CASHNet Secure File Transfer Instructions Copyright 2009, 2010 Higher One Payments, Inc. CASHNet, CASHNet Business Office, CASHNet Commerce Center, CASHNet SMARTPAY and all related logos and designs are the exclusive Trademarks of Higher One Payments, Inc. CASHNET AND CASHNET BUSINESS OFFICE ARE REGISTERED TRADEMARKS OF HIGHER ONE PAYMENTS, INC. CASHNet Secure File Transfer Instructions Page 1
Introduction... 3 Batch versus Real-Time... 3 Who Initiates the File Transfer?... 3 Getting Started... 4 Your File Transfer Login and Password... 4 Transferring Files Step-by-Step... 4 Installing Software... 4 Sending Files to CASHNet... 8 Picking Up Files from CASHNet... 10 Transferring Files Advanced... 12 Using SFTP... 12 Automating SFTP Transfers... 13 Using FTP/S... 14 Using FTP... 15 FTP Over a VPN Tunnel... 15 Data Storage... 15 CASHNet Secure File Transfer Instructions Page 2
Introduction This guide will help you securely transfer batch files between your institution and CASHNet. For beginning users, background information and complete step-by-step instructions are provided. I.T. professionals and others familiar with file transfer protocols may wish to skip directly to the sections of interest. Batch versus Real-Time CASHNet supports two different types of interfaces: batch interfaces and real-time interfaces. Much of the communication between CASHNet and an institution s ERP system happens through real-time interfaces. These interfaces are used to retrieve a customer s status and balance from the ERP system immediately when CASHNet needs information about the customer. Real-time interfaces are also used to inform the ERP system of payments made in CASHNet as soon as they are completed. These real-time interfaces will be configured by your CASHNet Implementation Team. This manual deals only with the batch interfaces. These interfaces transfer an entire file of data in bulk, rather than sending each piece of data as it is needed (the way the realtime interfaces do). Batch interfaces are often used to send CASHNet your intuition s general ledger chart of accounts, complete lists of who your customers are and what they owe (especially immediately before you go live on CASHNet), and files of electronic bills to be published to your customers. Batch interfaces are also frequently used to send files of payments received to your general ledger system and to other systems that may not be able to receive data in real time. Who Initiates the File Transfer? Whenever you use a batch interface, a file containing the data needs to be transferred between your institution and CASHNet. Depending on the nature of the interface, the data may be transferred from your institution to CASHNet (as in the case of a file of ebills) or it may be going back from CASHNet to your institution (as with a file of payments received). However the key issue here is not which direction the data is flowing. Instead it is which party will initiate the file transfer. Many customers prefer to initiate the transfers themselves. This means that they run a program on one of their computers to send the data to CASHNet or retrieve the data from CASHNet. This manual will take you through the details of how to do that. Alternatively the CASHNet system can automatically initiate the transfers itself, either retrieving data from your server or placing data on your server. To enable this functionality, you would allow CASHNet to access your server by creating a username and password for the CASHNet system. In many cases you will also want to allow CASHNet Secure File Transfer Instructions Page 3
CASHNet access through your firewall. For complete details, please refer to the System Setup User Manual or consult with your CASHNet Implementation Team. Getting Started The instructions which follow are for customers who need to transfer files for batch interfaces. If you are using online interfaces exclusively you do not need to be concerned with the rest of these instructions. Similarly, if CASHNet will be initiating the file transfers, you do not need to review the rest of these instructions. Your File Transfer Login and Password A single login and password are used for all file transfer activities associated with your CASHNet database. The login name is the same as the client code for your database (which you see on your CASHNet operator login screen). This usually looks like myschool_prod. The password will be communicated directly to the designated person at your institution. If you have multiple CASHNet databases (for example, most institutions also have a training database), there will be a separate login and password for each database. You are not able to change this password yourself. However the staff at CASHNet will be happy to change it for you at your request. To initiate a change, one of your institutions s authorized contacts just needs to email or call CASHNet OneSupport. Transferring Files Step-by-Step This section will provide step-by-step instructions for how you can transfer files to or from CASHNet. If you re not too familiar with