GS1Trade Sync Data Pool - FTPS Service



Similar documents
GS1 Trade Sync Connectivity guide

Xerox FreeFlow Digital Publisher Information Assurance Disclosure. Onsite, Cloud and epublishing Configurations

Securing Ship-to-Shore Data Flow

GS1 Architecture Principles. sets out the architectural principles that underpin the GS1 system

CA Performance Center

Security IIS Service Lesson 6

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

smartoci User Guide Secure FTP for Catalog Loads

Accessing BlackBerry Data Services Using Wi-Fi Networks

The Commonwealth of Massachusetts

Royal Mail Business Integration Gateway Specification

SECURE FTP CONFIGURATION SETUP GUIDE

Connectivity to Polycom RealPresence Platform Source Data

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

with PKI Use Case Guide

Application Note. Citrix Presentation Server through a Citrix Web Interface with OTP only

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

Secure Installation and Operation of Your Xerox Multi-Function Device. Version 1.0 August 6, 2012

Secure Data Transfer

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

IBM Security QRadar Version (MR1) Replacing the SSL Certificate Technical Note

Strong Authentication for Juniper Networks SSL VPN

Front-Office Server 2.7

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

SSL VPN Client Installation Guide Version 9

Cisco Collaboration with Microsoft Interoperability

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

How To Understand And Understand The Security Of A Key Infrastructure

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

EMC Data Protection Search

SSL VPN Technology White Paper

Deploying and Configuring Polycom Phones in 802.1X Environments

Radius Integration Guide Version 9

DIGIPASS as a Service. Google Apps Integration

Configuring RADIUS Authentication for Device Administration

Trend Micro Encryption Gateway 5

IBM Security QRadar Version (MR1) Checking the Integrity of Event and Flow Logs Technical Note

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web App. Technical Manual Template


Adeptia Suite LDAP Integration Guide

Remote Firewall Deployment

Microsoft SharePoint

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

Remote Access Platform. Architecture and Security Overview

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

SafeNet Authentication Service

ios Deployment Simplified FileMaker How To Guide

SITRANS RD500 Configuring the RD500 with PSTN or GSM modems and Windows-based servers and clients for communication Objective:

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Server Installation Guide ZENworks Patch Management 6.4 SP2

Configuration Guide. SafeNet Authentication Service AD FS Agent

How To Connect Checkpoint To Gemalto Sa Server With A Checkpoint Vpn And Connect To A Check Point Wifi With A Cell Phone Or Ipvvv On A Pc Or Ipa (For A Pbv) On A Micro

Dialogic Brooktrout Fax Service Provider Software

Nokia Internet Modem User Guide

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé

Interworks. Interworks Cloud Platform Installation Guide

Strong Authentication for Microsoft TS Web / RD Web

How To Reduce Pci Dss Scope

SafeNet Authentication Service

Strong Authentication for Microsoft SharePoint

Jobs Guide Identity Manager February 10, 2012

Syslog on Polycom Phones

Information on Syslog For more information on syslog, see RFC Released: December 2006 Interoperability issues: None. Table 1: Syslog at a Glance

Security Criteria for Service Delivery Network

SyAM Software* Server Monitor Local/Central* on a Microsoft* Windows* Operating System

StreamLink 5.0. StreamLink Configuration XML Reference. November 2009 C O N F I D E N T I A L

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation


Directory and File Transfer Services. Chapter 7

Application Note. Gemalto s SA Server and OpenLDAP

Mediasite EX server deployment guide

Chapter 17. Transport-Level Security

CASHNet Secure File Transfer Instructions

PULSE. Pulse for Windows Phone Quick Start Guide. Release Published Date

Introduction to Directory Services

Secure Transfers. Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Secure File Transfer Protocol Updated Procedures. June 20, 2011

Transport Layer Security (TLS) About TLS

Windows Server Update Services 3.0 SP2 Step By Step Guide

LDAP Synchronization Agent Configuration Guide for

DIGIPASS Authentication for Cisco ASA 5500 Series

Log Insight Manager. Deployment Guide

SafeNet Authentication Service

IBM Security QRadar Version (MR1) Configuring Custom Notifications Technical Note

Placing the BlackBerry Enterprise Server for Microsoft Exchange in a demilitarized zone

How to Secure a Groove Manager Web Site

FTP Peach Pit Data Sheet

Self Help Guides. Create a New User in a Domain

Citrix XenApp Manager 1.0. Administrator s Guide. For Windows 8/RT. Published 10 December Edition 1.0.1

Oracle Cloud E

Release Notes for Version

OpenFlow Configuration and Management Protocol OF-CONFIG 1.0

Forward proxy server vs reverse proxy server

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

Reference and Troubleshooting: FTP, IIS, and Firewall Information

technical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port

Transcription:

GS1Trade Sync Data Pool - FTPS Service Connectivity Guide Version 0.9, Draft/Approved, 2016.03.04.

