Secure and Automate Your File Transfers for IBM i and AIX

Janine: Hello everyone. On behalf of IBM Systems Magazine, I'd like to welcome you to our presentation. My name is Janine for IBM Systems Magazine, and I will be the moderator for today's event. We will be holding a Q&A session at the end of the webinar, but you can ask a question at any time during the event by entering it into the Q&A panel. If you experience technical difficulties during the webinar, please use the Q&A panel to alert us and someone will assist you. You may download a PDF version of the slide deck by clicking on the drop down menu labeled event resources and you'll find that on the left side of your screen you may need to minimize the screen share to find that. But you can actually download the slides right from the platform without being disconnected from the webinar.

Today's webinar, secure and automate your file transfers for IBM i and AIX is sponsored by HelpSystems. Our featured speaker today is Bob Luebbe. Bob is the chief architect for the managed file transfer product line at HelpSystems. He's been in IT for over 30 years, and has spent the last decade designing encryption and file transfer solutions. As a certified information security systems professional, Bob also consults with organizations on how to best protect their sensitive data assets and achieve regulatory compliance. So without further ado, Bob, I'll turn the presentation over to you.

Bob: All right. Well, thanks a lot Janine. To start off with, I'm going to give you a quick overview of our company, HelpSystems, and then I'm going to start off the presentation by talking about some of the common challenges that many organizations are experiencing with their file transfers, including both the system and user file transfers within the organization. I'll talk about what I believe are the best practices to solve these challenges, including discussions about secure protocols and managed file transfer solutions to meet complaints requirements. Then I'll give you a brief overview of our managed file transfer solution called GoAnywhere, and we'll give you a live demo of the product.

I will cover both system to system batch file automation as well as how files can be shared securely by your end users on an ad hoc basis. At the end, we should have plenty of time to answer any questions you may have from the presentation, so let's go ahead and get started. So just a few things I want to mention about HelpSystems. We've been in business for over 35 years. We have more than 600 and over 20 offices around the world with more than 10,000 active customers. Our focus is on delivering the best cyber security, automation and operations management solutions to organizations of all sizes, including S&B, government and fortune 500 companies.

Our R&D team is constantly improving our products, which is primarily based on valuable feedback from our user base. And for our GoAnywhere product, we have two to three major releases a year, which demonstrates our active development schedule. And we believe in providing the best possible service for our customers. We offer 24 by seven support, 365 days a year, and almost 99% of our customers stay on yearly maintenance for our GoAnywhere product, which we believe is a testament to the excellent service and value that we provide. We are a member of the PCI security standards council, which allows us to keep up to date with the latest security requirements and helps ensure that our products stay compliant.

So let's talk about some of the common file transfer challenges that many organizations are facing today. First of all, human error is a big problem. Unfortunately, many companies are still using PC-based tools to transfer files. And since this is often a manual process, it's prone to human error and risk. For instance, what if the user forgets to send the file at the wrong time? And this could be an important order or a financial document in which the delay could affect your relationship with your vendor or customer. And what if the user downloads or uploads the wrong file to the trading partner? Maybe they accidentally sent the wrong pricing lists with special discounts that were intended for another customer, that can be very bad for your business. What if it contains sensitive data and the user forgot to encrypt it before the transmission? And who's going to run those manual transfers when the primary user is gone for the day, for instance, if they're sick or on vacation? And these are all risks when manual processes are used to transfer those files.

Secondly, a lot of IT departments have a lot of inefficiencies with their file transfers. They may also be using unsecured technology like FTP or email to transmit those files. Now, in order to automate file transfers, a lot of companies have built FTP scripts on their systems. However, these scripts have many downfalls. And a big problem with those is that your trading partners passwords are often stored in the clear, which can make those servers very vulnerable to attacks if hackers got ahold of those. FTP scripts can only be written by programmers and we all know that's a very expensive resource. And to write the script properly, that programmers should be able to code in for those scripts to perform, how to retry from failed connections, send error alerts and write out good audit logs, which can really take a lot of time to program those properly.

And every time something changes for a training partner, such as a new IP address for the server or maybe the password or the file name changes, a programmer has to get involved to make those changes to their scripts. And these costs can really add up over time and distract your expensive IT resources from other priority projects. And we've talked to a lot of organizations that have ended up with hundreds or even thousands of FTP scripts that really become unmanageable and almost impossible to maintain over time. Another problem with file transfers today for a lot of organizations is they may have like an end user jeopardize some sensitive data by downloading it first from a secure corporate server to a less secured PC or laptop, making that data much more vulnerable to attacks.

