Royal Mail Business Integration Gateway Specification



Similar documents
GS1 Trade Sync Connectivity guide

Methods available to GHP for out of band PUBLIC key distribution and verification.

CreationDirect. Clearstream file transfer connectivity solutions

MOVEIT: SECURE, GUARANTEED FILE DELIVERY BY JONATHAN LAMPE, GCIA, GSNA

AS2 or FTP: What s Best for Your Company. John Radko, Chief Technology Strategist, GXS Rochelle Cohen, Sr. Product Marketing Manager, GXS

SECURE FTP CONFIGURATION SETUP GUIDE

Online Banking for Business Secure FTP with SSH (Secure Shell) USER GUIDE

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

File transfer clients manual File Delivery Services

Experian Secure Transport Service

Shipping Services Files (SSF) Secure File Transmission Account Setup

Corporate Access File Transfer Service Description Version /05/2015

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Setting Up an AS4 System

File Transfer. User Guide For Clients and Vendors. Last Revised: October

STERLING SECURE PROXY. Raj Kumar Integration Management, Inc.

CASHNet Secure File Transfer Instructions

Device Log Export ENGLISH

WS_FTP Professional 12. Security Guide

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, Integration Guide IBM

ICE Futures Europe. AFTS Technical Guide for Large Position Reporting V1.0

State of Nevada Department of Health and Human Services (DHHS) Division of Health Care Financing and Policy (DHCFP)

FTP Use. Internal NPS FTP site instructions using Internet Explorer:

Secure File Transfer Protocol User Guide. Date Created: November 10, 2009 Date Updated: April 14, 2014 Version: 1.7

Safe Financials Limited. The CREST Simulator. File Transfer Overview and SFL Gateway

ASX SFTP External User Guide

The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate.

Configure Backup Server for Cisco Unified Communications Manager

Secure Data Exchange Protocols

Online Banking for Business Secure FTP with SSL (Secure Socket Layer) USER GUIDE

AS2 or FTP: What s Best for Your Company. John Radko, Chief Technology Strategist, GXS Rochelle Cohen, Sr. Product Marketing Manager, GXS

GXS Trading Grid Messaging Service. Connectivity Overview. A GXS Transact SM Messaging Service for the Active Business

BlackBerry Enterprise Service 10. Version: Configuration Guide

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

Obtaining a user account and password: To obtain a user account, please submit the following information to AJRR staff:

freesshd SFTP Server on Windows

Canada Savings Bonds Program. FTP Server User Guide. Version 2.5

Network Configuration Settings

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Electronic Data Interchange (EDI) 5010 Clearinghouse Services Guide

Access Instructions for United Stationers ECDB (ecommerce Database) 2.0

Setup Guide Access Manager 3.2 SP3

Accessing the FTP Server - User Manual

Secure Data Transfer

Cloud Control Panel (CCP) Installation Guide

IBM Campaign and IBM Silverpop Engage Version 1 Release 2 August 31, Integration Guide IBM

Indiana Health Coverage Programs. Communications Guide

File Transfer And Access (FTP, TFTP, NFS) Chapter 25 By: Sang Oh Spencer Kam Atsuya Takagi

Backup & Restore Guide

Clearswift Information Governance

AS2 Disaster Recovery Implementation Guide Issue 1, Approved, 18-Nov-2010

User's Guide. Product Version: Publication Date: 7/25/2011

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

In-Network Translation User s Guide

Secure, Reliable Messaging Comparisons between PHINMS, SFTP, and SSH. Public Health Information Network Messaging System (PHINMS)

New GoAnywhere File Transfer Set Up Tasks

Secure FTP. Client user guide. Author: Steria A/S Version: 2.2 Date: 20 January 2010 Document SecureFtpClientUserguideV2_2.doc

File Transmission Methods Monday, July 14, 2014

Configuration Guide BES12. Version 12.1

Data Exchange Preparation Procedures_006. Document Control Number

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Using Avaya Aura Messaging

Stealth OpenVPN and SSH Tunneling Over HTTPS

GS1 Newcomers to AS2. Implementation Guide. Issue 1, 23-June GS1 Newcomers to AS2 Implementation Guide

