GS1 Trade Sync Connectivity guide



Similar documents
Royal Mail Business Integration Gateway Specification

II. Implementation and Service Information

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Shipping Services Files (SSF) Secure File Transmission Account Setup

Secure Data Transfer

Chapter 7 Transport-Level Security

Xerox FreeFlow Digital Publisher Information Assurance Disclosure. Onsite, Cloud and epublishing Configurations

AS2 Disaster Recovery Implementation Guide Issue 1, Approved, 18-Nov-2010

Proxies. Chapter 4. Network & Security Gildas Avoine

CTS2134 Introduction to Networking. Module Network Security

Introduction to Computer Security Benoit Donnet Academic Year

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

FTP Peach Pit Data Sheet

Methods available to GHP for out of band PUBLIC key distribution and verification.

Install and configure SSH server

Chapter 17. Transport-Level Security

Net Solutions WEB-EDI

OCS Virtual image. User guide. Version: Viking Edition

GS1 Newcomers to AS2. Implementation Guide. Issue 1, 23-June GS1 Newcomers to AS2 Implementation Guide

Experian Secure Transport Service

Hosted Microsoft Exchange Client Setup & Guide Book

Pre-configured AS2 Host Quick-Start Guide

Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

SECURE FTP CONFIGURATION SETUP GUIDE

Pre Sales Communications

Security. TestOut Modules

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

How to setup FTP and Secure FTP for XD Series

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

AS2 or FTP: What s Best for Your Company. John Radko, Chief Technology Strategist, GXS Rochelle Cohen, Sr. Product Marketing Manager, GXS

Device Log Export ENGLISH

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

athenahealth Interface Connectivity SSH Implementation Guide

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Central Desktop Enterprise Edition (Security Pack)

Network Security Essentials Chapter 5

Configuration Guide. BES12 Cloud

The LRS File Transfer Service offers a way to send and receive files in a secured environment

BlackBerry Enterprise Service 10. Version: Configuration Guide

ReadyNAS Remote White Paper. NETGEAR May 2010

Configuration Backup and Restore. Dgw v2.0 May 14,

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD

Computer Networks. Secure Systems

STERLING SECURE PROXY. Raj Kumar Integration Management, Inc.

ICE Futures Europe. AFTS Technical Guide for Large Position Reporting V1.0

MOVEIT: SECURE, GUARANTEED FILE DELIVERY BY JONATHAN LAMPE, GCIA, GSNA

Deploying the BIG-IP System with Oracle E-Business Suite 11i

HTTP 1.1 Web Server and Client

MadCap Software. Upgrading Guide. Pulse

XFTP 5 User Guide. The Powerful SFTP/FTP File Transfer Program. NetSarang Computer Inc.

OneLogin Integration User Guide

CASHNet Secure File Transfer Instructions

CA Performance Center

ACCREDITED SOLUTION. EXPLORER Core FTP

SSL SSL VPN

Issue 1 EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

How To Understand And Understand The Security Of A Key Infrastructure

Secure FTP. Client user guide. Author: Steria A/S Version: 2.2 Date: 20 January 2010 Document SecureFtpClientUserguideV2_2.doc

Corporate Access File Transfer Service Description Version /05/2015

Network Configuration Settings

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

Hosted Microsoft Exchange Client Setup & Guide Book

Setting Up on Your Palm. Treo 700wx Smartphone

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SFTP (Secure File Transfer Protocol)

SITRANS RD500 Configuring the RD500 with PSTN or GSM modems and Windows-based servers and clients for communication Objective:

White Paper. Securing and Integrating File Transfers Over the Internet

Communication Security for Applications

CreationDirect. Clearstream file transfer connectivity solutions

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

TECHNICAL NOTE TNOI27

Online Banking for Business Secure FTP with SSH (Secure Shell) USER GUIDE

New GoAnywhere File Transfer Set Up Tasks

Design Notes for an Efficient Password-Authenticated Key Exchange Implementation Using Human-Memorable Passwords

smartoci User Guide Secure FTP for Catalog Loads

AS2 AND EDI OVER THE INTERNET FAQ

LifeSize Control Installation Guide

DSI File Server Client Documentation

Configuring Security Features of Session Recording

SSH Secure Client (Telnet & SFTP) Installing & Using SSH Secure Shell for Windows Operation Systems

Secure Transfers. Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3

Setting Up Scan to SMB on TaskALFA series MFP s.

