March 2010 Page 1 of 12



Similar documents
September 2012 Page 1 of 12

WhatsUp Gold v16.2 MSP Edition Deployment Guide This guide provides information about installing and configuring WhatsUp Gold MSP Edition to central

WhatsUp Gold v16.1 Installation and Configuration Guide

MadCap Software. Upgrading Guide. Pulse

Setting Up Scan to SMB on TaskALFA series MFP s.

WhatsUp Gold v16.3 Installation and Configuration Guide

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

WhatsUp Gold v16.2 Installation and Configuration Guide

Case Closed Installation and Setup

Immotec Systems, Inc. SQL Server 2005 Installation Document

ilaw Installation Procedure

for Networks Installation Guide for the application on the server August 2014 (GUIDE 2) Lucid Exact Version 1.7-N and later

WhatsUp Gold v16.1 Database Migration and Management Guide Learn how to migrate a WhatsUp Gold database from Microsoft SQL Server 2008 R2 Express

Using Internet or Windows Explorer to Upload Your Site

ilaw Server Migration Guide

MICROSTRATEGY 9.3 Supplement Files Setup Transaction Services for Dashboard and App Developers

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

for Networks Installation Guide for the application on a server September 2015 (GUIDE 2) Memory Booster version 1.3-N and later

WhatsUp Gold v16.2 Database Migration and Management Guide

Installation and Deployment

WhatsUp Gold v16.0 Database Migration and Management Guide Learn how to migrate a WhatsUp Gold database from Microsoft SQL Server 2005 Express

Database Migration and Management Guide v15.0

FileMaker Server 14. FileMaker Server Help

NETASQ SSO Agent Installation and deployment

TROUBLESHOOTING INFORMATION

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

How to Secure a Groove Manager Web Site

HELP DOCUMENTATION SSRPM WEB INTERFACE GUIDE

Omniquad Exchange Archiving

aims sql server installation guide

FileMaker Server 11. FileMaker Server Help

Burst Technology bt-loganalyzer SE

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Mixed Authentication Setup

Knowledge Base Article: Article 218 Revision 2 How to connect BAI to a Remote SQL Server Database?

Installing SQL Express. For CribMaster 9.2 and Later

ProSystem fx Document

2.3 - Installing the moveon management module - SQL version

Installing and Configuring WhatsUp Gold

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Secret Server Installation Windows Server 2012

Customer Tips. Xerox Network Scanning TWAIN Configuration for the WorkCentre 7328/7335/7345. for the user. Purpose. Background

Scan to SMB(PC) Set up Guide

CounterPoint SQL and Magento ecommerce Interface

Security Guidelines for MapInfo Discovery 1.1

User Management Tool 1.5

Networking Best Practices Guide. Version 6.5

PageScope Enterprise Suite

Installation of IR under Windows Server 2008

WEBCONNECT INSTALLATION GUIDE. Version 1.96

How To Manage Storage With Novell Storage Manager 3.X For Active Directory

Migrating helpdesk to a new server

Avatier Identity Management Suite

Sage Accpac Extended Enterprise Edition 5.6A. Installation and System Administrator's Guide

Mobility Services Platform Software Installation Guide

How To Configure SSL VPN in Cyberoam

Technical Requirements for OneStop Reporting products

VP-ASP Shopping Cart QUICK START GUIDE Version th Feb 2010 Rocksalt International Pty Ltd

How To Upgrade Your Microsoft SQL Server for Accounting CS Version

Creating client-server setup with multiple clients

Secret Server Installation Windows Server 2008 R2

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

File Share Navigator Online 1

Enterprise Self Service Quick start Guide

AUTODESK DATA MANAGEMENT SERVER 5. Advanced Configuration Guide for Autodesk Data Management Server 5

Other documents in this series are available at: servernotes.wazmac.com

Web Filter. SurfControl Web Filter 5.0 Installation Guide. The World s #1 Web & Filtering Company