For instance the user has to download an ACH file from the server before they use their PC tool to send it to the bank. In that instance, the user may forget to remove the file from their PC after they've transmitted it. And since PCs and laptops are often more vulnerable than the backend servers, the file could be attacked by a would be hacker. Also email is frequently used to send sensitive data. When a user sends a file as a regular attachment in an email, the attachment is not encrypted by default, which makes it very susceptible to theft.

The users may also have their own free file sharing service like Dropbox that they're using to send files through without using any kinds of controls or audit trails. And this in essence became their shadow IT department to circumvent oversight of those transfers. So without having good internal policies for your end users on file transfers, you can really risk the loss of sensitive data through one of these unsecured methods.

And finally, another big problem with file transfers today is, a lot of scripts and PC tools just don't have good alerts when transfers fail. And sometimes you may have to wait for your trading partner to call to alert you that they did not receive the file. And with these legacy tools, there's often no logs of where the files were sent. And this is becoming a real issue with auditors since many organizations cannot tell them what sensitive files are leaving the organization. For instance, can you quickly tell what files left your network on a given date or a time period and by which users? And because of these vulnerabilities and lack of reporting, it's become really difficult to meet strict compliance requirements using these traditional tools and processes.

So what we recommend, well, first of all is that you move away from standard FTP and email for sending sensitive files and instead use secure protocols like SFTP, AS2, or like HTPS. And these standards have really strong authentication and encryption technologies to fully protect your confidential files. Your files should not only be encrypted when transmitted across the internet and even your own internal networks, but you should also encrypt those files at risk whenever possible, especially if you're staging those files in your DMZ, which is that public facing portion of your network.

In automation of file transfers, both remove the manual processes and the need for vulnerable PC poles. These automated processes should alert you immediately when file transfers fell instead of having to wait for the trading partner to tell you that the file is not received. And to me, compliance requirements, you should keep at least a year's worth of audit logs of file transfer activity and you should be able to quickly generate reports on those audit logs at least so you can filter by user, date range, time range, and file names.

And to bring this all together, we really recommend that you look for what's called a managed file transfer product, also just known as MFT, which allows organizations to control and secure their file transfers through a centralized framework. And we're going to be talking about MFT a lot now, but MST covers all the aspects of file transfers within your enterprise and with your trading partners. That's going to include any fax transfers between systems as well as any ad hoc file transfers initiated by your end users, either with other users or with your backend servers. And MFT systems provides the automation you need for your file transfers, protecting that data with strong encryption protocols while giving you the audit trust you need for compliance with a strict regulations. So MFT really does bring it all together and helps you solve many of these challenges that I was mentioning earlier.

So that kind of leads me into GoAnywhere. GoAnywhere has our managed file transfer solution here at HelpSystems that we've developed and sell around the world. And we believe it's the best enterprise level MFT solution in the marketplace. And here's the diagram that just gives you a quick overview of its capabilities. So GoAnywhere can be installed on most operating systems. You can install it either on-premises or within your own cloud environment and you can then use it to connect with all of your various trading partners, be it customers, vendors, internal systems, and also has many cloud connectors to it. You can use GoAnywhere to both initiate file transfers as well as except files from your trading partners. So it handles both inbound and outbound file transfers, both batch and ad hoc transfers can be initiated through the product.

Now on this next diagram, it gets into a little more detail on all the different types of systems that GoAnywhere can communicate with. So if you look down below here, it shows all the various platforms and services databases and so on. So to start off with platforms, as I mentioned, GoAnywhere can not only install in most systems, but it can also connect up to the file systems on most of those platforms. So let's say you have files sitting on a windows server or Linux box or an IBM i IFS file for instance, you can use GoAnywhere to connect to those systems with whatever credentials you'd like within the product once you're authorized to then access those files systems to push and pull files through the product.

They can also connect up to all the popular file systems, file services I should say. That would include like SFTP servers. You can go through FTPS which is FTP or SSL. You can still use it for traditional FTP if you'd like to use that for maybe some internal communications And so on. We continue to also add many clouds connectors to GoAnywhere. So we have connectors for Amazon, for Azure. You can also use web services to call out backend systems. It can pass in XML and JSON documents over SOAP or REST requests, and they can get information back for processing.

GoAnywhere can also connect up to your backend database systems. You may have information stored in certain database tables. We can extract the information and then we can translate that data into various formats. We can write out to let's say XML, CSV, [inaudible 00:14:03] JSON and other formats that we can then build those files out to send off to your trading partners. You can also parse out those documents and import those into your databases as well.