Configuration Guide BES12. Version 12.2

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

File Transmission Methods Monday, July 14, 2014

This feature is available on the AppWall standalone and AppWall VA devices. It is not available on the AppWall module within Alteon.

TLS and SRTP for Skype Connect. Technical Datasheet

Owner of the content within this article is Written by Marc Grote

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

OSF INTEGRATOR for. Integration Guide

DRAFT Standard Statement Encryption

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Quick Reference Guide. Online Courier: FTP. Signing On. Using FTP Pickup. To Access Online Courier.

Directory and File Transfer Services. Chapter 7

Security Overview Introduction Application Firewall Compatibility

Sophos Mobile Control Installation guide. Product version: 3.5

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

CA Nimsoft Service Desk

Transcription:

GS1 Trade Sync Connectivity guide Date: 2015-12-01 Version: v1.8

Page: 2/17

Revision history Version Date Description Author 1.0 2013-11-14 Initial version Fernando Pereira 1.1 2014-01-16 Added FTP and SFTP Fernando Pereira 1.2 2014-01-16 1.3 2014-02-19 1.4 2014-02-19 1.5 2014-02-20 1.6 2014-05-09 1.7 2014-10-02 Add link to download digital certificates Added explicitly port numbers; Added outgoing IP Address to preproduction environment Added supported encryptions and hashing algorithms Corrected AS2 URLs to all environments Added Outgoing IP address Corrected preprod https url Fernando Pereira Fernando Pereira Fernando Pereira Fernando Pereira Fernando Pereira Fernando Pereira 1.8 2015-12-01 New digital certificate Diogo Malheiro Page: 3/17

Content GS1 Trade Sync - Connectivity guide 1 Overview... 5 2 Contacts... 6 3 Connectivity Information... 7 3.1 AS2... 7 3.1.1 Definition... 7 3.1.2 Configuration: Production Environment... 8 3.1.3 Configuration: Pre-Production Environment... 8 3.1.4 Recommendations... 8 3.1.5 Information needed from the partner... 9 3.2 File Transfer Protocol (FTP)... 10 3.2.1 Definition... 10 3.2.2 Configuration... 10 3.2.3 Recommendations... 10 3.2.4 Information needed from the partner... 10 3.3 Secure File Transfer Protocol (SFTP)... 11 3.3.1 Definition... 11 3.3.2 Configuration... 11 3.3.3 Recommendations... 11 3.3.4 Information needed from the partner... 11 3.4 Outgoing IP Addresses... 11 3.4.1 Pre-Production Environment... 11 3.4.2 Production Environment... 12 3.5 Digital certificates... 12 4 Connectivity Test Procedure... 13 4.1 Connectivity to GS1Trade Sync... 14 4.1.1 Setup... 14 4.1.2 Acknowledge for the setup in GS1Trade Sync... 14 4.1.3 Connectivity tests... 14 4.1.4 Confirmation... 14 Page: 4/17

1 Overview The aim of this document is to describe and document the methods in which GS1 Trade Sync users may exchange information with the system, guiding the user through the setup and testing process used to connect to GS1 Trade Sync. This documents starts by providing the adequate contact information for both connectivity and non-connectivity support issues. Chapter 3 provides all GS1 Trade Sync connectivity details for the supported protocols. Chapter 4 describes the process a partner has to follow in order to test and establish a connection with GS1 Trade Sync. Page: 5/17

2 Contacts For any maintenance, support question or other issues regarding GS1 Trade Sync, use the following contact information: Email: dadas@gs1.dk Tel: +45 39278527 Fax: +45 39278510 For any GS1 Trade Sync connectivity tests, technical questions regarding the communication to and from GS1 Trade Sync, use the following contact information: Email: helpdesk@saphety.com Tel: +351 210 114 635 Fax: +351 210 192 502 URL: www.saphety.com Address: Rua Víriato, nº 13, 6º Andar 1050-352 Lisboa Portugal Page: 6/17

