California ISO Secure File Transfer Service (SFTS) Technical Specification

Transcription

1 California ISO Secure File Transfer Service (SFTS) Technical Specification Version: 2.0 May 20, 2007

2 Copyright 2007 CALIFORNIA INDEPENDENT SYSTEM OPERATOR. All rights reserved. This document contains proprietary information. All information contained herein shall be kept in confidence, and shall not be divulged to persons other than CALIFORNIA INDEPENDENT SYSTEM OPERATOR employees authorized by the nature of their responsibilities to receive such information, or individuals and organizations authorized by CALIFORNIA INDEPENDENT SYSTEM OPERATOR in accordance with existing policy regarding release of company information. Information in this document is subject to change. Revision History Date Version By Description 9/5/ Brian OHearn Initial draft 5/20/ Brian OHearn Added failover IP s for MP connectivity configuration

3 TABLE OF CONTENTS 1 Introduction Overview Purpose of the Document Audience Contacts References SFTS Scope and Assumptions Scope Assumptions Technical Architecture Approach Logical Architecture Market Functions Supported Accessing SFTS Participant Requirements and Guidelines for Integration Hardware Software Network Security Protocols and Standards Performance Availability Reliability Monitoring...7

4 1 Introduction Market Participants (MP) require access to files over a secure connection that allows for the transfer of settlement files larger than 1 GB. This document details the requirements around the SFTS functionality only, detailing both CAISO and MP responsibilities necessary to implement this functionality and effectively govern the operation of the interchange. 1.1 Overview The CASIO SFTS behaves as a server application and is responsible for housing settlement and report files for Market Participants to connect and pull the files over the secure file transfer protocol. The client service for the file transfer is to be hosted and maintained by each interested MP. 1.2 Purpose of the Document The purpose of this document is to provide information required by Market Participants to access the CAISO SFTS to pull files securely. This document will fully describe the interface, but will not detail the implementation. 1.3 Audience The intended audience includes the Market Participant technical teams along with the CAISO Integration development and support teams. 1.4 Contacts For any questions regarding this document please contact bohearn@casio.com 1.5 References Doc. No. Document Name Location/Locator 2 SFTS Scope and Assumptions The following documents the scope and assumptions made for the initial release of the CAISO SFTS (Secure File Transfer Service). 2.1 Scope The scope of the SFTS includes the creation of a process that allows secure transfer of files between the CAISO and MP s.

5 2.2 Assumptions In the initial version of SFTS, MP s will pull files they have access to in accordance to their permissions in the SFTS system. The SFTS system access and authentication is based on the market participant SSH public/private key pair and integration within the CAISO security infrastructure. Settlement or CRN Report files associated with a given MP will be available 24x7 for 90 days after publication to the system 3 Technical Architecture This section describes the architecture of the SFTS, and provides an overview of the architectural approach. 3.1 Approach The SFTS is a method by which a Market Participant can pull files over a secure encrypted file transfer connection from CAISO. SFTS uses the SFTP (File Transfer Protocol over SSH) for the security mechanism that supports data encryption and secure authentication. 3.2 Logical Architecture The figure below depicts the logical architecture for the SFTS system. This has been included to provide some insight into how file transfers can be completed between the CAISO systems that generate system files, and the MP endpoint that will be pulling the files. The internal architecture behind the DMZ has been presented here in simplified form. This information is provided to give a better understanding of the comprehensive nature of the architecture. CAISO Secure File Transfer Service Over SFTP ` ` Market Participant Market Participant Originating System FTP Over SSH Port 22 CAISO SFTS Port 22 Open for BAPI- sfts.caiso.com ( and ) And CRN - Sfts2.caiso.com ( and )

6 The data flow is designed to be one-way. MP s will pull files from the SFTS system. No outbound services (from CAISO) are required for SFTS functionality. 4 Market Functions Supported 4.1 Accessing SFTS The Market Participant must use a client or service that supports the SFTP protocol. The SFTS service will not be available on the ECN. Access will be over the internet on port 22 at the following failover enabled URL s: BAPI - sfts.caiso.com and CRN - sfts2.caiso.com and The IP s must be configured on the market participant side when opening a firewall or when caching is used. 5 Participant Requirements and Guidelines for Integration 5.1 Hardware There are no specific hardware requirements due to the loose coupling between Market Participant applications and the CAISO SFTS infrastructure. Market Participants should choose appropriate hardware to support the rest of the requirements defined below and in particular the SLAs defined with the individual services in their respective Interface Specification documents. 5.2 Software There are multiple clients that are capable of providing the SFTP protocol available to the Market Participant. Although CAISO cannot test all possible clients initial testing was done with GlobalScape CuteFTP Pro. Market Participants are encouraged to evaluate the clients available to ensure alignment with their business and technical needs. 5.2 Network CAISO Market Participant services will be provided over the Internet only. It is the responsibility of Market Participants to ensure adequate network capacity, performance and availability to support the transfer of files in a manor that meets their business requirements. 5.3 Security The following are the security requirements for Market Participants to integrate with SFTS.

7 All file transfers must be encrypted. The data must be encrypted while in transport (This is also referred to as over the wire encryption). SFTP (FTP over SSH) will be used as the transport to support this encryption. The market participant endpoint must have a valid private key associated with the public key provided by the MP to CAISO. All security warnings will be treated as errors and cause a failure for that transaction. 5.4 Protocols and Standards SFTP: FTP over SSH for data transfer over an encrypted connection. RSA 2048 Private/Public Key Pair 5.5 Performance This system availability will be monitored and enforced through the CAISO s monitoring infrastructure. This will provide availability-level management. CAISO is not responsible for latency introduced by networks, systems or any other factor outside of the SFTS endpoint provided for external connection. 5.6 Availability SFTS must function with a high degree of availability, in order to provide settlement files from CAISO in a timely manner. Effort will be made to assure the availability of the service and its proper functioning. This will exclude periods of planned or announced outages for maintenance and other events. 5.7 Reliability The SFTS services that CAISO provides will have the level of reliability and fault tolerance that is required by the business processes. In the event of complete failure of SFTS a general notice will be provided through existing channels. 5.8 Monitoring CAISO will monitor the SFTS services. In the event of a systemic failure of SFTS, Market Participants will be notified through existing channels.