Now as part of an overall workflow, GoAnywhere can also call out your existing applications. Maybe you have some existing scripts or programs on, let's say an IBM system as an example that you may want to call out, we can call those applications, passing in parameters, getting results that's back for processing within the workflow. And then finally you can install what's called GoAnywhere agents or MFP agents, and that allows you to connect to remote systems. If maybe there's not a good way to connect to them otherwise, these agents can serve as a conduit where we can then connect in and run file transfers on those systems and scripts through our proprietary connection there.

So GoAnywhere is going to let you connect up to all these systems down below. And then you're going to be able to set up multi-step workflows in the product and automate those to push and pull files from those systems as well as many other processes including encrypting and decrypting the files. For instance we support the open PTP standard that let's you encrypt and decrypt files that may have been encrypted with that protocol. And it also supports various compression technology. So maybe the trading partner needs you to zip the file as the zip 2.0 standard. We also support Gzip and Tar for packaging and unpackaging files. We talked about data translation a little bit already. GoAnywhere allows you to map data columns between different data sources if you need to massage that data and import it or export it properly.

Now once you've set up your workflows, you can then schedule those through our product. One way is to send them up through our graphical scheduler. We can run jobs by the minute, by the hour, certain days of the week or days of the month. You can set up custom holiday calendars for weekend, skip certain days of the year, that might be your corporate holidays or run the day before after. Now if you have your own scheduler, let's say, on the IBM i system, you may have IBM scheduler or robot on AIX, you may be using cron jobs, but we have commands in APIs that come with the product that lets you make requests to GoAnywhere from your existing schedulers and applications. And you can pass in parameters, maybe you need to pass in file names, connection properties for your trading partners. We can accept those into the workflows and then run those jobs and then we can pass the results back to your applications. That way you're going to get that centralized managed file transfer, but you'll still be able to drive those transfers from your own applications.

We also have what's called folder monitors where we can watch folders on your systems. Maybe you want to watch a folder in our IFS file system on the IBM i for the appearance of new files, or perhaps you'd like to watch our files on a Unix box or an SFTP site as an example. And you can choose that file pattern to watch for and the frequency to watch for those files. And when those files then appear, we can run a workflow to process those. So maybe you'd like to automatically encrypt those files and send them off to a trading partner as an example. So you're going to get a lot of different ways that you'll be able to launch those transfers once you've set up those work flows in the product.

Now besides the outbound file transfers as I had mentioned earlier, you can also accept inbound connections from your trading partners if they need to connect up to you to let's say SFTP or HTPS or FTPS for instance, to drop off files or to pick up files that you may have waiting for them. And they could do that on an ad hoc basis or they could have their own batch processing where they're automatically connecting up to your systems to do those transmissions. Now GoAnywhere also to support file sync and sharing. So you may have users that need to share files between each other and so they can share those files and then we can automatically keep them up to date on the other user systems if need be. So it's a great way to replace a service like a Dropbox for instance.

With a lot of those cloud sharing file sharing tools, you don't have control over those. Again, they've kind of become a shadow IT department. With GoAnywhere, we have all that same functionality, but you're going to keep control of those files. It's going to be fully audited, fully secured. We're going to encrypt the files with the an AES-256 bit encryption, both at REST and in transit. So it's a great alternative to a cloud fostering. We also have what's called secure forms, where you could have your trading partners fill out these custom forms. Maybe you need to collect data from them along with the files and then that information can all be submitted up to workflow for processing.

So for instance, maybe you need to collect like the state that they're processing their employee ID, or you can design these forms out with several different types of controls and they can fill that out to submit with that file. We have also what's called secure mail, where you can send out a secure links to the files through email notifications. That way you don't have to send a file through a traditional email attachment, especially if it's a large file or if it's a sensitive file, instead we can strip that file from the email, sent out a secure HTPS link, and then your recipient can just simply click on the link to securely retrieve that file over HTPS.

And then we also have a very good partner management system in the product. You can set up your trading partners to authenticate against active directory or L DAP. We have SAML authentication, or you can authenticate against our own database. So for each trading partner you can indicate what folders they have access to. That can be on various file systems. You indicate what IPs they can log in from, what date and time ranges. So it's very comprehensive.

Now when any kinds of problems occur, in GoAnywhere and it can send out alerts to one or more individuals. Now, as an example, maybe you're having troubles connecting to a server or one of your systems is having issues to connect out to another system. Now first of all, we do have built in auto retry, so we can keep trying that system for a period of time, but if it still can't connect after that threshold is met, they can then send out like an email alert or text message or a CIS log message to let you know precisely what that problem is. And everything's going to be audited in GoAnywhere, all call transfer activity no matter if it's inbound or outbound, ad hoc or batch, it's all going to get logged in a central database and you'll be able to generate reports on that so you can quickly see by user, by date range, by file name, all kinds of different criteria to let you quickly see what files are leaving your organization, what files are coming into your organization.