Using

/ Preparing to Manage a VMware Environment Page 1

Sonian Getting Started Guide October 2008

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

HOW TO RETRIEVE FILES FROM THE TARGET ANALYTICS FTP SITE

ShareFile Security Overview

MOVEIT CENTRAL: MANAGED FILE TRANSFER WORKFLOW ENGINE

Quickstream Connectivity Options

Exam Questions SY0-401

Effective Data Inc. White Paper: EDIINT EDI Over the Internet

Interwise Connect. Working with Reverse Proxy Version 7.x

Linux VPS with cpanel. Getting Started Guide

Linux MDS Firewall Supplement

Version 1.0 January Xerox Phaser 3635MFP Extensible Interface Platform

SFTP (Secure Shell FTP using SSH2 protocol)

Configuration Guide BES12. Version 12.2

Quick Reference Guide. Online Courier: FTP. Signing On. Using FTP Pickup. To Access Online Courier.

Aloaha Mail and Archive

Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

FDS manual File Delivery Services SFTP and FTP file transfer

Secure File Transfer Protocol User Guide

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

IBM Unica emessage Version 8 Release 6 February 13, Startup and Administrator's Guide

DMZ Gateways: Secret Weapons for Data Security

Installation and configuration guide

GlobalSCAPE DMZ Gateway, v1. User Guide

How Managed File Transfer Addresses HIPAA Requirements for ephi

Novell Access Manager

User Guide. WS_FTP Server

Transcription:

FSpec401 FSpec401 Royal Mail Customer Solutions Royal Mail Business Integration Gateway Specification - XB60 The FSpec401 document details, for customers, the various methods of connecting to Royal Mail s Business Integration Gateway, specifically covering Inbound and Outbound connections for data transfer. 29 th March 2011 Version 1.4 Page 1 of 13

Contents 1 Introduction... 3 1.1 Description and Purpose...3 1.2 Audience...3 2 BIG Integration Service... 3 2.1 Overview...3 3 BIG Communication Protocols... 4 3.1 Supported Standards...4 3.1.1 COLLECT Data from BIG...6 3.1.2 Security...6 3.2 Unsupported Standards...7 3.2.1 FTP...7 3.2.2 SMTP Transfers...8 3.2.3 ISDN Lines...8 3.3 Future Standards...8 4 Document Control... 9 4.1 References and related documents...9 4.2 Terms and abbreviations...9 5 Appendix A Benefits of AS2...11 6 Appendix B Connecting via FTPS...12 6.1 PREREQUISITES... 12 6.1.1 FTP Client... 12 6.1.2 An Internet Connection with fixed public IP Address... 12 6.1.3 Royal Mail SSL Certificates... 12 6.2 CONNECTION DETAILS... 13 6.3 Connecting to the Server... 13 Page 2 of 13

1 Introduction This document defines the approved communication transport protocols for Royal Mail Group s (RMG) Business Customers to use in the exchange of electronic business information with RMG s Business Integration Gateway (BIG) service. BIG provides a means for RMG s Business Customers to securely exchange business documents electronically using standardised communication transport protocols for Electronic Data Interchange (EDI), traditional File Transfer methods and Web Services. 1.1 Description and Purpose This document acts as a guide for RMG s Business Customers as to the supported communication transport protocols to interface with BIG. This document will assist the reader to identify the appropriate choice of BIG interface solution applicable to meet the integration requirements. 1.2 Audience This document is intended to be read by all of RMG Business Customers that exchange data with RMG. 2 BIG Integration Service 2.1 Overview BIG is a new service that offers Business to Business (B2B) Integration capabilities between RMG and its Business Customers. As such it facilitates the secure exchange of business data between RMG systems and external party systems to provide a replacement to RMG s existing External Data Gateway (EDG) service. The main objectives of BIG are to provide a replacement platform for data exchange that: Drives standardisation for data exchange transport over the internet and trusted networks where appropriate. Provides agility in responding to the changing needs of RMG business customers and trading partners. Provides a rapid technical on-boarding process once customer agreements have been established. Provides the ability for non-repudiation of data exchanges. Meets the RMG security requirements. Page 3 of 13

