Comparison of FTP and Signiant

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Comparison of FTP and Signiant"

Transcription

1 Comparison of FTP and Signiant An In depth Comparison of FTP with Methodologies from Signiant Ian Hamilton, CTO, Signiant

2 Abstract FTP (File Transfer Protocol) is used to perform file transfers over Internet Protocol (IP) networks such as the public Internet and corporate intranets. FTP is widely deployed and is widely accepted as a file transfer solution. However, are there downsides to using FTP for file transfers? This paper compares FTP with file transfer methodologies of Signiant s software applications and identifies the shortcomings of FTP that Signiant was designed to overcome. FTP FTP, as a term, is often used in multiple ways. As such, it is important to distinguish between FTP as a network protocol and FTP client and server implementations. File Transfer Protocol The FTP protocol is a set of formal rules that specify how to transmit files and file system related information between two computer systems. FTP is a client server protocol. The FTP client initiates a connection to an FTP server and can issue requests to STORE or RETRIEVE individual files. The base protocol also supports file system listing and manipulation commands and simple user authentication. The protocol provides mechanisms to specify data types and file structures with the assumption that two incompatible systems can provide conversion between data representations and storage formats. In practice, translation features are only for text conversion (e.g. EBCDIC 1 to ASCII 2 conversions). FTP Clients and Servers The FTP applications that most computer users are familiar with are interactive computer programs that implement the client portion of the FTP protocol. Users interact with the FTP client using a command line or graphical user interface. Many FTP clients support operations that are not part of the FTP protocol but rather are implemented by executing multiple FTP primitives in sequence for user convenience. FTP servers are usually deployed on back office server infrastructure; however, FTP servers can also run on desktop and notebook computers. An FTP server typically has no user interface and runs as a background service or daemon 3. Some FTP server implementations support graphical management and monitoring interfaces. An FTP client connects to the FTP server and usually provides, via the FTP protocol, a username and password for authentication. Most FTP servers support an anonymous mode of operation that allows clients to access a portion of the file system after a user supplies an address instead of a password. Anonymous FTP is not a function of the protocol or the client, but rather a local implementation feature of the server. 2

3 FTP SECURITY EXTENSIONS Security extensions for the FTP protocol were proposed in the late 1990 s to promote secure file exchange. These security extensions support strong authentication, data integrity, and confidentiality. However, the extensions only specify how the security messages are conveyed in the FTP control protocol and don t specify the actual security mechanisms used to implement authentication, message privacy, and integrity. As a result, FTP security extensions are not widely implemented and, when security extensions are implemented, systems are often incompatible. Many organizations that use FTP for secure data exchange use a third party tool to encrypt files before and decrypt the files after transfer. This process provides some confidentiality and integrity; however, securely transferring files then involves multiple manual steps or the use of homegrown scripts to automate the process. Further, if it is necessary to implement tasks such as key distribution after transfers have taken place, the security utilities then require a management infrastructure of their own, adding more complexity to the overall solution. Another factor to consider is that encrypting files does not address FTP authentication issues. A common approach to addressing the authentication void is to use a semi secure host in a demilitarized zone (DMZ 4 ) to relay messages. This further complicates the end to end data transfer process and does not solve the authentication problem but rather reduces the impact of security breaches. DMZ FTP relays are a poor solution at best. FTP AND FIREWALLS The FTP control protocol establishes a separate TCP 5 (Transport Control Protocol) connection for each file transferred. A new TCP port number, in the dynamic (or short lived) port range, is chosen for each new connection and firewalls must be application aware to manage FTP traffic. That is, the firewall must interpret the FTP protocol to determine which TCP ports are being used and dynamically alter the firewall rules. Low end firewalls and filtering routers cannot put adequate controls on FTP traffic. FTP PERFORMANCE The FTP protocol transfers each file over a new TCP connection. Not only does this introduce connection setup overhead for each file, but in high latency environments, additional round trip delays are introduced. When large numbers of files are transferred, the per file setup overhead can significantly reduce overall throughput. TCP PERFORMANCE Because FTP relies on the TCP protocol for basic data transfer, it is impacted by the throughput limitations of TCP in high latency environments. The TCP protocol provides reliability on top of IP by sending acknowledgements for data in the reverse direction to the data flow. When data is not acknowledged within a timeout window, it is retransmitted. TCP is a Sliding Window Protocol which means that only so much unacknowledged data can be sent before an acknowledgement is received 3

