Previous Topic

Next Topic

Book Contents

Book Index

Multi-homing

Multi-homing MOVEit Transfer implies a central environment is handling requests directed at distinct hosts or multiple IP addresses. In MOVEit Transfer, this can mean that a single MOVEit Transfer instance is serving requests addressed to one or more hostnames with their respective SSL certificates and branding.

Typical uses of multi-homing include:

For example, if a single site was asked to support both "moveit.example.com" and "safestore.contoso.com" for two different companies on the same MOVEit Transfer server, we would say that the MOVEit Transfer is multi-homing.

Multi-homing

multi_homing

1

MOVEit Transfer Clients

Mobile, desktop, and tablet end-users.

2

Hosted Sites (for example)

Bindings for two or more file transfer endpoints. Typical endpoints can vary in protocol and configuration, but each requires a distinct IP address binding and certificate.

3

Certificates

Certificates with bindings to the different hosted sites.

4

File Transfer Applications

Protocols provided by MOVEit Transfer.

5

File Transfer Server

MOVEit Transfer server running on premises or in the cloud. Multi-homing deployment configuration enables secure file access to clients independent of perceived branding, domain name, and protocol. The actual server would typically run on a rack server or as part of a cloud solution.

Multi-homing Configuration Elements

Elements by Service

To support multi-homing, several MOVEit Transfer configuration items must be adjusted. These items can be broken down by the service they are related to.

Elements by Configuration Utility

These items can also be broken down by the configuration utility that must be used to configure them.

Recommended Procedures

There are several ways to accomplish many of the tasks listed in the previous subsection, but the following procedures are recommended.

Requesting, obtaining and installing multiple SSL certs for different organizations

Windows Server 2008

For Windows Server 2008 and later, you need not create additional IIS websites. Instead, you may create multiple SSL certificates at the webserver level, and then assign them to bindings.

Creating and installing additional SSL certificates
  1. Run Internet Information Services (IIS) Manager.
  2. Choose the name of the server in the left pane.
  3. In the Features View, double-click on Server Certificates.
  4. Create a certificate request by choosing Create Certificate Request... in the right pane. After submitting the certificate request and receiving the response from the Certificating Authority, come back and choose Complete Certificate Request. Alternatively, you can create a self-signed certificate, but this is not recommended because it will cause browser warning messages for your users.
Creating additional IIS bindings

Assign multiple IP addresses and SSL certificates to a single website, thus bypassing the complexity of creating multiple websites (available only Windows Server 2008 and later).

  1. Run Internet Information Services (IIS) Manager.
  2. Right-click the name of the website (usually moveitdmz) and choose Edit Bindings....
  3. Choose the https line and choose Edit....
  4. Change the IP address from All Unassigned to one of the configured IP addresses.
  5. Choose the appropriate SSL certificate.
  6. Choose OK.

For the second and subsequent organizations, repeat the above procedure in the Site Bindings dialog, but choose Add... to add bindings and SSL certificates for the remaining organizations.

How do I configure MOVEit Transfer to identify each IIS site as its own organization?

MOVEit supports the display of an organization’s branding based solely on the hostname provided in the base URL.

  1. Sign on as a SysAdmin.
  2. Go to the Orgs page and click the NAME of a specific organization to get into its Organization Profile.
  3. While viewing the Organization Profile, click the first edit link.
  4. Change the Base URL to match the hostname of the site. Include the https:// prefix. For example, if the hostname is support.moveitdmz.com, the Base URL should be https://support.moveitdmz.com.
  5. Save changes and repeat steps 3-5 for any remaining organizations.

How do I configure MOVEit Transfer to hand out different SSL certs on its FTP server for each organization?

The MOVEit Transfer FTP will offer the Default Certificate configured on the FTP Certs tab in the MOVEit Transfer Config utility (DMZConfig.exe) to all incoming FTP/SSL connections unless alternate certificates are configured in the Alternate Certificates window. Each Server IP value should match an IP address previously configured on an IIS site bearing an SSL certificate of the same name. (for example, If an IIS site for dmz.example.net is already listening for connections on IP address 10.1.1.2, add an alternate entry that will cause the FTP server to offer up the dmz.example.net certificate to connections coming in to IP address 10.1.1.2.)

How do I handle future upgrades?

MOVEit Transfer upgrades will handle or avoid all elements of the multi-homing process except for specific IIS setting changes made to sites other than the IIS site into which MOVEit Transfer was originally installed. Release notes will detail any IIS site setting changes made between MOVEit Transfer versions; consult our support department for specific instructions to make changes by hand.