GS1 Hungary Document Summary Document Item Document Name Current Value (Connectivity Guide) Document Date 2016.03.03. Document Version 0.9 Document Status Document Description Draft/Approved This document describes the FTPS-based connection used for GS1Trade Sync Data Pool system. Contributors Name Tibor Gottdank Zsolt Jacsó Organisation GITM Kft. GITM Kft. Log of Changes Release Date of Change Changed By Summary of Change 0.1 20/02/2016 Tibor Gottdank Skeleton of document 0.2 23/02/2016 Tibor Gottdank First draft 0.8 03/03/2016 Zsolt Jacsó Chapter 4 5 6 updates 0.9 04/03/2016 Tibor Gottdank Figure update Disclaimer GS1, under its IP Policy, seeks to avoid uncertainty regarding intellectual property claims by requiring the participants in the Work Group that developed this (Connectivity Guide) to agree to grant to GS1 members a royalty-free licence or a RAND licence to Necessary Claims, as that term is defined in the GS1 IP Policy. Furthermore, attention is drawn to the possibility that an implementation of one or more features of this Specification may be the subject of a patent or other intellectual property right that does not involve a Necessary Claim. Any such patent or other intellectual property right is not subject to the licencing obligations of GS1. Moreover, the agreement to grant licences provided under the GS1 IP Policy does not include IP rights and any claims of third parties who were not participants in the Work Group. Accordingly, GS1 recommends that any organization developing an implementation designed to be in conformance with this Specification should determine whether there are any patents that may encompass a specific implementation that the organisation is developing in compliance with the Specification and whether a licence under a patent or other intellectual property right is needed. Such a determination of a need for licencing should be made in view of the details of the specific system designed by the organisation in consultation with their own patent counsel. THIS DOCUMENT IS PROVIDED AS IS WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY, NONINFRINGMENT, FITNESS FOR PARTICULAR PURPOSE, OR ANY WARRANTY OTHER WISE ARISING OUT OF THIS SPECIFICATION. GS1 disclaims all liability for any damages arising from use or misuse of this Standard, whether special, indirect, consequential, or compensatory damages, and including liability for infringement of any intellectual property rights, relating to use of information in or reliance upon this document. GS1 retains the right to make changes to this document at any time, without notice. GS1 makes no warranty for the use of this document and assumes no responsibility for any errors which may appear in the document, nor does it make a commitment to update the information contained herein. GS1 and the GS1 logo are registered trademarks of GS1 AISBL. Version 0.9, Draft/Approved, 4. marts 2016 All rights reserved @ GS1 Hungary Page 2 of 11

Table of Contents GS1 Hungary 1 Introduction... 4 1.1 Purpose of Document... 4 1.2 Document Conventions... 4 1.3 Target Audience... 4 2 About FTPS... 5 3 Overview... 6 4 Details of FTPS Connection... 7 5 Security... 8 5.1 HTTPS-based Security Aspects... 8 5.2 Authentication... 8 6 Connection Parameters... 9 7 Appendix... 10 7.1 Abbreviations... 10 7.2 Glossary... 10 7.3 References... 11 7.4 List of Figures... 11 Version 0.9, Draft/Approved, 4. marts 2016 All rights reserved @ GS1 Hungary Page 3 of 11