VMware vcenter Support Assistant 5.1.1

Using Microsoft Expression Web to Upload Your Site

Server Installation ZENworks Mobile Management 2.7.x August 2013

OneStop Reporting OSR Portal 4.6 Installation Guide

MailStore Outlook Add-in Deployment

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Technical Brief for Windows Home Server Remote Access

Microsoft Dynamics GP Release

Sophos for Microsoft SharePoint startup guide

NovaBACKUP xsp Version 15.0 Upgrade Guide

Remote Console Installation & Setup Guide. November 2009

SELF SERVICE RESET PASSWORD MANAGEMENT WEB INTERFACE GUIDE

Preparing for GO!Enterprise MDM On-Demand Service

User guide. Business

Capture Pro Software FTP Server System Output

Test Case 3 Active Directory Integration

NSi Mobile Installation Guide. Version 6.2

Management Reporter Integration Guide for Microsoft Dynamics GP

Interworks. Interworks Cloud Platform Installation Guide

Contents. Before You Install Server Installation Configuring Print Audit Secure... 10

Internet Script Editor (ISE)

FileMaker Server 13. FileMaker Server Help

Archiving User Guide Outlook Plugin. Manual version 3.1

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

enicq 5 System Administrator s Guide

Reconfiguration of VMware vcenter Update Manager

Setting Up SSL on IIS6 for MEGA Advisor

VP-ASP Shopping Cart Quick Start (Free Version) Guide Version 6.50 March

WhatsUp Event Analyst v10.x Quick Setup Guide

Migrating MSDE to Microsoft SQL 2008 R2 Express

Transcription:

Reference Guide SendSuite Shipping 6.21: Security Overview March 2010 Page 1 of 12 Document Contents SendSuite Shipping Installation and Upgrade........................................2 Directories............................................................. 2 Registry............................................................... 2 SendSuite Shipping Processing...................................................3 Directories............................................................. 3 SendSuite Shipping Setup Admin for Password Reset Situations................... 3 Installation Notes..............................................................4 IIS Setup............................................................... 4 Microsoft SQL Server..................................................... 4 Microsoft Internet Explorer................................................. 6 Ports.................................................................. 6 Web Access............................................................ 6 HTS Enterprise................................................................6 SendSuite Shipping Digital Dashboard.............................................7 SendSuite Shipping Carrier Installation and Upgrade..................................7 Carrier Supplied Software.......................................................7 Golden State Overnight................................................... 7 Ports.................................................................. 7 OnTrac................................................................ 7 Eastern Connection...................................................... 8 DHL.................................................................. 8 FedEx Ship Manager Server (FSMS)........................................ 9 UPS UPSlinkHTTP.................................................... 10 UPS OnLine Tools..................................................... 10 USPS Delivery Confirmation.............................................. 10 USPS IOP............................................................ 11 USPS Web Tools....................................................... 12 Need more help? Call Pitney Bowes Technical Support at 1-800-692-0003 The use of this information by the recipient or others for purposes other than the repair, adjustment or op er a tion of Pitney Bowes equipment may constitute an infringement of patent and/or other in tel lec tu al property rights of Pitney Bowes or others. Pitney Bowes assumes no responsibility for any such use of the information. Except as provided in writing, duly signed by an officer of Pitney Bowes, no license, ei ther express or implied, under any Pitney Bowes or any third party s patent, copyright, or other in tel lec tu al property rights is granted by providing this information. FedEx is a registered service mark of Federal Express Corporation. 2010 Pitney Bowes Inc. 1 Elmcroft Road Stamford, CT 06926-0700