And you can just give auditors a view only rights to our reporting module so they could log in through our browser interface and they'll be able to query that themselves if you give them the access. That's just a quick rundown. Just a couple things on this slide here to mention and then we're going to move into a live demo here soon. It is, again, multi-platform. Both batch and ad hoc can be handled by the product. All file transfer activities audited and we have a browser based interface for all administration and monitoring. So you do not need to install any desktop plan on your system.

Now, again, we do provide those APIs, so if you do have remote systems that need to automatically launch transfers in GoAnywhere you can install those APIs on your systems. We have some for IBM i, AIX and other systems. Or you can use like a web service call to make a request to GoAnywhere to kick off those jobs. We had mentioned that we also allow for inbound connections. Also file will be encrypted, not only in motion but you can also encrypt them at REST using AES-256 bit encryption.

For those that work with the federal government, we do use FIPs 140-2 validated encryption ciphers. So it's only going to use secure and validated ciphers to protect that data at REST and in motion. We have the key management tools built in to allow you to import, export, create and manage your PGP keys, any SSH key you have for your SFTP connections as well as any certificates that you may use for FTPS or HTPS connections.

And we have a role based permission system in GoAnywhere so that you can have just certain administrators with certain levels of security. For instance you could have some administrators that can set up new jobs in certain domains within GoAnywhere. You can have others that can only look at audit logs, others that can only stet up certain schedules. And so that's controlled through the product. Those user can be authenticated against AD or LDAP. And we do support dual factor authentication spot if you'd need that. If you want to use like a token or some sort of key to authenticate in addition to that user and password.

All right, one last thing I'd like to mention before the live demo is, if you are accepting inbound connections, you can also use, it's called our GoAnywhere gateway. You can put that out into the DMZ area and that's going to act as a reverse proxy. It can also act as a load balancer. So when you have connections coming in, they can hit the gateway first. So they might think they're connecting directly to, let's say your SMTP server, but really they will be connecting to let's say port 22 on our gateway. The gateway is then going to take that traffic and it's going to proxy it or this proprietary control channel up into GoAnywhere.

Now in this example, we actually have two copies of GoAnywhere running. One on production system one and another on prod sys two. So this is also demonstrating how you can run GoAnywhere in a clustered environment and for a true active high availability solution. Now it's going to load balance those connections so that if you was to get a second connection coming in that's going to bend round robin that over to production system two. And the gateway is going to be smart enough that if one of your systems was to fail due to, let's say a hardware issue as an example, then the gateway will just send sessions to those remaining systems in the cluster.

As I mentioned, it's also serve as a reverse proxy. The benefit of this is there's no inbound ports that will come in to your private network. The control channels actually open up from the private network to the DMZ at startup time. So you don't have to have those inbound ports coming in, and since your SFTP server or HTPS server, for instance, will actually be living in your internal network in GoAnywhere in the P, you don't have to stage any files in your DMZ. So that's going to keep those auditors happy. If you don't have files sitting out there, you also don't have inbound ports coming into your system.

So let's go ahead and move into the live demo. I just want to spend about 20 minutes to just give you a quick overview of the product. So let's just get out of this, and I'm going to open up my browser. You could use really any browser that you'd like. I'm using Chrome today. So you would just open up your browser, point it to where you've installed GoAnywhere on your network or again you could put it in the cloud like on an Amazon or an Azure for instance if you'd like, or an IBM instance, it's completely up to you.

Once you've done that, then you can put in your IP of where it's installed. Port 8,001, that's default admin port. You'll then log in with your authorized user account here. And again, these can be authenticated against like AD or LDAP or an IBM profile. And that will take you into the dashboard.

Now the dashboard for GoAnywhere is going to tell you quickly what's going on in the system for file transfers. And it's made up of a lot of various gadgets. So you're going to see like recent file activity, you can see charts and graphs of file transfers in jobs and maybe there's some conditions you need to watch for like blacklisting IPs. There's tips and so on. There's about 24 different gadgets to choose from but you can customize your dashboard to meet your needs. And you can also create custom dashboards to share with other administrators in the system. And a lot of this information you can drill down into as well. So if you do see a problem, generally you an just click on that problem to learn more about the issue.