how to transfer files, or you only need to transfer files once in a while (maybe for an initial load of students or a monthly bill file), these instructions will guide you through the process. If you re an I.T. professional who knows about file transfer protocols (and perhaps wants to automate the process), you ll probably want to skip to the Advanced section below. Installing Software The software we will use is called WinSCP. By using this software, your passwords and files will be encrypted for security when they are sent over the Internet. There are many other software programs that can also accomplish this; we ve just chosen WinSCP because it is easy to install and easy to use. WinSCP will run on most Windows computers. The software is available at no cost. Complete details are available on their website. Follow these steps to download and install the software. These steps only need to be done once on any particular computer. 1. Use your web browser to go to http://www.winscp.net. CASHNet Secure File Transfer Instructions Page 4
2. Click the Download link near the top of the page. 3. Click Installation Package. 4. The WinSCP installer will begin downloading. a. If you are using Internet Explorer, you will probably see a yellow bar across the top of the screen warning you that the site is trying to download files. Click on the bar and choose Download File. Then click Run. If prompted again, choose Run once more. b. If you are using a browser other than Internet Explorer, follow the prompts to download WinSCP and begin running the installation program. 5. The WinSCP installer will prompt you to Select Setup Language. Make sure English is selected and click OK. 6. You will see the WinSCP Setup Wizard Welcome screen. Click Next. 7. You will see the WinSCP License Agreement screen. To agree to the license, click Next. 8. You will be prompted to select the Setup Type. Choose Typical Installation and click Next. 9. You will be prompted to select the Interface Style. Choose Norton Commander Interface and click Next. 10. You will see the Ready to Install screen. Click Install. Wait while the software is installed. 11. You will see the Setup Complete screen. Check the box to Launch WinSCP. Click Finish. CASHNet Secure File Transfer Instructions Page 5
12. The WinSCP Login screen appears: a. In the Host Name box, type eft.cashnet.com. b. In the User Name box, type your assigned username (for example, myschool_prod ). c. Leave the Password box blank. (This will cause the system to prompt for your password each time you connect, which is the most secure option.) d. Leave the Port Number at the default value of 22. e. Leave the Protocol at the default value of SFTP. f. Click the Save button. Click OK. CASHNet Secure File Transfer Instructions Page 6
13. The screen should now look like this: Click Login 14. Since this is your first login, you will see a box that says Warning. The server s host key was not found in the cache. Click Yes. 15. You will be prompted for the password. Type your assigned password and click OK. CASHNet Secure File Transfer Instructions Page 7
16. Once the password has been accepted, the screen will look similar to this: The left side of the screen displays files on your computer, and the right side of the screen displays files on the CASHNet file transfer server. (The left side will look somewhat different depending on the actual files on your computer.) 17. You have completed setting up WinSCP. Click the close ( X ) box in the upperright corner to exit. Click OK to confirm. Sending Files to CASHNet Once the WinSCP software has been installed, any time you need to send a file to CASHNet follow these steps: 1. To launch WinSCP, click on your Start button. Choose All Programs, then the WinSCP group, then WinSCP. 2. The WinSCP login screen is displayed. Click Login. 3. You will be prompted for the password. Type your assigned password and click OK. CASHNet Secure File Transfer Instructions Page 8
4. Once the password has been accepted, the screen will look similar to this: The left side of the screen displays files on your computer, and the right side of the screen displays files on the CASHNet file transfer server. (The left side will look somewhat different depending on the actual files on your computer.) 5. On the right side of the screen, double click files to move into that folder. 6. On the left side of the screen, navigate to the folder on your computer that contains the file you want to send. You can use the dropdown box to select from a list of common locations, click the pathname displayed in the blue bar, or click any folder in the left pane. 7. In the left pane, click the file you wish to transfer. Then either press F5, click Copy (at the bottom of the screen), or drag the file to the right pane. 8. A confirmation window appears. Click Copy. 9. A progress bar will display while the transfer is occurring. Once the transfer has completed, the progress box will close and you will see the file appear in the right pane. 10. Repeat steps 6 through 9 for any additional files you need to copy. 11. Click the close ( X ) box in the upper-right corner to exit. Click OK to confirm. CASHNet Secure File Transfer Instructions Page 9