GS1 Hungary 1 Introduction 1.1 Purpose of Document The GDSN Standard-specific FTP service is one of the three machine-to-machine interface technology 1 available for communicating with GS1Trade Sync. Therefore, the connectivity documentation of GS1Trade Sync Data Pool contains three main parts. This document specifies the connectivity details of FTPS-specific communication of GS1Trade Sync Data Pool v1.0 system. 1.2 Document Conventions This document structure is partially based on the specification standard of Rational Unified Process (RUP) methodology. Within this specification, the terms SHALL, SHALL NOT, SHOULD, SHOULD NOT, MAY, NEED NOT, CAN, and CAN NOT are to be interpreted as specified in [1]. When used in this way, these terms will always be shown in ALL CAPS; when these words appear in ordinary typeface they are intended to have their ordinary English meaning. The following typographical conventions are used throughout the document: ALL CAPS type is used for the special terms from [1] enumerated above. Monospace type is used to denote programming language, UML, and XML identifiers, as well as for the text of XML documents. This document uses several abbreviations which long forms are located in Appendix. 1.3 Target Audience The audience of this specification includes all assigned GS1Trade Sync Data Pool project members from both GS1 Denmark and GS1 Hungary, and the staff of developer companies assigned to the project on GS1 Hungary s authority. Additionally, this document is intended for developers and testers who are familiar with the GDSN standard and who has general knowledge of other GS1 standards. 1 There are WS-, AS2-, FTPS-based interfaces in GS1Trade Sync Data Pool system. Version 0.9, Draft/Approved, 4. marts 2016 All rights reserved @ GS1 Hungary Page 4 of 11

2 About FTPS GS1 Hungary FTPS (FTP over SSL/TLS) 2 is an extension to the commonly used FTP that adds support for the SSL/TLS cryptographic protocol. It uses a control channel and opens new connections for the data transfer. As it uses SSL/TLS, it requires a certificate. Features of FTPS: Widely known and used The communication can be read and understood by a human Provides services for server-to-server file transfer SSL/TLS has good authentication mechanisms (X.509 certificate features) FTP and SSL/TLS support is built into many internet communications frameworks 2 FTPS should not be confused with the SSH File Transfer Protocol (SFTP), an incompatible secure file transfer subsystem for the Secure Shell (SSH) protocol. It is also different from FTP over SSH, the practice of tunneling FTP through an SSH connection. Version 0.9, Draft/Approved, 4. marts 2016 All rights reserved @ GS1 Hungary Page 5 of 11

3 Overview GS1 Hungary The FTPS-based connection ensures the appropriate communication between GS1 partner and GS1Trade Sync Data Pool. As you see on Fig. Fig. 3-1, the communication between GS1 partner (DS or DR) and DP is performed in form of XML messages. Partners are able to upload messages to FTPS Storages, in order to be processed by the server. Every partner using FTPS interface has their own storage. Communication between FTPS partner and Data Pool / GDSN Network members are done using specific FTPS folders. The FTPS communication between DP and partners corresponds to GS1 XML standard [2]. Note: In order to communicate properly between DP and GS1 partner, GS1 partner should install FTPS client. Fig. 3-1. Overview of FTPS-based communication between GS1 partners and GS1Trade Sync Data Pool Version 0.9, Draft/Approved, 4. marts 2016 All rights reserved @ GS1 Hungary Page 6 of 11

4 Details of FTPS Connection GS1 Hungary Next section describes the process of FTPS-based connection between GS1 partner and GS1Trade Sync Data Pool (Fig. 4-1. ). The major steps are as follows: Fig. 4-1. FTPS-based communication process 1. Partner creates an XML message to process it by DP. 2. Partner opens an FTPS connection to the DP to upload the message. 3. Partner uploads the message to the Outbox folder of the FTPS storage. 4. DP realizes a new message in Outbox folder and then starts to process it. 5. Processing starts with renaming the file to ensure the uniqueness, then it will be moved to the Processing folder. 6. Once the processing finishes the file and the response will be placed in the Processed folder. 7. The processed message will stay in Processed folder. It can be accessed by partner. (Every request/response can read here through History function.) Note: The Inbox is the folder within the DP FTPS storage to store communication elements between partners. It contains the CIN/CIHW messages for DR as well as CIC messages for DS. Version 0.9, Draft/Approved, 4. marts 2016 All rights reserved @ GS1 Hungary Page 7 of 11

