IBM i Webinar: Simplify and Protect Your File Transfers

Thank you for registering for this on-demand webinar. If you have questions following the webinar, please contact us. You can also download the presentation slides here.

 

Transcript

Bob Luebbe: All right. Well, thanks for everyone joining us today. This is the webinar for the IBM I Simplify and Protect Your File Transfers. This webinar will be recorded, and you will get a link to that recording which you can watch or share with your colleagues when that's convenient. So, just to get started here, if you have any questions that you may have during the webinar, there is a Q&A section in the control panel that you can click on to enter in any questions that you may have. We'll try to address those throughout the webinar, and we'll especially have additional time towards the end of the presentation.

So just to get started, my name is Bob Luebbe, and I am the chief architect for the managed file transfer group here at Help Systems. And I've been in IT for 30 years, and have spent the last decade in designing encryption and file transfer solutions for that time. As a certified information security professional, I also consult with organizations on how to best protect their sensitive data assets and achieve regulatory compliance.

And I am joined by Dan Freeman who is a senior solutions consultant here at HelpSystems. Dan has spent the last 10 years of his career in various security roles ranging from systems engineer to security officer. And also as a CISSP, Dan has designed network systems and procedures to ensure regulatory compliance using the NIST risk management framework and HIPAA standards. And Dan will be monitoring the control panel for any technical questions that you may have throughout the presentation.

So our agenda today starts by exploring the various protocols that you can utilize for protecting your file transmissions. And that's going to include popular protocols like SFTP, FTPS, and OpenPGP. We'll then look at the challenges that many organizations are facing with their enterprise file transfers, and traditional tools and scripts just are no longer good viable options for keeping up with the latest business demands and security requirements. During this webinar I'll explain what managed file transfer is, otherwise just known as an MFT, and why it's becoming so popular for organizations.

We'll then give you a live demonstration of our GoAnywhere MFT solution in which I'll show you how they can be used to protect your files both in motion and at rest, how you can also use it to easily move files between your IBM i system and other platforms within your network as well as with your trading partners, how you can be immediately alerted when file transfers fail. Also we'll show you how you can create an easy to use web portal for your customers and vendors for ad hoc file transfers.

And then, finally, I think one of the more important aspects of MFT is how you can generate the detailed audit that you need to comply with various regulations like PCI and HIPAA. And we'll show you how all this can be configured and monitored from a central dashboard in GoAnywhere. Again, feel free to enter any questions along the way and Dan will try to address them throughout the webinar.

So let me just take a quick moment to share a little background on HelpSystems. We've been in business for over 35 years, and we focus on developing fiber security, automation, and operations management solutions. We have over 550 employees in 20 offices around the world to serve our customers. The corporate headquarters is in Eden Prairie, Minnesota, but most of the GoAnywhere R&D support and self staff is located right outside of Omaha, Nebraska. Our R&D team is constantly improving GoAnywhere, which is primarily based on valuable feedback from our user base.

There's two to three major releases of GoAnywhere per year, which demonstrates our active development schedule. And you can view our release notes on our website. And we believe in providing the best possible service to our customers with 24/7 support 365 days a year. And almost 99% of our customers stay on product maintenance, which we believe is a excellent testament to the service and value we're providing. And we are a member of the PCI Security Council, so we keep up to date with the latest standards and ensure our customers can use our products to maintain compliance.

So let's talk about the different types of encryption you can use to protect your file transmissions. One is to encrypt the file only with a password or key, and then you can send that over a standard connection like FTP or email. So that's a very popular approach. So that's available with AES encryption or OpenPGP encryption use in a key. The other approach is you can send an unencrypted file over an encrypted connection, so everything will be encrypted, and that's going to more or less create a tunnel, an encrypted secure tunnel between yourself and your trading partners.

There's several different protocols to choose from. Secure FTP is the most popular approach for protecting connections between systems. The other approach is you can use an encryption at both the file level and at the connection level. So you would first encrypt the file with the password or key and then you would send that over an encrypted connection.

The benefit of that is you would not only protect the file with two types of encryption, but you would also protect all of the credentials to log into the server such as the user ID, password, and other information to authenticate. So this is becoming the most popular, is to do both file and connection encryption.

Let's talk about ways you can protect the files. So, as I had mentioned, you can use ZIP compression, and that includes an encryption option, which is AES, which stands for advanced encryption standard. ZIP with AES encryption is supported by a lot of various products. So if you were to send someone with a ZIP password protected file, likely they'll have a tool on their site that they'll be able to open it up with.

