OpenText Secure MFT Network and Firewall Requirements



Similar documents
OpenText Fax Servers and Microsoft Office 365

DeltaV System Health Monitoring Networking and Security

For over 25 years, OpenText Cloud Fax Services has. OpenText Cloud Fax Services. The Market Leader in Cloud Fax Technology

OpenText Managed File Transfer (MFT) is an enterprise

OpenText RightFax Express

Interwise Connect. Working with Reverse Proxy Version 7.x

Novar Database Mail Setup Guidelines

Serial Deployment Quick Start Guide

How To Use Netscaler As An Afs Proxy

FreeFlow Core, Version 4.0 August P Xerox FreeFlow Core Security Guide

This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.

Kaseya Server Instal ation User Guide June 6, 2008

Proxies. Chapter 4. Network & Security Gildas Avoine

Service Overview & Installation Guide

Websense Web Security Gateway: Integrating the Content Gateway component with Third Party Data Loss Prevention Applications

Setting up Microsoft Office 365

Owner of the content within this article is Written by Marc Grote

MCSE SYLLABUS. Exam : Managing and Maintaining a Microsoft Windows Server 2003:

Setting up Microsoft Office 365

Security in Fax: Minimizing Breaches and Compliance Risks

WhatsUp Event Archiver v10 and v10.1 Quick Setup Guide

HARDWARE, SOFTWARE AND CONFIGURATION REQUIREMENTS

Landscape Design and Integration. SAP Mobile Platform 3.0 SP02

Technical Note. Configuring Outlook Web Access with Secure WebMail Proxy for eprism

FoIP Interoperability Guide

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Ignify ecommerce. Item Requirements Notes

This presentation describes the IBM Tivoli Monitoring 6.1 Firewall Implementation: KDE Gateway Component.

OpenText Media Management Audit Module FAQ

Security perimeter white paper. Configuring a security perimeter around JEP(S) with IIS SMTP

Configuring Notification for Business Glossary

Application Note. Onsight Connect Network Requirements v6.3

Transport server data paths

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

ACE Management Server Deployment Guide VMware ACE 2.0

Introduction to the AirWatch Cloud Connector (ACC) Guide

1 Product. Open Text is the leading fax server vendor in the world. *

Payment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios

Deployment for Network Proxy in Simpana Environment

Installing Policy Patrol on a separate machine

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Introduction WHITE PAPER. OpenText RightFax

Secure, Mobile Access to Corporate , Applications, and Intranet Resources

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

Server Software Installation Guide

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

Firewall Audit Techniques. K.S.Narayanan HCL Technologies Limited

Web Application Hosting Cloud Architecture

How Your Computer Accesses the Internet through your Wi-Fi for Boats Router

What s New in Media Management v10.5

Server Installation ZENworks Mobile Management 2.7.x August 2013

DMZ Gateways: Secret Weapons for Data Security

Placing the BlackBerry Enterprise Server for Microsoft Exchange in a demilitarized zone

Citrix NetScaler and Microsoft SharePoint 2013 Hybrid Deployment Guide

Introduction to Computer Security Benoit Donnet Academic Year

Preparing for GO!Enterprise MDM On-Demand Service

Designing and Implementing a Server Infrastructure

Optus SMS for MS Outlook and Lotus Notes

Installing and Configuring vcenter Multi-Hypervisor Manager

redcoal SMS for MS Outlook and Lotus Notes

SSL VPN Technology White Paper

A Guide to New Features in Propalms OneGate 4.0

eprism Security Suite

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Kodak Remote Support System - RSS VPN

Copyright 2013, 3CX Ltd.

How to Secure a Groove Manager Web Site

McAfee Gateway 7.x Encryption and IronPort Integration Guide

WORKING WITH WINDOWS FIREWALL IN WINDOWS 7

LifeSize Transit Deployment Guide June 2011

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, Integration Guide IBM

Sage HRMS 2012 Sage Employee Self Service. Technical Installation Guide for Windows Server 2003 and Windows Server 2008

Data Security and Governance with Enterprise Enabler

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

BES10 Cloud architecture and data flows

Server Scalability and High Availability

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

How to configure the Panda GateDefender Performa explicit proxy in a Local User Database or in a LDAP server

Xerox Multifunction Devices. Network Configuration. Domain 2. Domino Server 2. Notes. MIME to Notes. Port. Domino. Server 1.

