System Administration and MOVEit Transfer

This topic contains considerations for setting up a MOVEit Transfer system in your organization and network.

Most administration tasks for MOVEit Transfer can be performed from a web browser. Some system configuration tasks are performed with the Configuration Utility. Backup and restore activities are done with the Backup and Restore utility.

Admin and SysAdmin

When you install MOVEit Transfer, you set up a SysAdmin account and an Admin account.

The SysAdmin account can create a new organization, perform IP lockouts and changes, set up new users, and control settings for the system, schemes, and the organization. The account cannot upload or download files, read a user's files, or send/receive messages in any organization other than the System organization

The Admin account is used to perform daily administration, work with users, folders, and so on

For more information, see

• Permissions
• Organizations

Policies and Procedures

Consider the following when setting up policies and procedures for your organization:

Authentication Policies

• Passwords
  • What level of password strength to require?
  • How often are users required to change their passwords?
  • How to provide passwords to users (examples: fax/phone, emailed when the user is created).
  • Can users reset their own passwords? If so, is the user required to sign on with the old credentials first?
• Interfaces
  • What are your supported protocols? (FTP/SSL, FTP/SSH, HTTPS and/or AS2/AS3, non-secure FTP)
  • Are users who connect to port 80 HTTP automatically redirected to your secure web interface?
  • Do your interface options allow your clients to do ad-hoc and automated transfers?
• Shared Accounts
  • Are shared accounts allowed?
  • Can users of shared account view files that other users of the account have uploaded?
• Groups
  • Are users organized into groups?
  • Do you want to grant permissions by group or by user? Do you want to grant certain users permissions for specific folders, users, etc.?
• External Authentication - Will all users authenticate to the MOVEit Transfer local database, through a trusted LDAP or RADIUS server, or a combination?
• Naming Conventions
  • How are usernames formed? Examples: first initial last name, employee numbers, company name, etc.
  • Should full names contain the names of key people and/or their organizational role or just a company role?
  • Are there different conventions for internal/external users?
• Lockouts and Expiration
  • How many incorrect tries before that user is locked out?
  • How many tries for a particular IP address get before that IP is locked out?
  • How long can a user delay a requested password change before the account is disabled?
  • How long to keep accounts that have not been used, or have passed their contract date?
• Allowed Hosts and IPs
  • The MOVEit Transfer default IP access policy allows end users to connect from anywhere but allows administrators to connect only from an internal private network. Is this restrictive enough? Are there exceptions?
  • Do you want to specify a list/range of IP addresses and hostnames for each user instead?
• Client Certificates/Keys
  • If you are using client certificates, what Certificate Authority(ies) will you use?
  • Do you need two factor authentication or is using one cert/key sufficient?
• Automated Users

  Most sites set up a FileAdmin user for their MOVEit Automation file transfer automation tool. Your end users or other internal processes can also be automated.

  • Do you want these types of users to be exempt from periodic password changes?
  • Do you want these users to be further restricted by IP address, client cert/key, or interface? (Doing so mitigates the risk of a username or password being compromised)

Folder Policies

• Structure -
  • Do you want users to each have their own tree of folders in their home folder or do you want a shared folder structure?
  • Do you want user home folders be in one top-level folder, or in multiple folders?
  • Do you want to lock users to a single folder and limit the number of items on the interface to keep them from making any mistakes?
  • How do you want to name the main shared folder?
• Permissions
  • What level of access do users have on their home folders, on other folders, and by default?
  • Do you want upload quotas or filename restrictions?
  • Can home folders be shared?
• Clean Up/Notification
  • How often to automatically delete old files and folders?
  • When and how to send notifications about file uploads and downloads success, failure, or on deadline?
• Naming Conventions
  • How to name a user's home folder: usernames, full names, or user IDs (unique ID generated by MOVEit Transfer)?
  • How to name MOVEit Transfer folder trees: internal names, or to reflect specific customer needs?
  • How to name folders and files to accommodate automated tasks.