4 from the receiving end. When an acknowledgement is received, the window is advanced and more data can be sent. TCP attempts to scale the window size to match the time it takes for packets to make a round trip on the network, however, there is a limit to the TCP window size and the higher the latency and bandwidth of the network becomes, the worse TCP performs. As the bandwidth and latency of the network grow, the TCP window is exhausted, resulting in a stop / start behavior. Typically, if the bandwidth latency product (bandwidth in bits/second multiplied by latency in seconds) of the network is greater than 256 Kbits, throughput is impacted. TCP is a stream oriented protocol that only acknowledges how many bytes into the stream the target has received. The TCP retransmission scheme always retransmits the stream in full from the last acknowledged byte when data is lost. As such, loss of a single packet can result in resending the entire send window, including data after the lost packet that may have been received by the target. The TCP flow control mechanism determines the rate that data is placed on the network. The TCP flow control mechanism attempts to measure the capacity of the network by looking for dropped packets on the network. The assumption being that, when a packet is lost, the capacity of the network has been exceeded. The TCP flow control mechanism uses an additive increase and multiplicative decrease scheme, where the rate is increased linearly until packet loss occurs at which point the send rate is cut by a factor of the overall send rate. This result is greater fairness between multiple TCP streams competing for resources on the network, but also impacts overall throughput rather dramatically. Further, when there is inherent loss on the network (e.g. the public Internet), throughput can be extremely poor. SIGNIANT SOFTWARE and DESIGN APPROACH While FTP was designed for simple interactive file exchange, Signiant software was designed to address all of the requirements of inter and intra enterprise, automated and interactive managed file movement. File transfer is one of the basic capabilities of Signiant software; however, the Signiant solution encompasses much additional functionality. To build comparable solutions with FTP would require extensive in house development including third party software integration to address the following Signiant capabilities: Central management including: o Fault Management o Configuration Management o Accounting, and o Performance Management Security including: o Authentication o Authorization o Data Integrity o Data Confidentiality o Non Repudiation (Certified Delivery) 4

5 Application integration and workflow automation Enhanced file transfer features including: o File metadata management o Incremental Transfer o Mirroring o Versioning o Multipoint transfer o Advance file selection criteria o Atomic transfer and rollback Notification Firewall issues, and Reliability and redundancy Even when in house development is undertaken, the resulting solutions are typically: Inflexible, Difficult to scale, and Expensive to maintain. Further, these solutions still have all of the inherent performance limitations of the FTP protocol and a TCP based transport. MANAGED PEER TO PEER FLEXIBILITY AND SCALABILITY The Signiant solution was fundamentally designed to be easy to manage in large networks and to run unattended without human intervention. To accomplish these objectives, a managed peer to peer model was implemented instead of a client server model. Rather than installing client and server binaries on each host computer system, Signiant installs a single agent that incorporates both server and client functionality. A central manager administers the distribution of business rules, including file transfer control and application integration information, to agents that, in turn, establish direct connection to other agents to exchange data. Users of the system can create new rules (in the form of job templates) that specify how data is moved and various application interaction points. Users can also use predefined job templates provided within the system for simple tasks such as hot folder transfer and person to person transfers. Jobs are created by binding a job template to input parameters (e.g. the source and target agent). Jobs can be run on a scheduled basis or in response to an external event. All job templates and jobs can be viewed, managed, and tracked from the multi user web based management console. 5

6 Signiant also supports interactive, accelerated, secure file transfers to web based users, with no requirement for pre installed software. A web plug in that implements the client portion of the Signiant protocol can be dynamically downloaded and used as part of any web experience. The advantage of this model is that it is much easier to scale and maintain than a traditional clientserver model. To automate a data transfer process using FTP, rules must be embedded in individual automation scripts that reside within each FTP client or server. INTEGRATED SECURITY Security is built into Signiant technology. Each agent installation automatically generates, at install time, the public key security credentials necessary to mutually authenticate with other agents and guarantee the privacy and integrity of data. Signiant uses standards based public and private key cryptographic techniques. Signiant operates a Certificate Authority (CA) and an on line Registration Authority (RA) that interacts with the agent installer to process the agent s Certificate Signing Request (CSR) and creates the agent certificate. Signiant manages Certificate Revocation Lists (CRLs) and automatic certificate renewal. Signiant can also optionally work with third party certificate authorities. In contrast, third party security products, with their own associated support infrastructure, are required to provide message security for FTP based transfers. Further, FTP authentication mechanisms are weak and managing user IDs and passwords used by FTP scripts is labor intensive and insecure. FIREWALL FRIENDLY Signiant uses a single port for all control and data transfer traffic. This approach simplifies firewall identification and classification of Signiant traffic. The relay feature of Signiant s technology can be enabled to minimize firewall rule administration. By configuring an agent as a relay inside and outside your firewall, you can establish secure connections to any Signiant agent inside or outside your corporate network with a single address port pair firewall rule. The relay capability also allows you to build transfer rules that take advantage of redundant or parallel Internet connections. Tunneling can also be used to establish transport layer connections in the opposite direction to data transfer. Signiant can even use the FTP protocol to transfer files to locations that have an FTP server and no Signiant Agent. PEFORMANCE The Signiant protocol has been optimized at both the application and transport layer to minimize the impact of network latency. Using techniques like selective acknowledgement, dynamic windows scaling, differential loss monitoring, intelligent rate management and other proprietary patent pending techniques, Signiant maximizes the use of the available bandwidth. Signiant eliminates round trip delays in the application level protocol by pipelining application layer acknowledgements. 6