3 Connectivity Information GS1 Trade Sync supports 3 different connection types, which users and third party systems can choose from. Depending on the connection type chosen, the URL/Address used to send data are slightly different, and a digital certificate may be required. You will use the same connection for both sending and receiving information. Next table summarizes the information of each one of the connection type, for both the Pre-Production and the Production environments. Protocol Environment Addresses/URLs Signed Encrypted Compressed MDN AS2 over HTTP Prod Pre Prod http://as2.gs1tradesync.dk/tradehttp/ctinbox.aspx http://as2-preprod.gs1tradesync.dk/tradehttp/ctinbox.aspx AS2 over HTTPS Prod Pre Prod https://as2.gs1tradesync.dk/tradehttp/ctinbox.aspx https://as2-preprod.gs1tradesync.dk/tradehttp/ctinbox.aspx Table 1: Connectivity information summary The following subsections describe the specific characteristics of each one of the above protocols. 3.1 AS2 3.1.1 Definition Applicability Statement 2 (AS2) is an Electronic Data Interchange over the Internet (EDIINT) specification that uses a well-known standard using HTTP, or HTTPS, to transport data. EDIINT is a working group of the Internet Engineering Task Force (IETF) that develops secure and reliable business communications standards. The AS2 specification supports EDI or any other data transmittals over the internet using HTTP or HTTPS. AS2 is a specification about how to transport data, not how to validate or process data. AS2 specifies the means to connect, deliver, validate and reply to (receipt) data in a secure and reliable way. The data is then dispatched to the appropriate processor based upon its content-type. AS2 makes no specification about how that dispatch or subsequent processing is accomplished. Security is achieved by the digital signature and/or encryption of the message, for which the usage of digital certificates is mandatory. Additionally it can be done over HTTPS which add an additional encryption layer. Reliability is achieved by the exchange of Message Delivery Notifications (MDN), combined with re-try and re-send mechanisms, allowing the full control of the interchanges performed or in error. Users can send messages to GS1 Trade Sync using any AS2 compliant tool. For information on AS2 compliant tools refer to: http://wwww.drummondgroup.com. Page: 7/17

3.1.2 Configuration: Production Environment URL for HTTP: http://as2.gs1tradesync.dk/tradehttp/ctinbox.aspx Port: 80 URL for HTTPS: https://as2.gs1tradesync.dk/tradehttp/ctinbox.aspx Port: 443 AS2 Identifier: 5790000500000 MDNs: Supported both synchronous and asynchronous MDNS. Asynchronous MDNS are sent in 5 minutes time intervals; see 3.2 File Transfer Protocol (FTP) 3.1.3 Definition File Transfer Protocol (FTP) is a standard network protocol used to transfer files over TCP-based networks. FTP is built on client-server architecture and uses separate control and data connections between the client and the server. FTP users may authenticate themselves using a clear-text signin protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. 3.1.4 Configuration This is a case by case configuration. User has to provide access to an FTP server, with an appropriate account, where the system can retrieve and place information. Outgoing IP Addresses: 3.1.5 Recommendations The usage of this protocol should be avoided, since it is not a secure protocol and it does not have acknowledgement mechanisms. Use only if not other possibility exists. 3.1.6 Information needed from the partner In order to establish a FTP connection we need the following information from the partner: Company Name; Server address; Port number; Mode: passive or active; Port range; User id ; Password; Path for GS1Trade Sync obtain the files to process; Path for GS1Trade Sync deliver files; Administrative contact for connectivity issues; Page: 8/17

3.2 Secure File Transfer Protocol (SFTP) 3.2.1 Definition The Secure File Transfer Protocol (known also as SSH File Transfer Protocol) is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols. The IETF Internet Draft states that even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications. This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol. 3.2.2 Configuration This is a case by case configuration. User has to provide access to an SFTP server, with an appropriate account, where the system can retrieve and place information. 3.2.3 Recommendations The usage of this protocol should be avoided, since it does not have acknowledgement mechanisms. Use only if not other possibility exists. 3.2.4 Information needed from the partner In order to establish a SFTP connection we need the following information from the partner: Company Name; Server address; Port number; User id ; Password; Path for GS1Trade Sync obtain the files to process; Path for GS1Trade Sync deliver files; Administrative contact for connectivity issues; Outgoing IP Addresses Page: 9/17