This document details the permissions required by SendSuite Shipping version 6.21. SendSuite Shipping Installation and Upgrade Directories SendSuite Shipping requires read and write permission to the following directories: C:\Program Files\Pitney Bowes\SendSuite Shipping\ Versions prior to 6.0 use the following directory: C:\Program Files\pbTranScape\Conquest\ The system also requires permission to all of its subdirectories. The system installs the Administrative Component and Internet Browser COM+ Components in these directories (DLLs, OCXs, EXEs, TLBs, etc.). C:\WINNT\system C:\WINNT\system32 The system installs runtime VB and VC DLLs in this directory. C:\inetpub\wwwroot\eQuest The system installs the ASP files needed for the Web browser in this directory C:\inetpub\wwwroot\eTMSStatus The system installs the ASP files for shipment planning in this directory. Registry SendSuite Shipping requires read and write permission to the following registry hives: HKEY_USERS\DEFAULT\Software\UPS\UPSL32 HKEY_CURRENT_USER\Software\PBTranscape HKEY_LOCAL_MACHINE\SOFTWARE\PitneyBowes\ This hive contains Delivery Information Server and Carrier Manager information HKEY_LOCAL_MACHINE\SOFTWARE\Pitney Bowes This hive is for Address Verification HKEY_LOCAL_MACHINE\SOFTWARE\ ODBC\ODBC.IN This allows the installation the ability to create new or update existing ODBC DSNs. HKEY_LOCAL_MACHINE\SOFTWARE\PBTranScape\eQuest HKEY_LOCAL_MACHINE\SOFTWARE\PBTranScape\Conquest\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\PBTranScape\Conquest\ServerSwitcher Page 2 of 12

SendSuite Shipping Processing Directories The execution of the program requires read and write permission to the following directories: C:\Document and Settings\All Users\Pitney Bowes SendSuite Shipping\ All sub-folders in this directory must have read/write access. C:\Documents and Settings\<login name.computer name>\local Settings\Temp\ C:\Temp\ C:\Program Files\UPS\ C:\inetpub\wwwroot\eQuest The system writes temporary report files in this directory. SendSuite Shipping Setup Admin for Password Reset Situations When SendSuite Shipping is installed, there is a "user" that is registered with its components and a password that is associated with this user on the configured identity for the website, com+ components, and so on. If this password needs to be changed (for example, if the customer's network requires password updates every 90 days), then after the password change the system must be synchronized by the SendSuite Shipping administrator with the same password so that the SendSuite Shipping components will continue to have network access. This password change is accomplished through the SendSuite Setup Administrator program, which is accessed via the Start > Programs menu. (The desktop icon for this program was removed because it was confusing for users.) Page 3 of 12

Installation Notes IIS Setup The installation for SendSuite Shipping requires the creation of a user on the IIS server with local administrator rights. This user is also used for the identity of various Windows' services and COM+ objects. This user must be configured in the local security policies to run as a service. Microsoft SQL Server Installation The installation of the database components of SendSuite Shipping requires using the SA login on the Microsoft SQL database server. Due to the method of installation, extended characters cannot be used in the password during the installation process. Up to 5 databases are created on the SQL server (see table below). Database chaining needs to be enabled on the SQL server to support the carrier rating engines. The install process creates two default users in the Master database. These users have strong passwords that can be modified after the installation (Use caution when changing these passwords). Upon installation, these users will be set as database owners and database administrators for the databases in the table below. Upgrades During an upgrade, SendSuite Shipping will update three databases on your SQL server: ConquestDB, PBDS, and CSI. Below is the ownership and password information for each database. NOTE: Upgrades from older versions of SendSuite Shipping will preserve transcape as the password for the ConquestUser account. Databases Created By SendSuite Shipping ConquestDB CSI PBDS Pbcarrier_xxxxx Pbcarrierimportstaging_xxxxx Users Created in Microsoft SQL Server During SendSuite Shipping Installation Process ConquestDB Database Database owner: ConquestUser Password: s@ndsu1te PBDS and CSI Databases Database owner: pbds_user Password: p@ssw0rd DHL Database* Database owner: Pbcarrieruser Password: Pbcarrierpassword1 * This account is created during the DHL Carrier installation for SendSuite Shipping. Page 4 of 12