7 Signiant is also optimized to work with Network Attached Storage (NAS) and minimizes Common Internet File System (CIFS) or Network File System (NFS) operations when writing files to NAS. Signiant can perform hundreds of time faster than FTP transfers over high latency networks when transferring both large numbers of small files and small numbers of large files. BANDWIDTH MANAGEMENT Signiant provides advanced bandwidth management capabilities that assist in ensuring that network resources are allocated to the highest priority business activities first before lower priority business activities are addressed. REPORTING AND LOGGING Signiant logs all data transfer activity and provides a simple browser based user interface for building reports for performance management, compliance and billing. Some FTP implementations provide limited server side logging of file transfer activity but central collection and reporting capabilities must be custom coded. CONCLUSION While FTP is a commonly used tool for simple interactive file transfer within an enterprise, it lacks essential management, security, acceleration, and process automation capabilities necessary to support secure automated system to system data transfer. Signiant was designed from its inception to handle secure, automated, and reliable system to system data transfer. The peer to peer communications model, with centralized management of data transfer business rules, is ideal for building cost effective, highly scalable, and easy to deploy solutions that address data movement requirements of all sizes and complexities. About the Author Ian Hamilton, Chief Technology Officer, Signiant Ian Hamilton is Signiant's CTO and Vice President of Development. Ian has been an innovator and entrepreneur in Internet and system software for over 20 years. About Signiant Founded in 2000, Signiant ( is the digital media supply chain company that telco, media and entertainment executives rely on to manage the movement of media to the right place at the right time. With its open software platform that unites best in class management, acceleration, automation and security technologies, Signiant ensures that some of the world s most recognized brands are able to deliver their digital assets and drive new revenue models. Signiant is headquartered in Burlington, MA with development facilities in Ottawa, Ontario, Canada and offices in New York, Los Angeles and Manchester, UK. Read the Signiant blog at 7

8 Footnotes: 1 EBCDIC Extended Binary Coded Decimal Interchange Code (EBCDIC) is an 8 bit character encoding (code page) used on IBM mainframe operating systems such as z/os, OS/390, VM and VSE, as well as IBM minicomputer operating systems such as OS/400 and i5/os. It is also employed on various non IBM platforms such as Fujitsu Siemens' BS2000/OSD, HP MPE/iX, and Unisys MCP. 2 ASCII is the acronym for the American Standard Code for Information Interchange. ASCII is a code for representing English characters as numbers, with each letter assigned a number from 0 to 127. For example, the ASCII code for uppercase M is 77. Most computers use ASCII codes to represent text, which makes it possible to transfer data from one computer to another. 3 Daemon In Unix and other computer multitasking operating systems, a daemon is a computer program that runs in the background, rather than under the direct control of a user; they are usually initiated as processes. 4 A DMZ is a network between the corporate intranet and the Internet that operates with a level of security between that of the corporate network and the Internet. 5 TCP is the connection oriented protocol built on top of Internet Protocol (IP). TCP adds reliable communication and flow control and provides full duplex, process to process connections. Each TCP stream is identified by a source and destination IP address/port pair. The ports identify the sending and receiving processes on the hosts identified by the sending and receiving addresses. Firewalls filter IP traffic using, among other things, port information. 8

SiteCelerate white paper

SiteCelerate white paper SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance

More information

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions 1. Q: What is the Network Data Tunnel? A: Network Data Tunnel (NDT) is a software-based solution that accelerates data transfer in point-to-point or point-to-multipoint network