3 BIG Communication Protocols This section documents the approved and supported transport protocol standards for both new external and interfaces migrated onto the new BIG environment. Standards are classified as follows: PREFERRED these are the generally accepted and widely used industry standards in existence for EDI over the Internet. These standards provide the most straightforward method for exchanging data using BIG. SUPPORTED these are standards offered to provide additional interoperability with trading partners that are unable to use the preferred standards. UNSUPPORTED these are standards where no new implementations will be permitted. FUTURE these are standards that whilst available for adoption, have not been widely adopted or can be considered emerging standards that may become relevant to RMG in the medium to long-term. 3.1 Supported Standards Category Transport Notes Protocol Preferred AS2 For data exchange, the preferred protocol on interaction with BIG is AS2. This is the generally accepted industry standard in existence today and brings with it many setup and maintenance advantages such as encryption of message content and non-repudiation. The technology used within BIG has been certified by the Drummond Group to conform to the standard and interoperate with other certified products. A full list of currently certified products can be found on the Drummond Group International website http://www.drummondgroup.com/html-v2/as2-companiescurrent.html. In addition to the certified products there are a number of free or open source software implementations that may also be used and the following have been seen to work with BIG: Single Partner Version of the /n software AS2 Connector (http://www.freeas2.com) OpenAS2 (http://sourceforge.net/projects/openas2) Mendelson AS2 (http://as2.mendelson-e-c.com/) Because AS2 has been specifically designed to provide secure data exchange over the internet it has become the de facto standard for EDI-INT and is the preferred method of exchanging data with BIG. Page 4 of 13

Category Transport Notes Protocol Supported FTPS Secure method of file transfer that secures the control and data channels using Transport Layer Security (TLS) defined by the IETF standard RFC 4217. This standard specifies that the connecting client software must explicitly request the security method to be used from the FTPS server and use a mutually agreed encryption method to secure the channels used. This is commonly referred to as explicit FTPS and is the only form of FTPS supported by BIG. The following FTPS software has been fully approved to interoperate with BIG: CoreFTP LE (http://www.coreftp.com) CuteFTP 8 Professional (http://www.globalscape.com/cuteftppro/) Ipswitch WS_FTP Professional (http://www.ipswitchft.com/products/ws_ftp_pro/index.aspx?n=1) FTPS secures the control and data channels it does not offer non repudiation of receipt or use Trading Partner Management unlike AS2. Supported Supported Web Services Connect: Direct NOTE: There are two patterns supported: 1) COLLECT refers to either BIG polling a system for data or an RMG Buisness Customer polling BIG for data. Supported for FTPS only and not SFTP. 2) PUSH refers to an RMG Business Customer sending data to BIG or BIG sending data to an RMG Business Customer. This is the preferred pattern as it offers event driven data exchange, reduces security risk and interface implementation costs and directly supports rapid customer take-on processes. Supported for both FTPS and SFTP. Offers high level of interoperability and standard API s for ease of data exchange. Enhancements to the accepted standards including Secure B2B Document transfer using Web Services based methods will be introduced in the future based on demand. NOTE: BIG does not provide Web Service APIs but provides Web Service proxy facility. Proprietary file transfer product. The use of Connect:Direct is supported for specific connections where this method is a requirement. Page 5 of 13