Now all of the various features you have access to, you'll be able to access through these dropdown menus along the top. And then we've also created these big buttons, what we call quick links for the most popular features in the product. And you can customize that list of links as well. One of the more frequent links you'll work with is what's called resources. And that's going to be where you'll set up all of your various connections for the various types of systems that you want to connect up to. And so for instance, maybe you want to go out to an SFTP server, so that's under SSH servers. This will bring up a list of all the existing SFTP connections that you have to find.

And this is database driven so you can share these connections amongst yourself and workflows, and you can have as many connections that you would like. I'm just going to open up this one here. So this is an SFTP connection sitting at this IP and port. What's nice is you can have all your partner information preloaded into the system, all their connection information, in the future then when you're setting up workflow, you can just simply refer to the connection by its name and you don't have to then remember it's IP port and all that details.

Now for each connection, you can test it out. That's just going to make sure that you have everything set up properly. And so it was able to connect to that system without an issue. And then you can put in advance properties, like in this case, I have it set to automatically retry that server up to 10 times. So that's the auto retrying we're talking about earlier. You can set like a proxy on it. If you have outbound proxy, you can tell it which ciphers to use, maybe there's certain encryption ciphers to utilize. You can also put in contact information. So if there's any problems connecting to that server, you'll know who to call or email to let them know their systems down and you're having issues. Okay?

So each server you would just define its properties to the product. Again, these are SFTP servers that we have to find, but you may have FTPS connections that you want to set up, you may want to just set up traditional FTP connections. Or you can get into other types of servers like, database connections for like... Here's, let's say my SQL connection. We ship the drivers for all the popular database servers. You can just choose your driver from the list and it's IP you're host name, and then you'll be able to run SQL within your workflows against those database.

Some things that we added in the last few years was like S3 buckets. So like in this case, I've set up a bucket using this access key. Here's the bucket name and I'll be able to connect up to the S3 service to push and pull files from there as part of a workflow. Or maybe you have files sitting on an insurer blob storage. You can define those connections as well. So here's a server connection here. Perhaps you have an IFS folder on the IBM i or a Windows or Linux box, you can define those connections here as well, we just need to know if their IP, their hosting, and then you can choose what credentials to use to connect up to that server.

Now you can either have hard-coded credentials or you could just tell it to use the user profile, the user that's running the job at the time to connect out to that system. You can also use the product to go out to web services. So we support connections for both the REST and SOAP. And so like here's for instance where we defined a REST connection to a weather service. So you're going to put in its URL, how you want to authenticate against it and those sorts of properties. So any kinds of connections you want to make to the product, you would predefine those here.

Once you've define those, then you can go in and create what's called projects to utilize those connections and actually move the files. So your project you should organize it into one or more folders. And this is really nice because you may have a lot of different projects you might want to organize those by department or by the types of transfers they are. You can also organize by domain. So you can have multiple domains in the product and then you can only authorize certain domains to certain groups of administrators.

So then that way you can have GoAnywhere used by multiple departments within your organization, it still giving you that centralized auditing and control, but everyone's just kind of having their own space to work within. So I'm just going to go ahead and drill down into a few different folders deep.On a folder level, you can also set permission. So like on this folder called examples, maybe I only have certain users that I want to be able to execute projects within that folder, I could just give them those rights only. So when they log in to the system, they'll only see those folders and domains that you've authorized them to.

Now I'm going to go ahead and show you an example project. I'll show you one of my favorites here. I'm going to go ahead and click on it. So think of a project is just like a workflow of the task that you'd like to perform. So in this case we want to go out and do some work. I'll just go ahead and just kind of hide this here. So we're going to go ahead and go out to this database. This could be like an IBM i database or a database sitting on a AIX system or SQL server box, that's up to you. In this case, we're going to go out to this database and I'm supposed to run this query. So we want to select some data from a physical file or a table and we're going to choose where the wages are greater than this variable.

Now you can pass in this variable from your application when you run the job, so we can override that minimum salary. Now if you don't know SQL that well, you can always run our SQL wizard where you can actually drill down into your database and choose files and fields and your where criteria and so on, and we'll build that flex statement for you. Okay? That's called our SQL wizard. You can also run... And this is that wizard here you're choosing. In this case that could be a library or schema, your tables and other criteria.

You can also put in, like insert statements, updates, you can call stored procedures. In this case we're going to run the select statement, we're going to get the results back in this data results set, and if records were found, we're going to build out this file from that data. That's going to be an Excel file on this case. But if you wanted to build out a different file type, you can go to our component library and you're going to get a lot of different types of components where you can write out the various formats.