More information

Steelcape Product Overview and Functional Description

Steelcape Product Overview and Functional Description Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session

More information

Media Exchange. Enterprise-class Software Lets Users Anywhere Move Large Media Files Fast and Securely. Powerfully Simple File Movement

Media Exchange. Enterprise-class Software Lets Users Anywhere Move Large Media Files Fast and Securely. Powerfully Simple File Movement Media Exchange TM Media Exchange TM Enterprise-class Software Lets Users Anywhere Move Large Media Files Fast and Securely. Powerfully Simple File Movement File Movement the Way You Want: Fast, Simple,

More information

Enterprise Software Lets Users Move Large Media Files Fast and Securely.

Enterprise Software Lets Users Move Large Media Files Fast and Securely. Enterprise Software Lets Users Move Large Media Files Fast and Securely. File Movement the Way You Want: Fast, Simple, Reliable and Secure As file sizes grow and distribution timeframes shrink, media professionals

More information

Media Shuttle. Secure, Subscription-based File Sharing Software for Any Size Enterprise or Workgroup. Powerfully Simple File Movement

Media Shuttle. Secure, Subscription-based File Sharing Software for Any Size Enterprise or Workgroup. Powerfully Simple File Movement Media Exchange TM Media Shuttle TM Secure, Subscription-based File Sharing Software for Any Size Enterprise or Workgroup. Powerfully Simple File Movement The Fastest, Easiest, Safest Way to Move Digital

More information

Network Security Topologies. Chapter 11

Network Security Topologies. Chapter 11 Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network

More information

Cloud-Delivered Software Lets Users Move Media Fast Without File Size Limits or Security Risks.

Cloud-Delivered Software Lets Users Move Media Fast Without File Size Limits or Security Risks. Media Exchange TM Cloud-Delivered Software Lets Users Move Media Fast Without File Size Limits or Security Risks. Featuring Extreme File Sharing Capabilities! Extreme File Sharing Made Easy Desktop Simple

More information

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics

More information

DMZ Gateways: Secret Weapons for Data Security

DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security EXECUTIVE

More information

Deployment Guide Microsoft IIS 7.0

Deployment Guide Microsoft IIS 7.0 Deployment Guide Microsoft IIS 7.0 DG_IIS_022012.1 TABLE OF CONTENTS 1 Introduction... 4 2 Deployment Guide Overview... 4 3 Deployment Guide Prerequisites... 4 4 Accessing the AX Series Load Balancer...

More information

How SafeVelocity Improves Network Transfer of Files

How SafeVelocity Improves Network Transfer of Files How SafeVelocity Improves Network Transfer of Files 1. Introduction... 1 2. Common Methods for Network Transfer of Files...2 3. Need for an Improved Network Transfer Solution... 2 4. SafeVelocity The Optimum

More information

Media Exchange really puts the power in the hands of our creative users, enabling them to collaborate globally regardless of location and file size.

Media Exchange really puts the power in the hands of our creative users, enabling them to collaborate globally regardless of location and file size. Media Exchange really puts the power in the hands of our creative users, enabling them to collaborate globally regardless of location and file size. Content Sharing Made Easy Media Exchange (MX) is a browser-based

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

Network Attached Storage. Jinfeng Yang Oct/19/2015

Network Attached Storage. Jinfeng Yang Oct/19/2015 Network Attached Storage Jinfeng Yang Oct/19/2015 Outline Part A 1. What is the Network Attached Storage (NAS)? 2. What are the applications of NAS? 3. The benefits of NAS. 4. NAS s performance (Reliability

More information

Product Brief. DC-Protect. Content based backup and recovery solution. By DATACENTERTECHNOLOGIES

Product Brief. DC-Protect. Content based backup and recovery solution. By DATACENTERTECHNOLOGIES Product Brief DC-Protect Content based backup and recovery solution By DATACENTERTECHNOLOGIES 2002 DATACENTERTECHNOLOGIES N.V. All rights reserved. This document contains information proprietary and confidential

More information

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé Internet Server FileXpress Internet Server Administrator s Guide Version 7.2.1 Version 7.2.2 Created on 29 May, 2014 2014 Attachmate Corporation and its licensors.