Retries: Resends: Hashing and Encryption methods 1 attempt per hour during 3 hours (when no successful http connection made, meaning no HTTP 200 code received); 1 attempts per hour during 3 hours (when the document was successfully posted, meaning successful HTTP connection and 200 code received, but no MDN received); SHA1 and Triple DES 3.2.5 Configuration: Pre-Production Environment URL for HTTP: http://as2-preprod.gs1tradesync.dk/tradehttp/ctinbox.aspx Port: 80 URL for HTTPS: https://as2-preprod.gs1tradesync.dk/tradehttp/ctinbox.aspx Port: 443 AS2 Identifier: 5790000000029 MDNs: Supported both synchronous and asynchronous MDNS. Asynchronous MDNS are sent in 5 minutes time intervals; see 3.3 File Transfer Protocol (FTP) 3.2.6 Definition File Transfer Protocol (FTP) is a standard network protocol used to transfer files over TCP-based networks. FTP is built on client-server architecture and uses separate control and data connections between the client and the server. FTP users may authenticate themselves using a clear-text signin protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. Outgoing IP Addresses: 3.2.7 Configuration This is a case by case configuration. User has to provide access to an FTP server, with an appropriate account, where the system can retrieve and place information. 3.2.8 Recommendations The usage of this protocol should be avoided, since it is not a secure protocol and it does not have acknowledgement mechanisms. Use only if not other possibility exists. 3.2.9 Information needed from the partner In order to establish a FTP connection we need the following information from the partner: Company Name; Page: 10/17

Server address; Port number; Mode: passive or active; Port range; User id ; Password; Path for GS1Trade Sync obtain the files to process; Path for GS1Trade Sync deliver files; Administrative contact for connectivity issues; 3.3 Secure File Transfer Protocol (SFTP) 3.3.1 Definition The Secure File Transfer Protocol (known also as SSH File Transfer Protocol) is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols. The IETF Internet Draft states that even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications. This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol. 3.3.2 Configuration This is a case by case configuration. User has to provide access to an SFTP server, with an appropriate account, where the system can retrieve and place information. 3.3.3 Recommendations The usage of this protocol should be avoided, since it does not have acknowledgement mechanisms. Use only if not other possibility exists. 3.3.4 Information needed from the partner In order to establish a SFTP connection we need the following information from the partner: Page: 11/17

Company Name; Server address; Port number; User id ; Password; Path for GS1Trade Sync obtain the files to process; Path for GS1Trade Sync deliver files; Administrative contact for connectivity issues; Outgoing IP Addresses Retries: Resends: Hashing and Encryption methods 1 attempt per hour during 3 hours (when no successful http connection made, meaning no HTTP 200 code received); 1 attempt per hour during 3 hours (when the document was successfully posted, meaning successful HTTP connection and 200 code received, but no MDN received); SHA1 and Triple DES 3.3.5 Recommendations Our recommendation is to use AS2 via HTTP protocol with message encryption and signature. This combination provides a secure and reliable connection without the overhead required by HTTPS. 3.3.6 Information needed from the partner In order to establish an AS2 connection we need the following information from the partner: Company Name AS2 Identification URL User id and password if applicable Outgoing IP addresses Digital certificate Administrative contact for connectivity issues; Page: 12/17

3.4 File Transfer Protocol (FTP) 3.4.1 Definition File Transfer Protocol (FTP) is a standard network protocol used to transfer files over TCPbased networks. FTP is built on client-server architecture and uses separate control and data connections between the client and the server. FTP users may authenticate themselves using a cleartext sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. 3.4.2 Configuration This is a case by case configuration. User has to provide access to an FTP server, with an appropriate account, where the system can retrieve and place information. 3.4.3 Recommendations The usage of this protocol should be avoided, since it is not a secure protocol and it does not have acknowledgement mechanisms. Use only if not other possibility exists. 3.4.4 Information needed from the partner In order to establish a FTP connection we need the following information from the partner: Company Name; Server address; Port number; Mode: passive or active; Port range; User id ; Password; Path for GS1Trade Sync obtain the files to process; Path for GS1Trade Sync deliver files; Administrative contact for connectivity issues; Page: 13/17