Technical White Paper BlackBerry Enterprise Server

Mobile Admin Architecture

Managing Ports and System Services using BT NetProtect Plus firewall

Security Overview Introduction Application Firewall Compatibility

CORE Enterprise on a WAN

8.7. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.7. Contents

F-Secure Messaging Security Gateway. Deployment Guide

Xerox Digital Alternatives Security and Evaluation Guide. May 2015 Version 1.1

Deployment Guide Sept-2014 rev. a. Load Balancing Windows Terminal Server with Session Directory Using Array APV Series ADCs

Monitoring Nginx Server

Dell One Identity Cloud Access Manager Installation Guide

Filr 2.0 Administration Guide. April 2016

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Network Configuration/Bandwidth Planning Scope

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Module 6. Designing and Deploying External Access. MVA Jump Start

Choosing a Fax Solution Deployment Model


GFI MailSecurity deployment strategies

Transcription:

NETWORK OpenText Secure MFT Network and Firewall Requirements Secure MFT is a client-server solution that provides accelerated transfer of large files over any network connection. The solution architecture includes a multitude of components all communicating over the network using different protocols and ports. This document reviews Secure MFT network architecture and offers firewall considerations when deploying it in the corporate network. Network Components and Architecture Secure MFT is built on many components to provide authentication, record storage, data storage, and transfer logic and acceleration. The diagram below denotes the relationship of these components: / WEB TRANSFER SMTP: 25 SQL: 1433 SMB: 445 MAIL RELAY SQL FILE SYSTEM

NETWORK The inter-communication between all those components requires different network protocols operating on different ports. The following table describes the primary function of each component and its network requirements. All ports shown in the table are based on the standard or default configuration. In some cases, customers can modify the port assignment. NAME DESCRIPTION PROTOCOL PORT WEB Provides page rendering services, auditing, reporting, HTTP/S transfer fallback capability for clients that cannot establish OpenText Fuel connection with the server. HTTP/HTTPS 80/443 TRANSFER Provides the support for OpenText Fuel protocol. OpenText Fuel DIRECTORY S MICROSOFT SQL SMTP MAIL RELAY FILE SYSTEM Provides user authentication services including LDAP/AD integration and SSO support. RDBMS back-end that stores server and user settings, transaction audit trail, and user database. Sends emails with links to assets in Secure MFT server to recipients, and email notifications to senders and administrators. A network accessible file storage for Secure MFT to store the file assets. HTTP/HTTPS 80/443 SQL 1443 SMTP 25 SMB 445 The counterpart of Secure MFT Enterprise Server, allows users to authenticate and initiate file transfer. HTTP/HTTPS 80/443

NETWORK Deployment Scenarios Depending on the placement of the Secure MFT Client and Server, there may be any number of firewalls separating those two parties. Scenario 1: Secure MFT is inside the corporate network If the whole stack of the Secure MFT Server components is deployed within the corporate network, in order for external users to access Secure MFT, the corporate network firewall will need to be configured to allow inbound and outbound Secure MFT network connections. INTERNET EXTERNAL DMZ CORP NET SMTP: 25 SQL: 1433 SMB: 445 MAIL RELAY SQL FILE SYSTEM

NETWORK Scenario 2: Secure MFT is in the DMZ If the whole stack of the Secure MFT Server components is deployed in the DMZ but outside of the corporate network, both the corporate network firewall and the DMZ firewall will need to be configured to allow inbound and outbound Secure MFT network connections. Depending on what components the organization wants to keep inside the corporate network, additional ports may need to be opened on the corporate network firewall to allow that network traffic. INTERNET EXTERNAL DMZ SQL SQL: 1433 SMTP: 25 SMB: 445 MAIL RELAY FILE SYSTEM CORP NET INTERNAL