Category Transport Notes Protocol Supported SFTP SFTP provides a method of sending data securely using Secure Shell (SSH) to secure the data channel using public encryption keys exchanged between the SFTP Client and Server. SFTP is a secure protocol but the management of its associated encryption keys is inconsistent with RMG standard which is X509 certificate based. There are no IETF standards for SFTP but there are a number of expired draft standards that relate to SFTP. BIG only supports SFTP Version 3 defined by the draft-ietfsecsh-filexfer-02.txt Internet-Draft. The following SFTP client software is supported: CuteFTP Professional 8.3 OpenSSH 3.1p1 (Red Hat Linux 7.3) OpenSSH 4.6p1 (Ubuntu Linux) OpenSSH 5.1p1 PuTTY PSFTP, version 0.60 SmartFTP, version 3.0 Sun Microsystems, Sun_SSH_1.1 WinSCP, version 4.1.6 Due to the variance in software implementations of SFTP its interoperability with BIG cannot be guaranteed and additional testing will be required. SFTP functionality can be offered on an exception basis where FTPS or AS2 cannot be accommodated. NOTE: SFTP functionality will be allowed for event driven transfers only (i.e. the source must push to BIG and BIG will push to the target, SFTP COLLECT is not supported). Table 1 - BIG Approved Communication Protocols 3.1.1 COLLECT Data from BIG One of the principles of BIG is to encourage event driven transactions so that the source always initiates the information transfer to BIG and BIG pushes the information to the target. However if a Business Customer is unable to provide this capability to allow BIG to push information to them once it is available, they will be allowed to COLLECT (or pull) the information at their convenience. NOTE: Collect functionality will only be offered for FTPS. 3.1.2 Security RMG require the use of digital certificates for authentication with BIG. The preferred approach is mutual authentication, i.e. digital certificates signed by a recognised Certificate Authority (see Appendix B) are exchanged between RMG and a Business Customer. For information classified as INTERNAL or PUBLIC, customer self signed certificates would be acceptable on an exception only basis. Page 6 of 13

For data classified as CONFIDENTIAL, digital certificates must always be used on the server side, i.e. at the RMG end of the FTPS connection. If the business customer cannot implement client-side certificates due to: a) the urgency of the implementation; b) customer is unable to implement certificates; c) customer software problems that prevent the use of certificate; then the use of username and password authentication at the customer end will be permitted if their access is restricted to a virtual directory only where no other customer data is present and the customer takes full responsibility for authorising their admin access to BIG at their end. NOTE: Business Customers with no server side digital certificate will not be able to receive data from BIG, i.e. they can only COLLECT data. Where the data is classified as STRICTLY CONFIDENTIAL, the use of client-side certificates must be in place. 3.2 Unsupported Standards NOTE: A standard is to be considered as unsupported unless explicitly listed as being supported. 3.2.1 FTP FTP is not a secure protocol for communication. The use of FTP with business customers carries certain risks for RMG. The acceptable level of risk depends on the Information Classification. As a rule of thumb, if the information is STRICTLY CONFIDENTIAL then encryption is always required, whether the information is at rest or in motion. If the information is classified as CONFIDENTIAL then encryption is required for communication with business customers, if transmitted over the Internet or a public network. RMG s rules for dealing with requests from business customers who wish to communication with BIG using FTP are as follows: 1. For new interfaces with new partners FTP is not permitted. 2. For existing interfaces that need to be migrated to BIG: a. If the information is classified as STRICLY CONFIDENTIAL - a secure protocol needs to be used. b. If the information is classified as CONFIDENTIAL, INTERNAL or PUBLIC - investigate if there are alternative solutions available (e.g. FileSafe for adhoc transfers from person to person or the ebusiness platform for HTTPS transfers over the Internet). c. If the information is classified as CONFIDENTIAL, INTERNAL or PUBLIC and a business customer still wishes to adopt FTP via BIG, this would be acceptable on an exception only basis. The customer also would need to sign a disclaimer accepting the risks associated with this protocol where the data is classified as CONFIDENTIAL or INTERNAL. Page 7 of 13

3.2.2 SMTP Transfers E-mail facility is not provided on BIG and this will not be allowed going forward. 3.2.3 ISDN Lines As defined above, RMG preference is for the adoption of AS2 or FTPS over the Internet only. Users of existing ISDN lines are encouraged to switch to an Internet based protocol as a more cost effective solution. Existing Business Customers that wish to continue to use an ISDN line will be accepted for information classified as PUBLIC. However, information classified as INTERNAL, CONFIDENTIAL or STRICTLY CONFIDENTIAL would be acceptable on an exception only basis. 3.3 Future Standards AS3 (Applicability Statement 3) is the draft specification standard by which vendor applications communicate EDI (or other data such as XML) over the Internet using File Transfer Protocol (FTP). ebms although supported is an emerging standard and would require additional testing if specific requirement is identified. NOTE: Future Standards will be included when known together with any dates where they are planned to be considered as supported as standard. Page 8 of 13