More information

Challenges of Sending Large Files Over Public Internet

Challenges of Sending Large Files Over Public Internet Challenges of Sending Large Files Over Public Internet CLICK TO EDIT MASTER TITLE STYLE JONATHAN SOLOMON SENIOR SALES & SYSTEM ENGINEER, ASPERA, INC. CLICK TO EDIT MASTER SUBTITLE STYLE OUTLINE Ø Setting

More information

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0 Configuration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-12-19 SWD-20141219132902639 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12...

More information

The Shortcut Guide To. Eliminating Insecure and Unreliable File Transfer Methods. Dan Sullivan

The Shortcut Guide To. Eliminating Insecure and Unreliable File Transfer Methods. Dan Sullivan tm The Shortcut Guide To Eliminating Insecure and Unreliable File Transfer Methods Ch apter 3: Selecting a File Transfer Solution: 7 Essential Requirements... 31 Di spelling a Few Misunderstandings About

More information

WAN Optimization, Web Cache, Explicit Proxy, and WCCP. FortiOS Handbook v3 for FortiOS 4.0 MR3

WAN Optimization, Web Cache, Explicit Proxy, and WCCP. FortiOS Handbook v3 for FortiOS 4.0 MR3 WAN Optimization, Web Cache, Explicit Proxy, and WCCP FortiOS Handbook v3 for FortiOS 4.0 MR3 FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP v3 13 January 2012 01-433-96996-20120113

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

HIGH-SPEED BRIDGE TO CLOUD STORAGE

HIGH-SPEED BRIDGE TO CLOUD STORAGE HIGH-SPEED BRIDGE TO CLOUD STORAGE Addressing throughput bottlenecks with Signiant s SkyDrop 2 The heart of the Internet is a pulsing movement of data circulating among billions of devices worldwide between

More information

Configuration Guide BES12. Version 12.2

Configuration Guide BES12. Version 12.2 Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining

More information

Configuration Guide BES12. Version 12.1

Configuration Guide BES12. Version 12.1 Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...

More information

Stateful Inspection Technology

Stateful Inspection Technology Stateful Inspection Technology Security Requirements TECH NOTE In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions

More information

OpenText Managed File Transfer (MFT) is an enterprise

OpenText Managed File Transfer (MFT) is an enterprise OpenText IX Secure MFT Simplified, accelerated, and managed enterprise file exchange OpenText Managed File Transfer (MFT) is an enterprise solution for managing the exchange of rich digital content inside

More information

DMZ Network Visibility with Wireshark June 15, 2010

DMZ Network Visibility with Wireshark June 15, 2010 DMZ Network Visibility with Wireshark June 15, 2010 Ashok Desai Senior Network Specialist Intel Information Technology SHARKFEST 10 Stanford University June 14-17, 2010 Outline Presentation Objective DMZ

More information

Niagara IT Manager s Guide

Niagara IT Manager s Guide 3951 Westerre Parkway, Suite 350 Richmond, VA 23233 804.747.4771 Phone 804.747.5204 FAX Niagara IT Manager s Guide A White Paper An IT Manager s Guide to Niagara This document addresses some of the common

More information

GS1 Trade Sync Connectivity guide

GS1 Trade Sync Connectivity guide GS1 Trade Sync Connectivity guide Date: 2015-12-01 Version: v1.8 Page: 2/17 Revision history Version Date Description Author 1.0 2013-11-14 Initial version Fernando Pereira 1.1 2014-01-16 Added FTP and

More information

EMC Backup and Recovery for Microsoft SQL Server 2008 Enabled by EMC Celerra Unified Storage

EMC Backup and Recovery for Microsoft SQL Server 2008 Enabled by EMC Celerra Unified Storage EMC Backup and Recovery for Microsoft SQL Server 2008 Enabled by EMC Celerra Unified Storage Applied Technology Abstract This white paper describes various backup and recovery solutions available for SQL

More information

WAN Performance Analysis A Study on the Impact of Windows 7

WAN Performance Analysis A Study on the Impact of Windows 7 A Talari Networks White Paper WAN Performance Analysis A Study on the Impact of Windows 7 Test results demonstrating WAN performance changes due to upgrading to Windows 7 and the network architecture and

More information

Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide

Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide Advanced Functionality Basic Functionality Feature MANAGEMENT Microsoft Management Console Enhanced Connection

More information

Technical papers Virtual private networks

Technical papers Virtual private networks Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What

More information

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But

More information

Remote Access Platform. Architecture and Security Overview

Remote Access Platform. Architecture and Security Overview Remote Access Platform Architecture and Security Overview NOTICE This document contains information about one or more ABB products and may include a description of or a reference to one or more standards