3.5 Secure File Transfer Protocol (SFTP) 3.5.1 Definition The Secure File Transfer Protocol (known also as SSH File Transfer Protocol) is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols. The IETF Internet Draft states that even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications. This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol. 3.5.2 Configuration This is a case by case configuration. User has to provide access to an SFTP server, with an appropriate account, where the system can retrieve and place information. 3.5.3 Recommendations The usage of this protocol should be avoided, since it does not have acknowledgement mechanisms. Use only if not other possibility exists. 3.5.4 Information needed from the partner In order to establish a SFTP connection we need the following information from the partner: Company Name; Server address; Port number; User id ; Password; Path for GS1Trade Sync obtain the files to process; Path for GS1Trade Sync deliver files; Administrative contact for connectivity issues; 3.6 Outgoing IP Addresses 3.6.1 Pre-Production Environment For HTTP based protocols we have the following outgoing IP Addresses: 194.79.87.112 194.79.87.198 194.79.87.19 Page: 14/17

194.79.87.18 194.79.87.23 194.79.87.73 3.6.2 Production Environment For HTTP based protocols we have the following outgoing IP Addresses: 194.79.87.114 194.79.87.72 194.79.87.25 3.7 Digital certificates Download digital certificates, for all GS1 Trade Sync environments, from here, or copy and paste the following URL into your browsers address bar: http://saphsync-cert.saphety.com Credentials (case sensitive): User: saphsync-cert Pass: saphety.123! Download the file SaphetySyncCert.zip, which contains the digital certificate to use (saphetysyncas2_2017.cer) as well as the entire certification chain (the other two *.cer files). Page: 15/17

4 Connectivity Test Procedure In order to initiate exchange information with GS1Trade Sync production environment, it is necessary that you as a user perform a set of connectivity tests that will guarantee the correct setup between the systems. Premises: Partners connecting for the first time have to perform connectivity test with Pre- Production environment; Only after having successfully passed connectivity tests in Pre-Production, partner can initiate the document exchange in the Pre-Production environment. The process for the validating process is described in the GS1Trade Sync Setup Guide. After you have received acceptance from GS1 Denmark on the message validation you can begin connectivity tests to the Production environment. You are only allowed to exchange documents with production environment after having passed the connectivity tests, in both Pre-Production and Production, and after GS1 Denmark confirmation that are listed above. Page: 16/17

4.1 Connectivity to GS1Trade Sync 4.1.1 Setup Configure your communication system with the information provided in chapter 3 - Connectivity Information. Check list for the setup: If using AS2: a. Digital certificates are installed and configured? In section 3.7 are all the certificates for all the environments. b. Network and firewalls configuration allow traffic from and to GS1Trade Sync servers? See the 3.5 section for GS1Trade Sync outgoing ip's, which should be enabled for inbound in your firewalls, if using AS2 protocol. For outbound you only need to allow the specific environment address, if using AS2 protocol. c. Configure digital signature and encryption; d. MDNs are required, so configure your system to request them. If using SFTP or FTP: o o o Accounts are created with correct data; Given paths are available; Privileges for the given folders are correct; 4.1.2 Acknowledge for the setup in GS1Trade Sync Wait for acknowledge from Saphety that we have finished the setup on our side with the parameters supplied by you. This should be completed within 3 working days from the arrival of the filled in customer information document that is supplied at chapter 6 in the GS1Trade Sync Setup Guide. 4.1.3 Connectivity tests Sending to GS1Trade Sync: on the agreed test date perform the following steps a. Partner sends a meaningless file (not XML file); b. Partner check and guarantee that positive MDN has been received (AS2 only); c. Partner ask confirmation that it has been received by GS1Trade Sync (use contacts on chapter 2); d. In case of problems inform GS1 Denmark contact and schedule a new test. Receiving from GS1Trade Sync: on the agreed test date perform the following steps a. GS1Trade Sync sends a mean less file (not XML file). b. Partner is contacted by GS1Trade Sync in order to validate if the meaningless file has been received. In this contact GS1Trade Sync will indicate if MDN was received or not, only applicable for AS2. c. Partner must check and confirm the reception of the file and the delivery of the MDN back to GS1Trade Sync. d. In case of problems inform GS1Trade Sync contact and schedule a new test. 4.1.4 Confirmation Connectivity tests are considered successful when both partner and GS1 Denmark have confirmed that the communication is working correctly in both directions. GS1 Denmark will inform you when you have been confirmed finished with the communication tests and are ready to start the validating process. Page: 17/17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information