4 Document Control 4.1 References and related documents Reference Document Title RMG Third Party Guide to Exchanging Data Using BIG Version Author 1.0 Gordon McMullan 4.2 Terms and abbreviations Term AS2 AS3 B2B BIG Confidential EDI FTP Gateway HTML HTTP HTTPS Internal Meaning Applicability Statement 2 is a specification on how to transport Data securely and reliably over the Internet. Defined by IETF in RFC4130. Applicability Statement 3 is a draft specification standard by which vendor Systems communicate EDI (or other Data such as XML) over the Internet using FTP. Defined by IETF in RFC4823. Business to Business Relationship. Business Integration Gateway replacement of RMG s External Data Gateway service. Information that has been assessed to be of a sensitive nature and likely to cause damage following unauthorised disclosure Confidential information requires additional protection over and above that afforded to INTERNAL information Confidential information should represent only a small proportion of information present in Royal Mail and its subsidiary businesses Electronic Data Interchange refers to the structured transmission of Data between organisations by electronic means. File Transfer Protocol. Provides access security services (e.g Authentication and Authorisation, Encryption/Decryption) for a System requiring data. Hyper Text Markup Language. Hyper Text Transfer Protocol; A standard communications protocol used for HTML and web-based Systems. Hyper Text Markup Language Secure. Internal information accessible to all employees, agents and contractors that relates to the ongoing business of Royal Mail and its subsidiaries Internal information should be protected from unauthorised disclosure by treating it like any other organisational asset, i.e. by employing common sense measures Page 9 of 13

Term MQ NFS SFTP Strictly Confidential Systems TCP/IP Meaning IBM Messaging Technology. Network File Storage. Secure File Transfer Protocol. Internet standard protocol for secure File Transfer using SSH. SFTP tunnels RCP (remote copy) over SSH to provide a secure service, allowing the server to encrypt the data and handle the file transfer. Information that must meet classification standards of government departments, security services or clients, or assessed as so sensitive that unauthorised disclosure would cause acute organisational damage Strictly Confidential information requires additional protection that will meet the standards required by third parties or Security & Investigation Services Computer programs or software components that provide functionality in direct support of a business process Transmission Control Protocol/Internet Protocol. UN/EDIFACT United Nations/Electronic Data Interchange For Administration, Commerce and Transport - international EDI standard developed under the United Nations and adopted by the International Organisation for Standardisation (ISO) as standard ISO 9735 URL Uniform Resource Location. Web Service Web services are most often web APIs that can be accessed over a network, such as the Internet, and executed on a remote system hosting the requested services. In common usage the term refers to clients and servers that communicate over the Hypertext Transfer Protocol (HTTP) protocol used on the web. XML Extensible Mark-up Language. Page 10 of 13