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

TECHNICAL SPECIFICATIONS GUIDE CANADA SAVINGS BONDS. csb.gc.ca PAYROLL SAVINGS PROGRAM 20$ 40$ 80$ 50 $ 30$ TECHGUIDE-14

TECHNICAL SPECIFICATIONS GUIDE CANADA SAVINGS BONDS. csb.gc.ca PAYROLL SAVINGS PROGRAM 20$ 40$ 80$ 50 $ 30$ TECHGUIDE-14 7 TECHNICAL SPECIFICATIONS GUIDE CANADA SAVINGS BONDS PAYROLL SAVINGS PROGRAM csb.gc.ca 40 5 30 0 20 80 70 0 What are you saving for? 50 40 20 0 80 4 20 7 7 TECHGUIDE-4 TECHNICAL SPECIFICATIONS GUIDE For

More information

AppDirector Load balancing IBM Websphere and AppXcel

AppDirector Load balancing IBM Websphere and AppXcel TESTING & INTEGRATION GROUP SOLUTION GUIDE AppDirector Load balancing IBM Websphere and AppXcel INTRODUCTION...2 RADWARE APPDIRECTOR...3 RADWARE APPXCEL...3 IBM WEBSPHERE...4 SOLUTION DETAILS...4 HOW IT

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

SVN5800 Secure Access Gateway

SVN5800 Secure Access Gateway The development of networks allows enterprises to provide remote access to branch offices, partners, customers, mobile employees, and home offices so that they can access application and data resources,

More information

Media Shuttle s Defense-in- Depth Security Strategy

Media Shuttle s Defense-in- Depth Security Strategy Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among

More information

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module

More information

About the VM-Series Firewall

About the VM-Series Firewall About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/

More information

ACE Management Server Deployment Guide VMware ACE 2.0

ACE Management Server Deployment Guide VMware ACE 2.0 Technical Note ACE Management Server Deployment Guide VMware ACE 2.0 This technical note provides guidelines for the deployment of VMware ACE Management Servers, including capacity planning and best practices.

More information

Architecture Guidelines Application Security

Architecture Guidelines Application Security Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation

More information

ReadyNAS Replicate. Software Reference Manual. 350 East Plumeria Drive San Jose, CA 95134 USA. November 2010 202-10727-01 v1.0

ReadyNAS Replicate. Software Reference Manual. 350 East Plumeria Drive San Jose, CA 95134 USA. November 2010 202-10727-01 v1.0 ReadyNAS Replicate Software Reference Manual 350 East Plumeria Drive San Jose, CA 95134 USA November 2010 202-10727-01 v1.0 2010 NETGEAR, Inc. All rights reserved. No part of this publication may be reproduced,

More information

athenahealth Interface Connectivity SSH Implementation Guide

athenahealth Interface Connectivity SSH Implementation Guide athenahealth Interface Connectivity SSH Implementation Guide 1. OVERVIEW... 2 2. INTERFACE LOGICAL SCHEMATIC... 3 3. INTERFACE PHYSICAL SCHEMATIC... 4 4. SECURE SHELL... 5 5. NETWORK CONFIGURATION... 6

More information

Security Policy Revision Date: 23 April 2009

Security Policy Revision Date: 23 April 2009 Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure

More information

Key Components of WAN Optimization Controller Functionality

Key Components of WAN Optimization Controller Functionality Key Components of WAN Optimization Controller Functionality Introduction and Goals One of the key challenges facing IT organizations relative to application and service delivery is ensuring that the applications

More information

Flight Workflow User's Guide. Release 12.0.0

Flight Workflow User's Guide. Release 12.0.0 Flight Workflow User's Guide Release 12.0.0 Copyright 2015 Signiant Inc. All rights reserved. Contents CHAPTER 1 Flight Introduction 4 FlightUploadReference 4 FlightDownloadReference 4 Cloud Storage Configuration

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs

Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs P/N 500205 July 2000 Check Point Software Technologies Ltd. In this Document: Introduction Page 1 Integrated VPN/firewall Page 2 placed

More information

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,

More information

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane SE 4C03 Winter 2005 Firewall Design Principles By: Kirk Crane Firewall Design Principles By: Kirk Crane 9810533 Introduction Every network has a security policy that will specify what traffic is allowed

More information

Isilon OneFS. Version 7.2. OneFS Migration Tools Guide

Isilon OneFS. Version 7.2. OneFS Migration Tools Guide Isilon OneFS Version 7.2 OneFS Migration Tools Guide Copyright 2014 EMC Corporation. All rights reserved. Published in USA. Published November, 2014 EMC believes the information in this publication is

More information

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status 10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary

More information

RemotelyAnywhere Getting Started Guide

RemotelyAnywhere Getting Started Guide April 2007 About RemotelyAnywhere... 2 About RemotelyAnywhere... 2 About this Guide... 2 Installation of RemotelyAnywhere... 2 Software Activation...3 Accessing RemotelyAnywhere... 4 About Dynamic IP Addresses...