But again, we're going to go with Excel. We're then going to encrypt that Excel file with PGP. We're going to give it the same name, but with a PGP extension. If you don't know the key, you can hit the browse button in here and you can browse key ring, choose the key from the key ring and then after we've encrypted it, we told it to connect out to that SFTP server, we just call it production. You can choose it from the list if you'd like. If you want to override some things from that connection, you certainly can. Like maybe you want to override the user or the password or some other properties.

And then if we did have problems, you can choose what to do if there's error. You can call, like another module to process problems or you can just continue on. This case we have a problems module define, or we're just going to send out an email off to this person, letting them know the transfer failed if there's any kinds of issues. Now again, you can do the auto retrying, so I can just keep trying that connection for a period of time. Now if I did work though, you can have an email sent as well, in this case I'm going to let this person know the file was sent successfully. So it's just going to run this project from top to bottom. Let's go ahead and hit execute and it's going to run the project, and it did run successfully. I can now view the job log.

So this is what a typical job log's going to look like. You're going to have the date and timestamp, you're going to have the job number that's a signed. Every job has its own unique tracking number. It will tell you then all the steps that were performed. So like here's where it ran the select statement, here's where it route out to the Excel file down below. And then encrypt that file with PGP and then it connected to an SFTP server and upload that file. So it's going to show you step by step what tasks were performed in that workflow.

Now getting out of this, you can see all your logs, if you'd like, you just go to auto log section and it will show you all the logs that ran. Now, as I mentioned, you may want to look at that not only by time, but you also may want to look by user or by status. For instance, maybe I just want to look at those jobs that failed. You can just focus in on those and it will show the jobs that failed. You can put your mouse on the status to find out what the issue was, or you can just click on the job to drill down to find out more information.

Now if you did fix that job, you can go on and resolve it, you can just mark it resolved and you can put in what you did to crack the problem by doing X, Y, Z, and then you can save that. Now the job's going to be marked as resolved. So if you did have like another operations person come in to the product to see what the issue is, they'll see, okay, it was resolved. They can then go next to it and say, "Okay, show me the details on it." And they'll see what the initial issue was, who resolved it and what they did to correct it. Okay?

Now GoAnywhere let's you choose how long these box are retained. If you go into the log settings, you can set that retention period. I have mine for a years worth. Okay? You could set that up much longer if you'd like, depending on what kind of compliance requirements you're under. You can also [inaudible 00:39:06] for you to just generate reports. So we have lots of pre-define reports to choose from. So like here's one, maybe you just want to see where you're getting most of your activity throughout the week and maybe you want to look at that by day of week. So these are nice PDF reports that you can run either automatically, we can automatically build them in and email them to you, or you can just run them on a on demand basis interactively to look at that criteria.

So we got about 24 different reports to choose from, and let's go ahead and open this one up. And you can build out your own custom reports. So here's one that shows just some statistics of jobs that ran throughout the week. And you can see on Tuesdays it's where we're getting most of our activity. And then you can see what kinds of file transmissions we've had throughout the week to the product. Let's get out of this here. Now your jobs don't have to be as complex as I showed you before. If you just simply want to send a file through SFTP, you could just say, "Okay, let's create a project," and I'm going to say, "Send file through SFTP for Bob." That's the name I'm going to give it. I hit the saVE button. It will then take me into the project outline. I can now go ahead and start building out my project here.

So in this case, I just simply want to send a file through SFTP. So I'm going to go down to SFTP, [inaudible 00:40:37] I want to do, put.. There's about a hundred and some different actions to choose from. And so it will ask me, "Okay, where do you want to connect out to?" So you can choose your SFP server in this case, you can then choose what files to put. Now you can put multiple files or a single file. You can also use variables so you can pass in the file name from your application as a parameter. But in this case I'm going to hit the browse button and just choose a file from the list, and I'm going to then browse the SFTP site and choose a folder to place it into. Okay? So I have a real simple file transfer set up. I can hit execute now to run it. If I'd like to save that, I can save it and then run it on a scheduled basis.

So project can have just one task or you can have literally dozens tasks in it. We also support F&L statements. You can do loops. So it does have a lot of programming capability if you want to build some logic into those projects. Now if you'd like to run a project through our scheduler, let me just go ahead and open that up. So let me just show you an existing scheduled job. So for each scheduled job, you just tell it what project to run. You can choose priorities. You can then go to the schedule and this is where you'll be able to choose how I'm going to run the project.

In this case, maybe I want to run it weekly, Monday through Wednesday. You can choose the time of day to run it. And then if you have a custom holiday calendar, you can set that up and skip those days. If there's any kinds of problems with the job, we can do the auto retry here. So in this case, we're going to try it for the next four hours, every 20 minutes. And the schedule has a built in notification. So if there's any problems, we can just automatically email one or more addresses here and let them know what the issue is. Okay?