5 Security GS1 Hungary This chapter contains the security aspects and client connection details for communication with GS1Trade Sync s FTPS solution. 5.1 HTTPS-based Security Aspects The server is configured to FTP over TLS (Transport Layer Security) Explicit mode. Explicit security requires that the FTP client issues a specific command to the FTP server after establishing a connection to establish the SSL link. In explicit TLS the FTP client needs to send an explicit command (i.e. "AUTH TLS") to the FTP server to initiate a secure control connection. The default FTP server port is used. Default port: 21 Data Exchange: The FTP protocol exchanges data using separate channels known as the command channel and data channel. Data channel port range: 4000 5000 Note: Because FTP uses a dynamic secondary port (for data channels), many firewalls were designed to snoop FTP protocol control messages in order to determine which secondary data connections they need to allow. However, if the FTP control connection is encrypted using TLS/SSL, the firewall cannot determine the TCP port number of a data connection negotiated between the client and FTP server. Therefore, in many firewalled networks, an FTPS deployment will fail when an unencrypted FTP deployment will work. This problem can be solved with the use of a limited range of ports for data and configuring the firewall to open these ports. 5.2 Authentication User authentication is done using the supplied username / password credentials. The username should be set as the following pattern: Gln\Email address Note: A company with GLN 5790001090159 and email user@email.com should use the 5790001090159\user@email.com string as username. Version 0.9, Draft/Approved, 4. marts 2016 All rights reserved @ GS1 Hungary Page 8 of 11

GS1 Hungary 6 Connection Parameters Parameter name URL Default port number Value https://gs1tradesync-uat.pro-sharp.hu 21 Data port range 4000 5000 FTPS configuration Client credentials FTPS Explicit SSL Username: gln\email address Password: user password Version 0.9, Draft/Approved, 4. marts 2016 All rights reserved @ GS1 Hungary Page 9 of 11

GS1 Hungary 7 Appendix 7.1 Abbreviations Abbreviation Term AS2 Applicability Statement 2 CIC CIHW CIN DP DR DS FTP FTPS SFTP SSH SSL TLS XML Catalogue Item Confirmation Catalogue Item Hierarchy Withdrawal Catalogue Item Notification Data Pool Data Recipient Data Source File Transfer Protocol FTP over SSL/TLS SSH File Transfer Protocol Secure Shell Secure Sockets Layer Transport Layer Security extensible Markup Language 7.2 Glossary CIC (Catalogue Item Confirmation) It refers to GDSN-specific electronic communication from the DR to the DS indicating what action has been taken on the item. The confirmation process occurs in the recipient s data pool. CIHW (Catalogue Item Hierarchical Withdrawal) It is a business message used to transmit trade item information from DS or DP to DR with the GDSN with regards to a correction that is required to an item hierarchy that has already been synchronised. CIN (Catalogue Item Notification) It is a business message used to transmit trade item information from DS or DP to DR with the GDSN. CIP (Catalogue Item Publication) It is a business message standard used to distribute trade item information within the GDSN. DR (Data Recipient) It represents the demand side data. It can be a company that receives product information from a data source. This company could be a retailer, hospital, distributor, wholesaler, foodservice operator, group purchasing organization, government, etc. DS (Data Source) It represents the supply side data. It can be a company (supplier, manufacturer, distributor etc.) that enters product information into GDSN-based synchronisation systems that are sent to DRs. FTP (File Transfer Protocol) Standard network protocol used to transfer files between a client and server on a network. FTP is built on a client-server model architecture and uses separate control and data connections between the client and the server. FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS). FTPS (FTP over SSL/TLS) An extension to the commonly used FTP that adds support for the TLS and SSL cryptographic protocols. SSL/TLS Cryptographic protocols designed to provide communications security over a computer network. Version 0.9, Draft/Approved, 4. marts 2016 All rights reserved @ GS1 Hungary Page 10 of 11

GS1 Hungary 7.3 References [1] ISO/IEC, "ISO/IEC Directives Part 2 - Rules for the structure and drafting of International Standards," ISO/IEC, 2011. [2] GS1 "XML Transport Instruction and Response", Implementation Guide, GS1 GO, 2012. [3] GS1 "Business Message Standard (BMS) Catalogue Item Sync, BMS Release 3.1.0", GS1 Global Office, GS1 AISBL, 2015. 7.4 List of Figures Fig. 3-1. Overview of FTPS-based communication between GS1 partners and GS1Trade Sync Data Pool 6 Fig. 4-1. FTPS-based communication process 7 Version 0.9, Draft/Approved, 4. marts 2016 All rights reserved @ GS1 Hungary Page 11 of 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information