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

VegaStream Information Note Considerations for a VoIP installation

VegaStream Information Note Considerations for a VoIP installation VegaStream Information Note Considerations for a VoIP installation To get the best out of a VoIP system, there are a number of items that need to be considered before and during installation. This document

More information

March 2005. PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools

March 2005. PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools March 2005 PGP White Paper Transport Layer Security (TLS) & Encryption: Complementary Security Tools PGP White Paper TLS & Encryption 1 Table of Contents INTRODUCTION... 2 HISTORY OF TRANSPORT LAYER SECURITY...

More information

Accelerating File Transfers Increase File Transfer Speeds in Poorly-Performing Networks

Accelerating File Transfers Increase File Transfer Speeds in Poorly-Performing Networks Accelerating File Transfers Increase File Transfer Speeds in Poorly-Performing Networks Contents Introduction... 2 Common File Delivery Methods... 2 Understanding FTP... 3 Latency and its effect on FTP...

More information

Classic IOS Firewall using CBACs. 2012 Cisco and/or its affiliates. All rights reserved. 1

Classic IOS Firewall using CBACs. 2012 Cisco and/or its affiliates. All rights reserved. 1 Classic IOS Firewall using CBACs 2012 Cisco and/or its affiliates. All rights reserved. 1 Although CBAC serves as a good foundation for understanding the revolutionary path toward modern zone based firewalls,

More information

FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP for FortiOS 5.0

FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP for FortiOS 5.0 FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP for FortiOS 5.0 FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP for FortiOS 5.0 June 10, 2014 01-500-96996-20140610

More information

PaperClip Incorporated 3/7/06; Rev 9/18/09. PaperClip Compliant Email Service Whitepaper

PaperClip Incorporated 3/7/06; Rev 9/18/09. PaperClip Compliant Email Service Whitepaper Incorporated 3/7/06; Rev 9/18/09 PaperClip Compliant Email Service Whitepaper Overview The FTC Safeguard Rules require Financial, Insurance and Medical providers to protect their customer s private information

More information

NEFSIS DEDICATED SERVER

NEFSIS DEDICATED SERVER NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis

More information

File Transfer And Access (FTP, TFTP, NFS) Chapter 25 By: Sang Oh Spencer Kam Atsuya Takagi

File Transfer And Access (FTP, TFTP, NFS) Chapter 25 By: Sang Oh Spencer Kam Atsuya Takagi File Transfer And Access (FTP, TFTP, NFS) Chapter 25 By: Sang Oh Spencer Kam Atsuya Takagi History of FTP The first proposed file transfer mechanisms were developed for implementation on hosts at M.I.T.

More information

Chapter 1 - Web Server Management and Cluster Topology

Chapter 1 - Web Server Management and Cluster Topology Objectives At the end of this chapter, participants will be able to understand: Web server management options provided by Network Deployment Clustered Application Servers Cluster creation and management

More information

Diagram 1: Islands of storage across a digital broadcast workflow

Diagram 1: Islands of storage across a digital broadcast workflow XOR MEDIA CLOUD AQUA Big Data and Traditional Storage The era of big data imposes new challenges on the storage technology industry. As companies accumulate massive amounts of data from video, sound, database,

More information

Using RADIUS Agent for Transparent User Identification

Using RADIUS Agent for Transparent User Identification Using RADIUS Agent for Transparent User Identification Using RADIUS Agent Web Security Solutions Version 7.7, 7.8 Websense RADIUS Agent works together with the RADIUS server and RADIUS clients in your

More information

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network. Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components

More information

Unicenter Remote Control r11

Unicenter Remote Control r11 Data Sheet Unicenter Remote Control r11 Unicenter Remote Control TM is a highly reliable and secure application for controlling and supporting remote Windows and Linux systems. It delivers all of the features

More information

White Paper: Managing Security on Mobile Phones

White Paper: Managing Security on Mobile Phones White Paper: Managing Security on Mobile Phones April 2006 Managing Security on Mobile Phones April 2006 Table of Contents Abstract...2 Executive Summary...2 The Importance Of Managing Security On Mobile

