|
|
|
|
|
In most situations MOVEit Automation version 4 or greater is required to perform AS2 or AS3 file transfers. (MOVEit Automation also supports AS1.) However, MOVEit Transfer version 4 or greater is also required to act as an AS2 server in these situations, and MOVEit Transfer (any version) a good choice for an AS3 server as well.
For more information about AS1, AS2 and AS3 and how MOVEit produces support these protocols, see the MOVEit Automation documentation.
MOVEit Transfer can accept and store AS2 messages and asynchronous AS2 MDNs that will be processed later (and often immediately) by MOVEit Automation. MOVEit Transfer, rather than MOVEit Automation, is used in the role of an AS2 server because MOVEit Transfer already serves the function of a secure, Internet-exposed HTTP(S) server and MOVEit Automation already has an interface to MOVEit Transfer.
No additional license is required to accept and store AS2 messages and asynchronous AS2 MDNs on MOVEit Transfer because this feature is only useful when a separate AS1, AS2 and AS3 license has been purchased for MOVEit Automation.
AS2 messages and asynchronous AS2 MDNs are uploaded and downloaded through HTTP(S) but are not part of the normal MOVEit Transfer file system. More specifically, all AS2 messages and AS2 MDNs will be found in special /AS/[partner-name] folders, created as needed (where [partner-name] is your partner's official trading name.) For example, if your partner John Smith sends you an AS2 message, it will be found in the /AS2/John Smith folder. Nonetheless, MOVEit Transfer administrators can view and delete AS2 message files through their usual web interface.
MOVEit Transfer receives AS2 messages and asynchronous AS2 MDNs though its built-in as2receiver.aspx component. When your AS2 trading partners ask for the URL they should use to post AS2 messages for you, you will need to give them a URL containing as2receiver.aspx and the name of your host. An example of such a URL is https://as2.moveitdmz.com/as2receiver.aspx.
The same URL value is also used when requesting AS2 asynchronous MDNs as an AS2 destination step in MOVEit Automation, but MOVEit Automation lets you specify a macro of [AS2ReceiverURL] (in the MDN URL field) and figures out the exact URL at run time (because each AS2 Host can be linked to a specific MOVEit Transfer Host).
AS2 messages are normally stored as files bearing a name of AS2Data. If you want different MOVEit Automation tasks to process different AS2 messages from the same partner, you may want to tag each type of AS2 message transmission separately so MOVEit Automation tasks can rapidly distinguish between them. The way to tag different types of AS2 transmissions is to include a ?Tag=[some-as2-filename] argument on the URLs you hand out to your partners. For example, a modified URL of https://as2.moveitdmz.com/as2receiver.aspx?Tag=Blue would force MOVEit Transfer to save AS2 messages from partners using that URL as files named Blue rather than AS2Data.
Asynchronous AS2 MDNs are stored as files bearing a name of MDN=[AS2-ID] where [AS2-ID] is the ID of the original AS2 message. An example of an AS2 MDN filename is:
MDN=373c55dc-f4b6-4c1b-81a1-e39f3a1c22d7@9b751ee7-d32e-4138-8124-1c107f2cd5d2.
Like AS2 messages, AS2 MDNs will be stored in folders named after the partners who sent them; MOVEit Automation automatically knows where to look (because it uses the values configured for partner name in its AS2 Host definitions).
If your MOVEit Transfer system hosts multiple Organizations and you want each to use its own store of AS2 messages and MDNs, you will also need to include an OrgID=[OrgID] tag (such as OrgID=8011) in the URLs you give to your partners and configure in your requests for asynchronous HTTP MDNs. For example, you would need to give partners URLs such as https://as2.moveitdmz.com/as2receiver.aspx?OrgID=8011 or https://as2.moveitdmz.com/as2receiver.aspx?Tag=Blue&OrgID=8011 and would need to configure a URL of [AS2ReceiverURL]?OrgID=8011 in your asynchronous HTTP MDN field if you wanted related AS2 messages and MDNs to go to a particular organization in a multi-organization configuration.
Both AS2 messages and asynchronous AS2 MDNs are deleted from MOVEit Transfer as soon as MOVEit Automation successfully decrypts and/or validates them, determines that they are unfit or gives up after (re)trying to deliver any requested MDNs. AS2 messages that have requested synchronous MDNs will also be automatically deleted from MOVEit Transfer folders if MOVEit Transfer cannot deliver their respective MDNs. Additional automated clean up rules can also be applied to AS2 folders and files using the usual folder settings web interface in MOVEit Transfer.
MOVEit Transfer can accept and store AS3 messages and AS3 MDNs that will be processed later by MOVEit Automation or any other AS3 client. MOVEit Transfer, rather than MOVEit Automation, is used in the role of an AS3 server because MOVEit Transfer already serves the function of a secure, Internet-exposed FTP(S) server.
No additional license is required to accept and store AS3 messages and AS3 MDNs on MOVEit Transfer because, according to the AS3 specification, any FTP server can function as an AS3 server. (That is, if you have licensed a MOVEit Transfer server, you already have an AS3 server.)
AS3 messages and AS3 MDNs are uploaded and downloaded through FTP, so they are part of the normal MOVEit Transfer file system. More specifically, all AS3 messages and AS3 MDNs will be found in the /Home/... or /Distribution/... folders and are otherwise treated as normal files.
The MDN response files returned to AS3 file senders and used for non-repudiation can be signed, but are never encrypted. To protect these files from tampering or unauthorized view, MOVEit Transfer includes built-in FIPS-validated encryption and cryptographic file integrity checks while at rest and in transit.
The FTP protocol can be difficult to implement across firewalls and NAT when SSL is introduced. MOVEit Transfer includes comprehensive, remote-readable protocol logs and features that handle most FTP over SSL or NAT configurations. To avoid FTP firewall problems, MOVEit Transfer uses a configuration of limited passive server port ranges, explicit configurations of NAT, and Clear Command Channel (CCC).
The auditing facility in MOVEit Transfer can be used to help complete AS3 non-repudiation chains. In order for both sides in an AS3 exchange to agree that both parties have the same file, both sides must possess the same MDN. However, if the MDN is downloaded by the original file sender but there is a later dispute about whether this action took place, MOVEit Transfer tamper-evident audit logs can be used to show that the original file sender's MDN was made available and downloaded at a specific time by a specific user connected from a specific IP address.