Picking Up Files from CASHNet Once the WinSCP software has been installed, any time you need to pick up a file from CASHNet follow these steps: 1. To launch WinSCP, click on your Start button. Choose All Programs, then the WinSCP group, then WinSCP. 2. The WinSCP login screen is displayed. Click Login. 3. You will be prompted for the password. Type your assigned password and click OK. 4. Once the password has been accepted, the screen will look similar to this: The left side of the screen displays files on your computer, and the right side of the screen displays files on the CASHNet file transfer server. (The left side will look somewhat different depending on the actual files on your computer.) 5. On the left side of the screen, navigate to the folder on your computer where you want to put the file. You can use the dropdown box to select from a list of common locations, click the pathname displayed in the blue bar, or click any folder in the left pane. 6. On the right side of the screen, double click files to move into that folder. You will see a list of all the files available for you to pick up. CASHNet Secure File Transfer Instructions Page 10
7. In the right pane, click the file you wish to transfer. Then either press F5, click Copy (at the bottom of the screen), or drag the file to the left pane. 8. A confirmation window appears. Click Copy. 9. A progress bar will display while the transfer is occurring. Once the transfer has completed, the progress box will close and you will see the file appear in the right pane. 10. Repeat steps 6 through 9 for any additional files you need to pick up. 11. Click the close ( X ) box in the upper-right corner to exit. Click OK to confirm. CASHNet Secure File Transfer Instructions Page 11
Transferring Files Advanced CASHNet supports the following file transfer options: SFTP Secure File Transfer over ssh (port 22) FTP/S FTP over SSL (port 21) FTP standard FTP without encryption (port 21). Because this option does not encrypt the data, it is only allowed over VPN tunnels. Details on each option follow below. Using SFTP CASHNet permits the use of most standard SFTP clients. To transfer files to or from CASHNet using SFTP: 1. Use your SFTP client to access eft.cashnet.com. 2. Login with your assigned login and password. 3. If sending files, put them in your login directory and do not change the default permissions assigned by the system. (If you are using a standard command line sftp client, the command will be put filename.) 4. If retrieving files, get them from your login directory. (If you are using a standard command line sftp client, the command will be get filename.) A sample session from a command line would look like this: $ sftp myschool_prod@eft.cashnet.com Connecting to eft.cashnet.com... Password: sftp> dir bin etc files lib usr sftp> cd files sftp> dir finance.dat sftp> get finance.dat Fetching /files/finance.dat to finance.dat /files/finance.dat 100% 31KB 30.7KB/s 00:00 sftp> put bills.dat Uploading bills.dat to /files/bills.dat bills.dat 100% 103 0.1KB/s 00:00 sftp> quit $ Please note the following important points: You should not attempt to change the default permissions assigned by the system. Doing so may make it impossible for the CASHNet application to properly process your files. CASHNet Secure File Transfer Instructions Page 12
Many file transfer clients attempt to convert the last modified times on the files to your local time zone. If the timestamps on the files seem strange, please check your software for options related to this. The CASHNet file transfer servers are set to U.S. Central Time (GMT-5 when daylight savings time is observed and GMT-6 at all other times). CASHNet does not support the use of the scp protocol. Automating SFTP Transfers You can automate file transfers between a Unix/Linux system and CASHNet by generating and installing an RSA key pair which will allow a designated account on a client machine to access your CASHNet file transfer account without needing to provide the password each time. Follow the steps below. First generate the keys. On your campus Unix or Linux system generate a key pair by running this command: ssh-keygen -t rsa -b 4096 (4096 could be considered excessive. Use a smaller key if you feel it is appropriate.) CASHNet can accept keys in either OpenSSH format or SSH2 format. Next, provide your public key file (id_rsa.pub) to CASHNet OneSupport. An authorized contact from your institution may email the key file to onesupport@cashnet.com. Alternatively you may place the file in your directory on the file transfer server and an authorized contact can call or email CASHNet OneSupport to inform them that the file has been uploaded. CASHNet OneSupport will coordinate having your production file loaded onto the production servers. Now you can use SFTP transfers without entering a password each time. Once your account has been configured to work with SFTP keys, you will no longer be able to login using SFTP with a password. One way to automate file transfers on a Linux or Unix system is to create a here script. To do so, make a shell script that looks like this: sftp -o User=username -o IdentityFile=.ssh/id_rsa eft.cashnet.com <<@ put localfile remotefile get remotefile localfile (include any other valid SFTP commands you want here) @ Save that script file, set the permissions to 700, and execute the script. The files should be transferred without prompting you for a password. Once the transfers are working as described above, you should be able to place those commands in cron or another scheduler without difficulty. CASHNet Secure File Transfer Instructions Page 13
