to interact with desktop. You will have to stop and restart the service for this change to take effect.

Directory Structure

MOVEit FTP's directory structure is the same as that which is visible through the web interface, except for those users who have the "Chroot" option enabled for their default folder. Those users will only be able to see the files and folders in and below their default folder and will not be able to navigate to folders outside their default folder. See the User Settings - Default Folder section of the Web Interface - Users - Profile documentation page for more details.

The initial directory upon logon depends on the user type. End users and group admins will be placed in their default folder (usually their home folder), while administrators will be placed in the root folder.

User type

Initial directory

SysAdmin

/

Administrator

/

FileAdmin

/

GroupAdmin

The GroupAdmin's home directory or a designated default folder

User

The User's home directory or a designated default folder

TempUser

N/A (not allowed to sign on to FTP)

A "dir" command shows only the folders to which the user is permitted access, so not all users will get the same results from a "dir".

Disabling the FTP Service

To disable the MOVEit FTP service you may use the Microsoft Services control panel to mark the MOVEit DMZ FTP service as disabled. The MOVEit DMZ "Check" utility (usually run after installations and upgrades) will automatically be aware if you have disabled the FTP service and will not try to check it in that situation.