SQL Security Options SQL Server Secure Socket Layer When enabled, traffic to the SQL server is encrypted using a certificate for added security. You need to first create a certificate on your server before using this option. See the following Microsoft support article for creating the certificate: http://support.microsoft.com/kb/316898 SQL Server Integrated Security Allows access to the database with a Windows Account rather than SQL logins such as sa. Use the following procedure to configure Server Integrated Security. NOTE: The sa user name and password will still be used during the installation. 1. Click > Programs > Microsoft SQL Server 2005 > SQL Server Management Studio Express. 2. Log into to Microsoft SQL Server Management Studio Express. 3. Open the Security folder. 4. Right-click Logins and select New Login. 5. Type your domain and Windows login name in the Login name field. 6. Select Windows authentication. 7. Under the left pane, click User Mapping. 8. Select db_owner. 9. Click OK. NOTE: If you have Server Integrated Security enabled and you get login errors, verify that the user is correctly defined in the SQL database. NOTE: If you are using a remote Admin client, the Windows user on the remote Admin client must be setup in the SQL database. Page 5 of 12

Microsoft Internet Explorer Active X controls and Plug-ins must be enabled in Microsoft Internet Explorer in order to access the scale during processing. Ports SendSuite Shipping will access the following ports. Additional ports may be required by carrier communication. See the specific carriers on the pages that follow. TCP and UDP ports 135-139 These ports are used for Microsoft file and print sharing. Port 445 This port is used for direct-hosted SMB traffic without network basic input/outputs system (NetBIOS). Port 1433 Default port used by Microsoft SQL Server. However, this can be changed to any other non-used port. Web Access PB Secure Archive SendSuite Shipping will need to access the following Web addresses through port 80: PBSecure Download Path http://err.pb.com PB My Account URL http://www.pb.com/cgi-bin/pb.dll/jsp/home.do E-Track The workstation running the feature or task needs access to the following sites: FedEx http://www.fedex.com/cgi-bin/tracking TCP port 80 USPS http://www.usps.com/shipping/epstrac.htm TCP port 80 HTS Enterprise HTS Enterprise requires read and write permission to the following directories: C:\Inetpub\wwwroot C:\Inetpub\wwwroot\HTS Legacy Customers Only C:\Inetpub\wwwroot\EasyShip Page 6 of 12

SendSuite Shipping Digital Dashboard The windows logon used when running SendSuite Shipping Digital Dashboard requires read and write permission to the following directories on the client (local) machine: The directory containing the Dash Board config file. The location of this file can be found in the registry at HKLM\software\pbtranscape\equest\dashboard\configfile The directory listed as the target in the SendSuite Shipping Dashboard shortcut. The windows logon also requires permission to all of its subdirectories of the above directories. SendSuite Shipping Carrier Installation and Upgrade C:\inetpub\wwwroot\eTMSStatus The system installs the ASP files for shipment planning in this directory. Carrier Supplied Software In general, the data transmitted over the Internet is not specific or sensitive data for the customer. For example, no credit card information is transmitted. Pitney Bowes does recommend use of firewalls between the web and database servers. SendSuite Shipping uses stored procedures to open some ports: FTP SendSuite Shipping uses stored procedures to open the FTP ports 20 and 21. The data is transmitted and then the port is shut. The stored procedure will time out and shut the port if a problem occurs. HTTP No high risk data is moving through the session. This data generally consists of package data (weight and dimensions) and recipient data (name, address, phone number). HTTPS Uses port 443 and is a secure port. Golden State Overnight Ports The machine must be able to hit the following Web address through port 80: http://wsa.gso.com/gsowebserv/3.0/gsowebserv.asmx OnTrac Ports The machine must be able to communicate to 12.9.1.82 through port 80. Page 7 of 12