The main problem with ZIP protection is you do have to use a password to protect the file, and if you don't use a strong password, it is subject to a brute force attack. You also have to share those passwords then with your trading partners. So you need to make sure you have a secure process, either through a secure connection or you'll have to actually call your trading partner with that password. So the main downfall of ZIP protection is it is password based type encryption.

So, a more popular approach for protecting files to use OpenPGP encryption, in which case you're going to use a key what's called a public key to encrypt the file and then on the other side they'll use a private key to decrypt the... Or what's also called a secret key. And so if you look at this example here, this public key, this would actually be your trading partners' public key that they'll send you beforehand and then you'll use that key to encrypt the file and send that to them through email or FTP or Secure FTP. And then on their side they'll use their corresponding private key.

The private key will be mathematically related to the public key, so they should be able to then decrypt that file with their private key. The nice thing about this type of encryption is your public key, it's not like a password in that you can share your public key with really any trading partners that need to send you encrypted files, and they can simply use that public key to encrypt the file. Now, they can't use the public key to decrypt the file, only the private key can be used to do that. And that's why it's so popular, because you don't have to worry about your passwords getting compromised.

Another thing you can do with OpenPGP is you can also place a digital signature into the file to identity by the true originator of the file. So think of it as a postmark. So you would use your private key to sign the file and then you can additionally then encrypt the file with your trading partner's public key. So you're signing and encrypting the file. And then when they receive the file on their side, they'll decrypt it with their corresponding private key but then they'll also verify your signature.

So you should have sent them your public key beforehand so they have that on file. And then when they received the file they'll then verify your signature. So this is a very popular approach to not only encrypt the file, but also place a digital signature in the file so the trading partner knows it actually did originate from your system. So that's a little bit on file encryption.

Now let's talk about how to encrypt the connection between yourself and your trading partners. So the most popular approach to do that is to use Secure FTP. Secure FTP will allow computer systems to identify themselves to each other. So it goes beyond just a user ID and password, you can additionally use a key or certificate to authenticate your Secure FTP connections. You're going to get an encrypted connection between yourself and your trading partners. Therefore, everything will be protected over that connection, not only the data, but also any user IDs and password that exchange over that secure connection.

And then finally, Secure FTP implements what's called hash functions that makes sure that the data's not modified but isn't transmitted. So even if, let's say, an attacker or maybe a router that was having issues, if that, for some reason, change the actual data that was being transmitted, that would be caught on the receiving end so it would know that those packets did not match the packets that were sent. There's two types of Secure FTP, they're both... are very strong options, SFTP being the most popular, but we're also going to talk about FTPS a little bit.

So let's jump into SFTP first. So SFTP is more or less used than FTP over an SSH tunnel. SSH stands for secure shell. Again, that's going to encrypt the entire connection between yourselves and your partner. It's very popular in Unix and Linux systems, that's why I think it gained a lot of popularity. The nice thing about SFTP is you can use dual factor authentication. So you can not only use a user password, but you can use an SSH key to authenticate.

So, your trading partner will have your public key and you'll have your private key on your site. And these are a little different than PCP keys, they're called SSH keys. And so you'll have an SSH key on your side and they'll have their public key on their side. And then those are authenticated for the connection.

All right. On FTPS, that's going to use FTP or SSL, that also protects the entire connection including data user's passwords, commands and so on. With FTPS, you can do both the explicit and implicit, meaning that you can have an FTP server that will still accept the standard FTP connections, but then you can tell it to switch it over to FTPS to secure connection. That's instead or explicit FTPs, the implicit FTPs means that it won't accept a standard FTP connection so it's always going to require the connection as encrypted, and that's becoming much more popular.

So you got dual factor authentication supported with that as well. You cannot only use a user password, but you can, instead of a key, you use what's called a certificate. And that's going to be authenticated when the client connects up to the server system. Okay. So that's the two different types of Secure FTP options to choose from. We do find SFTP as the most popular since it just uses a single port number, port 22, where FTPS does use several different port numbers, which oftentimes is hard to get the network guys to open up in the firewall.

So now let's talk a little bit about what companies are dealing with with their file transfers. So besides doing a lot of scripting on their systems, there's also a lot of manual processes, a lot of PC tools being used, you may have users using ad hoc file sharing tools like Dropbox or email. And so, the problem with this is it's really become decentralized over time. It may not be secured if they're not using a secure protocol to do the transfers. You may not get alerts when any kinds of problems occur.