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION SD007 V4.1 Issue Date 04 July 2014 1) SERVICE OVERVIEW 1.1) SERVICE OVERVIEW Redcentric s managed firewall service (MFS) is based on a hardware firewall appliance

More information

SwiftBroadband and IP data connections

SwiftBroadband and IP data connections SwiftBroadband and IP data connections Version 01 30.01.08 inmarsat.com/swiftbroadband Whilst the information has been prepared by Inmarsat in good faith, and all reasonable efforts have been made to ensure

More information

Testing New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM

Testing New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM Testing New Applications In The DMZ Using VMware ESX Ivan Dell Era Software Engineer IBM Agenda Problem definition Traditional solution The solution with VMware VI Remote control through the firewall Problem

More information

Fig. 4.2.1: Packet Filtering

Fig. 4.2.1: Packet Filtering 4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the

More information

application note LAN Power: HP Web QoS with HP ProCurve Switches What is WebQoS? How WebQoS Classifies and Prioritizes Traffic

application note LAN Power: HP Web QoS with HP ProCurve Switches What is WebQoS? How WebQoS Classifies and Prioritizes Traffic application note HP Pr ocurve Switches & Hubs LAN Power: HP Web QoS with HP ProCurve Switches The amount of web traffic in networks is increasing dramatically as more businesses are using the web to provide

More information

User Identification and Authentication

User Identification and Authentication User Identification and Authentication Vital Security 9.2 Copyright Copyright 1996-2008. Finjan Software Inc.and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included

More information

IBM TSM DISASTER RECOVERY BEST PRACTICES WITH EMC DATA DOMAIN DEDUPLICATION STORAGE

IBM TSM DISASTER RECOVERY BEST PRACTICES WITH EMC DATA DOMAIN DEDUPLICATION STORAGE White Paper IBM TSM DISASTER RECOVERY BEST PRACTICES WITH EMC DATA DOMAIN DEDUPLICATION STORAGE Abstract This white paper focuses on recovery of an IBM Tivoli Storage Manager (TSM) server and explores

More information

Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.

Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc. Chapter 2 TOPOLOGY SELECTION SYS-ED/ Computer Education Techniques, Inc. Objectives You will learn: Topology selection criteria. Perform a comparison of topology selection criteria. WebSphere component

More information

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX SECURE YOUR DATA EXCHANGE SAFE-T BOX WHITE PAPER Safe-T. Smart Security Made Simple. 1 The Costs of Uncontrolled Data Exchange 2 Safe-T Box Secure Data Exchange Platform 2.1 Business Applications and Data

More information

Network Considerations for IP Video

Network Considerations for IP Video Network Considerations for IP Video H.323 is an ITU standard for transmitting voice and video using Internet Protocol (IP). It differs from many other typical IP based applications in that it is a real-time

More information

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date IPv4 and IPv6 Integration Formation IPv6 Workshop Location, Date Agenda Introduction Approaches to deploying IPv6 Standalone (IPv6-only) or alongside IPv4 Phased deployment plans Considerations for IPv4

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 3 Firewalls Specific Instructional Objectives On completion of this lesson, the students will be able to answer: What a firewall is? What are the design goals of Firewalls

More information

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls

More information

LotServer Deployment Manual

LotServer Deployment Manual LotServer Deployment Manual Maximizing Network Performance, Responsiveness and Availability DEPLOYMENT 1. Introduction LotServer is a ZetaTCP powered software product that can be installed on origin web/application

More information

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client Sophos UTM Remote Access via PPTP Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without

More information

Online Banking for Business Secure FTP with SSH (Secure Shell) USER GUIDE

Online Banking for Business Secure FTP with SSH (Secure Shell) USER GUIDE Online Banking for Business Secure FTP with SSH (Secure Shell) USER GUIDE Contents Secure FTP Setup... 1 Introduction... 1 Before You Set Up S/FTP... 1 Setting Up FTP with SSH... 2 Sending Files... 3 Address

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

File transfer clients manual File Delivery Services

File transfer clients manual File Delivery Services File transfer clients manual File Delivery Services Publisher Post CH Ltd Information Technology Webergutstrasse 12 CH-3030 Berne (Zollikofen) Contact Post CH Ltd Information Technology Webergutstrasse

More information

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds February 2011 1 Introduction Today's business environment requires organizations

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA

More information