Eastern Connection When using the Eastern Connection carrier, SendSuite Shipping must be able to hit the following sites: Web Track URL https://pod.easternconnection.com/ Tracking URL http://ecship.easternconnection.com/boltrack/68f5068e-8ace-432a-9bc9-23bb7faa57a8/ PODInfo.xml?BOLNumber=test Communications URL ftp://ecftp.easternconnection.com/ DHL Directories The Cyclone Activator requires access to a shared directory on a SendSuite Shipping server. The name of this directory is determined by the Customer or the Pitney Bowes representative installing the software. Full read and write access must be allowed to this directory. Ports SendSuite Shipping, PBDS and Cyclone Activator will actively communicate with DHL using Internet connections. These communications are transported using both HTTP and HTTPS which means that ports 80 and 443 must be accessible through the Customer's firewall. URLs that the system may need to reach include the following: The machine running Cyclone Activator must be able to reach IP Address 216.138.89.46 through port 80. The machine running Cyclone Activator must be able to reach https://b2bgwyadm.dhl.com/idk through port 443. The machine running Cyclone Activator must be able to reach http://b2bgwyadm.dhl.com/servlet/rpcrouter through port 80. The machine running Cyclone Activator must be able to reach http://b2bgwy.dhl.com:80/pb/unitid through port 80. The machine running the PBDS application must be able to reach http://dhlconnect.dhl-usa.com/dhlconnect through port 80. SNS SNS Production URL: http://xmlpi.dhl-usa.com/xmlshippingservlet SNS Test URL: http://xmlshippingtest.dhl-usa.com/xmlshippingservlet xmlpi.dhl-usa.com = 165.72.192.229 /xmlshippingtest.dhl-usa.com/ = 165.72.192.240 Page 8 of 12

FedEx Ship Manager Server (FSMS) Directories The FedEx Ship Manager Server software requires read and write permission to the following directories: C:\Program Files\JavaSoft\JRE\1.1 C:\Program Files\JavaSoft\JRE\1.3.1 C:\FedEx and its sub directories C:\FXRS_Backup C:\FedEx\FedEx_Reports Ports FSMS uses an Internet protocol for external communication. FSMS also uses UNC paths for internal communication. Existing installations can also use an FTP protocol for internal communication. The tunnel gateway server is through port 443. FSMS communicates externally with the following sites: 199.81.196.27 199.81.197.140 199.81.216.140 199.81.217.140 FTP setup is used so FSMS can send reports to SendSuite Shipping; no external communication is going out or coming in through FTP connection. FSMS on systems other than the application server require the use of FTP (or a shared path) on the FedEx server, accessible by the application server. Printing SendSuite Shipping application servers need a local printer (configured for SendSuite Shipping's reports) to be created. This is also true for FedEx Ship Manager Server. Even if there are no printers attached, the print spooler must NOT be disabled. The server's print spooler must be running and a printer must be configured. Page 9 of 12

UPS UPSlinkHTTP UPS software requires read and write permission to the following directories: Ports The machine transmitting the manifest must be able to send and receive information through port 443. The machine must be able to hit the following Web address: https://www.upslinkvendor.ups.com. If there is a proxy server on the network, then the proxy server must support SSL tunneling. UPSLinkHTTP establishes a TCP socket connection to Proxy Server.com via port 8080 UPSlinkHTTP issues an HTTP CONNECT commands to connect UPS OnLine Tools Use the following information when configuring UPS OnLine Tools : 1. Protocol: HTTPS, SSL 2. Port: 443 3. Method: HTTPS POST 4. URLs: LICENSE_URL_TEST = "https://wwwcie.ups.com/ups.app/xml/license" LICENSE_URL_PRODUCTION = "https://www.ups.com/ups.app/xml/license" REGISTRATION_URL_TEST = "https://wwwcie.ups.com/ups.app/xml/register" REGISTRATION_URL_PRODUCTION = "https://www.ups.com/ups.app/xml/register" UPSTEST_TRNST_URL = "https://wwwcie.ups.com/ups.app/xml/timeintransit" UPSPRDC_TRNST_URL = "https://www.ups.com/ups.app/xml/timeintransit" UPS_QUANTUM_VIEW_URL = "https://www.ups.com/ups.app/xml/qvevents" USPS Delivery Confirmation FTP Information Upload Path USPS ftp server upload Delivery Confirmation (ftp-in.usps.gov) Download Path USPS ftp server download Delivery Confirmation directory (ftp-out.usps.gov) Page 10 of 12