Ad Hoc Transfer Policies

• You must have a valid Ad Hoc Transfer license (using the MOVEit Transfer Config utility) and you must have enabled Ad Hoc transfer .
• Address Book Contacts and Unregistered Recipients -
  • Who should be able to talk to whom?
  • Do you want any user to contact any other user, including unregistered users, or do you want to control Ad Hoc Transfer relationships?
  • Who should be able to create and send packages to unregistered recipients immediately as needed?
• Unregistered Recipients and Senders - When unregistered recipients sign in, and when unregistered senders self-register:
  • Do you want to treat them as per-package guest users, or should they be registered as temporary users for a limited amount of time?
  • Are there any domains in which you want to prevent MOVEit Transfer from creating temporary users, such as your own or a free mail service)?
  • How long will temporary users remain before they are automatically purged?
• Secure Note transfer vs. Email Note, per package sender option, and related options
  • Do you want all content exchange to be part of secure transfers, including files and every note that senders compose when creating MOVEit Ad Hoc Transfer packages? Or do you want to provide notification similar to Outlook emails, with only the attached/uploaded files being sent exclusively by MOVEit)?
  • Do you want to offer both types of operations by offering senders a per package choice?
  • For packages sent from the Web interface and Mobile, do want to add security for the packages' Senders and Subjects? (These settings do not affect packages sent from the Outlook Plug-in.)
• Permissions -
  • Do you want attachment quotas?
  • Do you want filename restrictions?
• Retention -
  • How long to keep packages online?
  • Delete or archive packages after that time?

Appearance

• Banner and Scheme -
  • Do you want a banner logo and scheme to match the colors and fonts of your corporate site?
  • What logo will you use for the mobile app and web?
• Display Profiles -
  • Which parts of the web interface do you want to be visible to users before and after they sign on?
  • Can users change the interfaces language before sign on, during sign on, or after sign on?
• International Languages - What is the default language for the organization?
• Notifications -
  • How much information (username, fileID, file names, etc.) is sent in clear-text email notifications?
  • Who should appear as the sender?
  • Do you want to make changes to any notification templates?
  • Do your users prefer HTML notifications or text notifications?
• Sign On Banners,
  • What appears on the sign-on page to users before a user signs on?
  • What information is on the home page announcement?
  • What is the first status message that appears after a user signs on?

Logging and Reporting

• Filtering Logs
  • Can you find what you want in the audit logs?
  • Can you determine the cause of the following common problems by looking in audit logs? User could not sign on. File could not be uploaded, downloaded, etc. Folder or user could not be created, deleted, etc.
  • Do you know how to select columns, sort and hide/show sign-on and notification entries?
• Reports
  • What reports will you use regularly? Do you want to schedule them?
  • Do you expect to perform further processing on CSV or XML formatted reports?
  • Do you want to alter the template used for HTML reports?
• Retention - How long to keep audit records? After this time, delete or archive the records?

Real World Administration

• People
  • Who are the main administrators of each MOVEit Transfer organization?
  • Who is in charge of the firewall?
  • Can any administrative tasks be delegated through GroupAdmins or using feature, such as allowing users to reset own password?
• Automation
  • Are you using the automated features of MOVEit Transfer? (such as old file/folder cleanup, notification, and report creation)
  • If you own a companion MOVEit Automation server, is it automating all file transfers?
  • Have you automated your end user and internal transfers?
• Disaster Recovery
  • How are you backing up your server?
  • Do you have the necessary MOVEit Transfer licenses or your backup servers?
  • Is the backup procedure automated and tested?
  • Does your main site need active-active failover?
• End User Documentation
  • Do your end users know how to connect to you and where to go to upload/download files? (Or use secure messaging, as applicable.) (See Advanced Topics - User Forms.)
  • Do end users know how to ask for help? Is there additional documentation you could post online to help? (See the MOVEit Transfer Tech Support link/page and Custom Help Link feature help here.)
• Administrative Documentation
  • Is your configuration documented and explainable? (You can use the DMZBackup utility to make a backup of the current configuration.) Do you know how to pull/schedule the reports that fulfill your audit requirements? Your billing requirements? Other business requirements?

Other Tasks

Use groups to organize the way users access files and folders.

Set up strong password requirements. For more information, see Settings and Folder pages.

Ongoing Maintenance

Use the logs pages to monitor activity and troubleshoot.