So, perhaps someone was running a script and if it doesn't have that logic built in, if the transfer fails, you may have to wait for your trading partner to call you to let you know they didn't receive the file, which is embarrassing that you have to wait for that moment. And then I think another big problem is you don't have the audit trials. When your file transmissions tools and methodologies are scattered in so many different directions, how do you, from a single standpoint, look at all the file transfers that were performed both inbound and outbound from your organization?

FTP scripts, talked on that a little briefly, but generally for any kinds of automation that companies want to do, they've written scripts in past, and the problem with that is you got to get programmers involved to write those scripts, and programmers are very expensive resource. And whenever things change, let's say your trading partner's IP changed or their user password, you have to get a programmer then to go in and make changes to those scripts and test them out.

The problem of the scripts too is they're very basic and they don't have things like auto retry or auto resume built in. They don't have, not only the learning, but they don't have the audit logging built into them. And scripting can become very complex over time. You can really get into a real mess of scripts as you add more and more trading partners. That's generally when companies come looking for a better solution beyond scripting. So that links us into what's managed file transfer.

So managed file transfer, or just known as MFT, is a solution that allows organizations to control and secure their file transfers through a centralized framework. So MFT covers all the aspects of file transfers within your enterprise and your trading partners including batch transfers between systems as well as ad hoc file transfers between end users. And MFT provides the automation you need protecting it with strong encryption while providing those audit trials you need for compliance of strict regulations.

So that leads us into GoAnywhere. GoAnywhere is a managed file transfer solution and it was built to solve the challenges that many companies are facing now with their file transmissions. So GoAnywhere would install onto a system within your network. You can either install it in your network or in the cloud, that's up to you. You can then use it to connect up to all of your various trading partners, be it banks, customers, vendors. It's got cloud connectors as well.

You cannot only use it for exchanging files with your external trading partners, but also to move files internally with other systems, Windows and Linux and AIX systems if needed. Those can be on a batch basis or it also supports ad hoc file transfers between individuals. Those can be both inbound and outbound file transmissions. To drill down into the product a little deeper, this diagram shows... There's a lot going on with this diagram, but it clearly shows all the different types of protocols that's supported in GoAnywhere.

So if you look along the bottom here in this rectangle I should say, it shows all the different types of systems and file services and support. So let's start off on the left. So GoAnywhere you can install a HANA IBM i system and then use it to connect up to, again, all of these various systems, the push and pull files. Those connections can be made under a service account so you can have the credentials preloaded and so it can connect in with any credentials that you're authorized to, or you can just tell it to run those jobs under the credentials that the user has logged in at the time.

It can also then support all the different file services that you need to connect up to, of course SFTP is very popular, but we also support what's called Secure Copy, we support FTP or SSL, and then your standard FTP support as well, which is traditionally now being used more for internal transmissions. Also, AS2 supported some companies, especially if you're in the retail world needing to use AS2 to exchange files with Walmart and other entities. Clouds connectors are provided in GoAnywhere.

You can connect up to Amazon S3 Buckets as your blob storage, as well as you can just do simple calls to web services. We support both SOAP and REST to let you post and pull information from those services.

GoAnywhere can also connect up to backend database systems. For instance, maybe you need to do a data extract from a database, perhaps a physical file in IBM i, and then we can convert that data. So GoAnywhere has data translators, we can write out to XML, CSV, fix with text, we can write out to XL file formats, JSON file format. They can also parse out those documents and import those into your tables or physical file. So there is quite a bit of ATL capabilities in the product as well.

GoAnywhere can also call out your backend applications as part of an overall workflow process. So perhaps after a file has been transferred you'd like to call out maybe an RPG program or CL programs to do additional processing, or perhaps there's a remote program on a Windows or a Linux machine you'd like to call out as well, that can be part of the workflow. And then finally we have what's called agents that if you don't have a good way to connect up to a system either internally or externally, we have the software you can put on one of those systems and it runs on Windows, or Linux, or IBMI, or AIX systems.

And this software then would communicate with GoAnywhere on the GoAnywhere central server and then GoAnywhere can then direct the agent to run workflows, it can move files to that agent system, it can pull files from that system and monitor for new files that might appear in it's folder. So it's a great way to be able to connect up to systems if you don't have any other standardized protocols to connect up to it.