Another way to run a job is through those folder monitors that I was telling you about. And so let's just go ahead and show you an existing one. So we could be watching a folder on a file system, that could be a network folder or an IFS folder. It could be a folder on an SFTP site. This case we're going to watch this folder here for any files with the EDI extension. And we told us to watch it from 9:00 AM to 10:00 AM every day, every 15 seconds. And if we find any files during that timeframe, then we told it to run this project to process those files. And it's smart enough to know if the files are truly available, we can either get a lock on those files or we can do what's called a secondary snapshot to see if the size and the timestamp of the file's changing. That way we don't grab a file that's still being written to by one of your applications. Okay?

Now if the files aren't found during that timeframe, we can send an email to one or more people letting them know that those files are missing. Okay? Now, as I mentioned, you can also run these jobs from your own applications. So here's like for instance if you're an IBM i customer, you can code or run project command right in your cl program. We also have a service program for RPG. In this case we're telling it to run this project, we're going to pass in the state code. We told it to run it under this party. And then you can do a MON message trap for errors so if there's any kinds of issues you can alert, in this case, we're going to alert [inaudible 00:44:12] or other users. So that will let you have direct control over when those are transfer are in, in this example from a cl program.

But if you have, let's say on a Windows or Linux or Unix box, you can use our commands there as well. Like here's a shell script for instance for Linux where you would tell that it work only where it's installed on the network. They'll tell it the name of the project to run, and then in this case run a pass in the vendor number and the status code. In the Windows example above, we're going to pass in this file name and folder path. So these APIs come at no additional charge. You can put them on as many systems as you'd like. Okay?

So everything we've been talking about so far has been batch oriented transfers. Now if you have users that need to come in and upload or download files interactively, you can fire up what's called our web plan. Now this can have your own corporate logo, your own custom disclaimer, and then they can just log in here and they can self register if you allow them or you can have their accounts pre-created. And you can have them to go through an approval process if they do try to self register. But this will then take them into whatever folders that you've authorized them to on your system. These could be IFS folders, they could be folders on a Linux or Unix box, they could be S3 buckets, they could be SFTP folders. And so for each folder they can drill down in.

If they really don't know what folders they're connecting to, you can just give them unique alias for those folders and it will show them what files that you'd like to share with them. They can click on those file to download, they can highlight multiple files, and if they like they can just download single files at a time. This is all happening over secure HTPF, that's all going to be secured. They can also upload new files to you, they just hit the upload button and they can choose one or more files to upload. All this is being audited. They'll be able to see their own audit activity by clicking here, and that was just their audit records.

But if you flip back to the administrator, you'll be able to go into those logs here and... Let's just pop here. And so let's say I want to see my HTPF traffic. So this is going to show all that activity and I can filter that by not only date range but also user IP and other activity and as well.

So going back to the Web Client, it's just a really quick way for users to share files from on itself. And they could also send what's called a secure mail where they can just compose a message, so you just put in someone's email address. They can attach one or more files and they hit the send button and that will send out a link of those files to the recipient and then they can click on those links to retreat the policy securely from your systems. So that's just a great alternative to email. And we do have an outlook plugin for that as well. So they can just hit the button in outlook to send those files securely as well. Okay?

All right, let's jump back to here and let's go right here. Again, both ad hoc and batch transfers can be sent through. Now you can set up triggers so when files do come into the system, you can have those automatically do certain things. So like in this case, we're going to watch for a file getting uploaded into this folder under this user account. And if that occurs, then I told it to run this native command process to files. It could be a script, or you could just simply copy the file somewhere else on the network.

You could rename it, you could send an email, or if you want to get more sophisticated, you could tell it to call a project to process those files. And would be calling out a workflow by... just choose whatever workflow that might be, maybe you have one to automatically take those files in and decrypt them as an example. Okay?

All right, so that concludes our live demo. And now I'm going to pop back over here and I want to talk to you just a little bit about installation requirements so you can put it on... I know we have a lot of IBM customers on the line, so you can load it on an IBM i series, we run on V7R1 or higher. It's going to take about 275 megabit space, 512 mega memory. Or if you want to put it on your AIX system or Unix box or Linux, it's going to take about a 250 Meg, 512 Meg of memory and you're going to make sure you have the Java runtime environment of 1.7 or later.