5 Appendix A Benefits of AS2 The preferred connectivity standard for exchanging electronic information using BIG is the Applicability Statement 2 (AS2) standard. AS2 adoption applies to any business customer needing to send electronic data to or receive data from RMG. AS2 is RMG s preferred connectivity standard for the following reasons: Rapid Customer Take-On AS2 maximises RMG s ability to offer efficient technical implementation. Reduces time to market AS2 allows RMG s business partners to create standardised and re-usable interfaces thus reducing project lifespan. Many of RMG larger business partners already see the benefits of using AS2 such as Amazon, HMRC and ASDA have all successfully implemented AS2 connections. Tesco, Sainsbury s and Bupa have all expressed an interest in moving to this standard. AS2 is implemented via Commercial Off the Shelf (COTS) products that have been independently tested and signed off as interoperable with other AS2 products thus reducing time required for technical integration and improving supportability (a list of compatible products is available on request). Reduced costs for communication as AS2 uses the internet rather than private connections so that standard firewalls rules can be in place instead of new firewall rules per customer. Real-time data delivery, business data is immediately pushed rather than being held in a mail box or location waiting to be fetched. Enhanced security as part of the standard: o Encryption ensures that only the sender and receiver are able to view the data. o Digital signatures ensure authentication; only messages from authorised senders are accepted. o Guaranteed delivery as part of the standard o Ensures data integrity by detecting whether the data was altered during transmission o Provides a mechanism for non-repudiation of receipt, ensuring that the intended party did receive the data. Disadvantages of File Based Transfers (FTP, FTPS, SFTP) No standard implementation. Most interfaces are unique given a lack of standardisation despite fulfilling similar functions. No retry on file transfer without bespoke code development. FTP does not support event driven processing. There are no external bodies that certify File Transfer products are interoperable. Not all FTP/s implementations follow the set standards defined for FTP/s. Page 11 of 13

Requires a scheduler to trigger events, thus removing any real time availability of information to applications and customers. No receipt or non-repudiation features. 6 Appendix B Connecting via FTPS 6.1 PREREQUISITES 6.1.1 FTP Client Any FTPS client should be able to connect to BIG as long as it follows the SSL AUTH/EXPLICIT mode standards correctly. Customers who are proposing to use third party FTPS software are advised to test that the prospective FTPS client software can connect to the BIG server before purchasing the software. The FTPS client must also support passive mode connections. With Passive mode all connections will be initiated from the FTPS client and not Royal Mail s server. 6.1.2 An Internet Connection with fixed public IP Address For security reasons access to Royal Mail s servers are restricted to connections from authorised public IP addresses only. In order to connect to BIG clients are required to provide a valid fixed IP address of their FTPS client to Royal Mail. 6.1.3 Royal Mail SSL Certificates Authentication and Encryption is implemented using SSL certificates downloaded from Royal Mail s server. Most FTPS clients will accept this certificate automatically or will prompt the user to accept them during the login process. If the certificates cannot be downloaded then they can be provided in DER encoded X509 file format. Please contact Royal Mail s Customer Solutions team for provision if needed. Page 12 of 13

6.2 CONNECTION DETAILS Customer s firewalls are required to be configured to allow outbound initiated connections to the IP addresses and ports outlined in the table below. As FTPS passive mode is used then there should be no need to open the ports completely. Please also ensure that your firewall is configured to accept responses from Royal Mail s servers on the designated command port of your FTPS client. Detail Description IP Address / Pre-Production BIG Test environment DNS Name 144.87.142.234 ftp://lfttest.bdtg.royalmailgroup.com IP Address / Production BIG Live environment DNS Name 144.87.142.235 ftp://lft.bdtg.royalmailgroup.com FTPS Command 8021 Port used to initiate FTPS client connections Port FTPS Passive Data 29000 30000 Ports utilized in data transfer Port Range FTPS UserID Uniquely assigned by Royal User ID to log onto BIG server. Mail FTPS user Password Uniquely assigned by Royal Password set by Royal Mail and is unique to Mail each customer. Incoming Directory /pub/tracked/incoming Location on BIG server where client pushes data files. Outgoing Directory /pub/tracked/outgoing Location on BIG server where client collects /pub/rmgtt/outgoing data files. Tracked relates to Royal Mail Tracked products and RMGTT to Special Delivery/International products. A file pushed onto BIG incoming folder does not require to be renamed. BIG automatically processes data on arrival and the file is deleted once processed. 6.3 Connecting to the Server Although in most cases this process will be automated, a manual connection process may be useful in troubleshooting connectivity problems. Enter FTPS client and configure connection and login details. During the initial login ensure that any certificate download requests are accepted. Also ensure that AUTH mode is also selected. Users should use their unique user name and enter the correct IP address for Preproduction or Production environments. Initiate the connection and place the pre-advice file in the incoming Directory. Once processed by the BIG server the files will be automatically erased. Page 13 of 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information