NETWORK Scenario 3: Secure MFT is outside of the corporate network If Secure MFT is hosted by OpenText in the OpenText Cloud, or hosted by the customer in other cloud services, in order for users inside the corporate network to interact with the remote Secure MFT in the Cloud, the customer s corporate network and DMZ firewalls need to be configured to allow outbound network connections to the Secure MFT Server. This also applies to external users who wish to access the Secure MFT Server, which is inside your corporate network. Those external users will need to make sure their firewall settings are set to allow outbound connections to your Secure MFT Server. CLOUD SQL SQL: 1433 SMTP: 25 SMB: 445 MAIL RELAY FILE SYSTEM DMZ CORP NET INTERNAL

NETWORK Transfer Workflow The following diagram outlines the step-by-step process of the Secure MFT Transfer workflow, and ports that it uses in different stages of the communication. It focuses solely on the communication between Secure MFT Client and the Server services. NETWORK 1a Client connects to Secure MFT Web Service via HTTPS to authenticate and negotiate transfer settings ANY 443 USER 1b Web service replies with the security token, permissions/settings, the Transfer Service IP, and its and receive ports WEB 2 Client uses a random port to connect to Transfer Service port, and tells the Transfer Service its receive port (uses same port number as the random port) ANY 3000 3 Client connects to Transfer Service port 4 Client connects to Client port (SAME PORT NUMBER AS THE OUTBOUND PORT IN STEP 2) 3000 ANY TRANSFER Secure MFT -Transfer Workflow Firewall Configurations As mentioned previously, ports need to be opened on the firewalls to allow Secure MFT network traffic to pass through. The discussion continues to focus on the Secure MFT client/server communication, and default ports are used. But depending on the actual deployment scenarios, other ports (SQL, SMTP, SMB, etc) may also need to be opened. HTTP or HTTPS (80 or 443 over ) OpenText Fuel (3000 over and ) Server-side firewall configuration On the server side, the server computer is actively awaiting and accepting incoming requests from client computers over specific and ports, and reply to the client s requests with outbound and traffic. On the server-side firewall, the following configurations have to be made: Allow inbound connections to the server on ports (HTTP/HTTPS and OpenText Fuel) Allow inbound connections to the server on a port (OpenText Fuel) Allow outbound connections from the server on ports (HTTP/HTTPS and OpenText Fuel) Allow outbound connections from the server on a port (OpenText Fuel)

NETWORK Client-side firewall configuration On the client side, the client computer needs to make and outbound requests to the Secure MFT server (web service and the transfer service), and the server services will respond to the client requests through the corresponding ports, which the client machine chooses. On the client-side firewall, the following configurations have to be made: Allow outbound connections from within the firewall to the Secure MFT Server on ports (HTTPS and OpenText Fuel) Allow outbound connections from within the firewall to the Secure MFT Server on a port (OpenText Fuel) Final Words Secure MFT is a complex network application, but with good understanding of its network architecture, requirements, and careful planning, it is easy to modify the firewall and proxy settings to allow Secure MFT traffic to traverse the corporate network and DMZ without sacrificing network security. For more information on how Secure MFT ensures data security, please read the Secure MFT Security Overview whitepaper. www.opentext.com/securemft NORTH AMERICA +1 800 304 2727 EUROPE +31 (0)23 565 2333 AFRICA, MIDDLE EAST +971 4 390 0281 JAPAN +81-3-5472-5273 CHINA +86 21 28909063 HONG KONG +852 2824 8223 AUSTRALIA +61 2 9026 3480 Copyright 2016 Open Text Corporation OpenText is a trademark or registered trademark of Open Text SA and/or Open Text ULC. The list of trademarks is not exhaustive of other trademarks, registered trademarks, product names, company names, brands and service names mentioned herein are property of Open Text SA or other respective owners. All rights reserved. For more information, visit:http://www.opentext.com/2/global/site-copyright.html (01/2016)04146EN

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information