Note that anyone who has access to the account you are using on the client machine will have access to your eft.cashnet.com account. Please secure the client machine account accordingly. Using FTP/S CASHNet permits the use of most standard FTP/S (also known as FTP over SSL) clients. Please note: FTP/S is a completely different protocol from SFTP. FTP/S uses SSL to encrypt a standard FTP session. It uses port 21 and, depending on your settings, a negotiated high port. SFTP is a method of transferring files over an SSH session using port 22. In general SFTP is easier to implement than FTP/S, in particular because it is easier to get SFTP traffic to traverse firewalls. If you wish to use SFTP, please see the instructions above. To transfer files to or from CASHNet using FTP/S: 1. Set your client to use FTP over SSL explicit encryption. You may use either an active or passive mode connection with CASHNet. 2. Open a connection to eft.cashnet.com. 3. Request an encrypted session using the AUTH SSL command. 4. Login with your assigned login and password. 5. Request protected transfers using the PROT P command. 6. If sending files, put them in your login directory and do not change the default permissions assigned by the system. (If you are using a standard command line ftp client, the command will be put filename.) 7. If retrieving files, get them up from your login directory. (If you are using a standard command line ftp client, the command will be get filename.) Please note the following important points: You should not attempt to change the default permissions assigned by the system. Doing so may make it impossible for the CASHNet application to properly process your files. Many file transfer clients attempt to convert the last modified times on the files to your local time zone. If the timestamps on the files seem strange, please check your software for options related to this. The CASHNet file transfer servers are set to U.S. Central Time (GMT-5 when daylight savings time is observed and GMT-6 at all other times). CASHNet Secure File Transfer Instructions Page 14
Using FTP Because the standard FTP protocol does not provide any encryption, it may only be used to transfer files over a VPN tunnel that has been established between your institution and the CASHNet data center. This will require advance coordination with your CASHNet implementation team. FTP Over a VPN Tunnel This option requires that a VPN tunnel be established between your institution and the CASHNet data center. When your network technicians establish the VPN tunnel, they will want to include the server that you will use to initiate FTP transfers in the VPN tunnel s interesting traffic list. Once the tunnel is up and running, CASHNet will provide you with a special IP address to use for your file transfers. In order to insure that your files are sent over the VPN tunnel, it is important that you use that IP address rather than the hostname eft.cashnet.com when you connect to the CASHNet file transfer server. Once you have connected to the specified IP address, you can login using your assigned login and password. You will then be able to put and get files in the default login directory. Data Storage The CASHNet File Transfer Servers are intended only for the short-term storage of data being transferred between your institution and CASHNet. When your transfer a file to be imported into CASHNet, in most cases the file is automatically deleted after the import completes. When CASHNet creates a file for you to pick up, we recommend that you delete the file once you have successfully retrieved it. For security reasons, the CASHNet File Transfer Servers should not be used for long term storage or archiving of files. While these servers are protected by firewalls and other measures, the data is most secure when it is inside the CASHNet database. When it is stored inside the CASHNet database, the data is protected by even greater security measures and, in some cases, additional encryption. If you ever need to access an extract file that had been created by CASHNet, most files can be re-created on demand through the CASHNet End of Day screen. Any files that are left on the CASHNet File Transfer Servers for more than 10 days will be automatically deleted to insure data security. CASHNet Secure File Transfer Instructions Page 15