We also let you deploy to Linux and Windows systems, and here's their install requirements. And then you can of course always put it on at virtualize environment without any kinds of issues. We also have images up on Amazon and Azure to install to. We do have a 30 day trial. If you'd like to go ahead and download GoAnywhere, you can just go to this URL here and you can actually go through that process and it's very quick trial. You can install it on your system, try it out. Everything I've shown you is available during that trial period. We can help you with your proof of concept, just make sure that we're going to address those challenges that you may have to make sure that trial is going successfully before you have to make a decision.

Now if you do have any questions, we're going to open up the Q&A here real quickly, but I did want to show you my email address here. So that's my personal email address. Or you can send an email to our sell script and they can hook you up with the right person. And also we have our toll free number shown. I'm going to end my screen sharing, we're going to flip to the Q&A... and let's see what kinds of questions we got. We have a few minutes to address any questions that you may have. And so, Janine, have you seen any questions coming through?

Janine: We do have some questions Bob. So-

Bob: Oh, great.

Janine: Let's get started. First question is, what are the benefits of SFTP over FTPS and kind of what is the difference?

Bob: Okay, great. That's a good question. So SFTP is the most popular, especially if you're trading files over the public internet because a lot of companies have SFTP servers on like their Unix and AIX systems, Linux systems. Also you only have to open up one port for SFTP, That's generally port 22. Where with FTPS you have to open up not only a control port for your commands and so on, but you also have to open up ranges of ports for the actual data. So you're going to have to open up more ports in your firewalls, but that's TPS. So generally we see FTPS use for internal communications, let's say like between mainframes and between other systems internally, and then we see SFTP use more between companies when they're trading files over the internet, because it's just easier to set up and doesn't require all the firewall configurations.

Janine: Got you. Should we use a key to authenticate secure FTP connections in addition to a user ID or password?

Bob: Yeah. That's a good question. So traditionally I've used just users and passwords to authenticate connections, but with modern secure protocols like SFTP, you can use a second factor authentication, like a key. So you can specify not only that user password, but also this unique key that it's a public key on that connection, which can be additionally validated to ensure that you are who you say you are. And these keys, we have the key management tools built into GoAnywhere. So you can quickly create an SSH key for instance, and use it on that connection, or if your trading partner shares that key with you, you can quickly load that key into the key ring and use it to authenticate the connection. So we are seeing a lot of companies now moving to a dual factor authentication where they're using both user password and a key or certificate. So yeah. Good question.

Janine: Okay. Next question, can you speak to the difference or if there is a difference between triggers and monitors?

Bob: Yup, that's a good question. A trigger issued to process inbound connections and GoAnywhere. So let's say that you're waiting for a file from a trading partner and when that file appears, as soon as it gets uploaded, you want to immediately kick off, let's say a workflow to process that file. So the trigger is going to be quicker than a monitor because a trigger is going to run immediately when the file appears in this case. Now with the folder monitor, that's where you can watch really any folder. That could be a folder that may be one of your ERP systems is dumping files into. The folder monitor, generally you're just going to run that every few minutes or so to scan for file.

So it's not going to be as reactive as a trigger. The trigger is going to run immediately when the file appears because they're uploading the file through one of our services or a folder monitor as we can watch really any folder via a local folder or a remote folder. And it's generally going to scan just every few minutes or so. And you can set that frequency in the product. So yeah. Good question.

Janine: Okay, here's another, how can we stop end users from sending files from their PCs using FTP tools like say Filezilla?

Bob: Right. Yeah. So that's a real problem. Organizations have a lot of issues with their end users kind of doing their own thing per se. They're either using their own PC tools or they're using Dropbox to move files around from their company to other organizations. So what you can do there is you can, first of all, take away administrative controls so that your end users can't load these applications onto their desktops like Filezilla. The second thing you can do is you can set your firewall to only allow like FTP or secure FTP connections from a tool like GoAnywhere. So you can disallow any FTP connections from like users desktops and so on through your firewall configurations.

That way they'll be forced then to use a product like going GoAnywhere. Now they might say, "Well, geez, now I need to be able to run those transfers when I'm ready," the user may indicate that. Well, what you can do is you can pre-configure those transfers for them in GoAnywhere and then give them a login and then they can run those transfers in our product when they'd like and you can restrict them to only be able to run their transfers so they can't mess up anything else in the product. So they still have that flexibility where they can run those transfers when they like, but now you have the control in the audit logs where you wouldn't have that with the PC tools generally.

Janine: Thanks Bob. It looks like we are just about at the top of the hour. So I just want to take this opportunity to thank everyone for attending today's webinar. And I especially want to thank Bob for sharing his expertise with us today. Later this week, watch for a follow up email. It will contain a link to the recording of today's webinar. So that concludes our webinar. Thanks again. Have a great day.

Bob: Thanks.