USPS IOP Production The customer should add the following to their firewall exception list: https://ibdswebp1-ext.pb.com https://ibdswebp2-ext.pb.com https://ibdswebp3-ext.pb.com https://ibdswebp4-ext.pb.com https://ibdswebp5-ext.pb.com https://ibdswebp6-ext.pb.com https://ibdswebp7-ext.pb.com https://ibdswebp8-ext.pb.com https://ibdswebp9-ext.pb.com https://ibdswebp10-ext.pb.com https://ibdswebp11-ext.pb.com https://ibdswebp12-ext.pb.com https://ibdswebp25-ext.pb.com https://ibdswebp26-ext.pb.com https://ibdswebp39-ext.pb.com https://ibdswebp40-ext.pb.com Domestic URL_DOMESTICRATE = https://ibdsravp-partner-nv.pb.com/webservice/ratesavservice.asmx URL_DOMESTICREFUND = https://ibdswebp-re-partner-nv.pb.com/webservice/refundservice.asmx URL_DOMESTICDISPENSE = https://ibdswebp-partner-nv.pb.com/webservice/transaction.asmx URL_DOMESTICRETRY = https://ibdswebp-re-partner-nv.pb.com/webservice/transaction.asmx URL_DOMESTICREPRINT = https://ibdswebp-re-partner-nv.pb.com/webservice/transaction.asmx International URL_INTLRATE = https://ibdsravp-partner-nv.pb.com/webservice/globalratesavservice.asmx URL_INTLDISPENSE = https://ibdswebp-partner-nv.pb.com/webservice/globaltransaction.asmx URL_INTLRETRY = https://ibdswebp-re-partner-nv.pb.com/webservice/globaltransactionre.asmx URL_INTLREFUND = https://ibdswebp-re-partner-nv.pb.com/webservice/globaltransactionre.asmx URL_INTLREPRINT = https://ibdswebp-re-partner-nv.pb.com/webservice/globaltransactionre.asmx Tracking Production: https://ibdstrkp.pb.com/webservice/trackingapi.asmx Test: http://bnbusprt2trk2.pb.com/webservice/trackingapi.asmx Page 11 of 12

Test Sales and Service Domestic TEST_URL_DOM_RATE = https://bnbusprt2rav.test.pb.com/webservice/ratesavservice.asmx TEST_URL_DOM_REFUND = https://bnbusprt2web-re.test.pb.com/webservice/refundservice.asmx TEST_URL_DOM_RETRY = https://bnbusprt2web-re.test.pb.com/webservice/transaction.asmx TEST_URL_DOM_DISPENSE = https://bnbusprt2web.test.pb.com/webservice/transaction.asmx TEST_URL_DOM_REPRINT = https://bnbusprt2web-re.test.pb.com/webservice/transaction.asmx International TEST_URL_INT_RATE = https://bnbusprt2rav.test.pb.com/webservice/globalratesavservice.asmx TEST_URL_INT_DISPENSE = https://bnbusprt2web.test.pb.com/webservice/globaltransaction.asmx TEST_URL_INT_REFUND = https://bnbusprt2web-re.test.pb.com/webservice/globaltransactionre.asmx TEST_URL_INT_RETRY = https://bnbusprt2web-re.test.pb.com/webservice/globaltransactionre.asmx TEST_URL_INT_REPRINT = https://bnbusprt2web-re.test.pb.com/webservice/globaltransactionre.asmx Tracking Production: https://ibdstrkp.pb.com/webservice/trackingapi.asmx Test: http://bnbusprt2trk2.pb.com/webservice/trackingapi.asmx USPS Web Tools USPS Web-service URL = http://production.shippingapis.com/shippingapi.dll Need more help? Call Pitney Bowes Technical Support at 1-800-692-0003. Documents are available on the GMS Customer Service Website at: http://pb1field.pbi.global.pvt/gms/service/products-mvs/product.asp?id=499&sect=tab2 Page 12 of 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information