So in GoAnywhere you can not only connect up to all these systems, but you can set up automated workflows to do not only that work, but also to encrypt those files. We can also decrypt the files so we support the OpenPGP standard. You can also zip and unzip files, [inaudible 00:21:06] like the ZIP 2.0 standard, there's also Gzip and Tar that can be used for compressing and compressing files. We talked about data translation a little bit, you can also map column between files, it can also copy data between database systems.

So perhaps you may have some data sitting in a physical file on the IBM i, it could copy that data to SQL server table and you can choose how that data's mapped or vice versa. Now once you've set up your workflows, there's several different ways you can run them, one way is through our scheduler. So you can run jobs by the minute, by the hour, certain days of the week or days of the month, you can set a custom holiday calendars and it can skip certain days of the year that might be your corporate holidays.

Another way to run a job is through a monitor. So we can actually be watching the system for new files to appear, those files could be sitting on really just about any file service including one of these agents systems. And when the files appear that meet the pattern that you're looking for, then that can kick off a workflow to process those files. And it's smart enough to know if those files are truly available, they can either get a lock on those files or I can do what's called a secondary snapshot to see if the files are changing.

So it can be checking the timestamp and the size of the files, that way we don't try to grab a file that's still been written to by one of your applications. Now these file transfers, another way to run them is through the command line or API. So we have commands for IBM i systems, we have APIs for RPG, we have APIs for Java, for.net, commands for Windows, Linux. These commands provided at no additional charge. You can install them on as many systems as you'd like, and then they can be used to make requests to GoAnywhere to run these workflows as you need.

So GoAnywhere can not only be used for outbound connections, but also inbound. So it actually does have a built in SFTP server in it, a built in FTPS server, as well as a HTTPS server. So your trading partners can connect up through ad hoc or a batch basis using one of those protocols to upload or download files from your system. So GoAnywhere can be used as both a client and a server depending on if you're going to allow both outbound and inbound connections. You can also use it to synchronize files between individuals for sharing documents as well like a Dropbox type replacement.

Something we added a couple of years ago which is also useful, is if you do allow your partners to connect up to you, you could have them come into their browser and they can actually submit additional information along with the file. So maybe you need to prompt them for their employee ID, or the state, or County, or other additional information that you can build out. And then that information along with the file can be submitted up to workflow for processing.

And these secure forms are really easy to build. You can build them without any programming background and just go through our graphical wizards to set them up in what fields you'd like to prompt for, and then that information would be collected along with any files submitted. There's also what's called secure mail. So for ad hoc file transfers, you can send out links to your trading partners and they can simply click on those links to retreat files from your site.

And so it's a great way to send out large files or files that may contain sensitive information, because all the data is going to be downloaded through a secure HTTPs link. And then finally, your trading partners, when you set those up in GoAnywhere, they can be authenticated against the IBM i profile, they can be authenticated against active directory or LDAP. And for each trading partner you can choose what folders they're authorized to, what permissions they have to those folders, or IPS they're allowed to log in. So it has a very comprehensive partner management.

Now, alerts are built in to GoAnywhere. So if there's any problems, for instance, maybe you're having issues connecting to a trading partners' system, now GoAnywhere does have built in auto retry, so you can keep trying that connection for a period of time, but they still can't connect to have to the retrial limits reach, then it can send out an email or text message or assist log message even a message to [inaudible 00:25:49] letting you know what that issue is.

Of course everything's audit in GoAnywhere. All file transmissions, no matter if it's an inbound, outbound, if it's ad hoc or batch, that's all going to get logged in our central database. And you'll be able to run queries on the information. There's all kinds of reports that you can generate to see trends on file transmissions, where you're getting your peaks and your bowings. So that's very comprehensive, something very important for auditors to see.

Just a couple of things here, we talked about agents a little bit prior, but again, this talks about agents a little deeper where you can deploy just about to any platform and in any system you need to connect up to, that can be that can be then managed by the central GoAnywhere installation. All right. Just a couple of things here and then we'll go into the live demo. We talked about the different platforms. Today we're mostly focused on IBM i so you can certainly install the product to that platform. You'll then be able to use it for your batch and ad hoc file transfers. Again, everything's going to be audited.

You can use our browser based interface to do your setup work as well as to monitor the product, but we also do have some commands for IBM i to let you launch those transfers quickly without having to use the browser. We talked about the inbound connections. I do want to point out, the encryption we use uses the highest encryption standard ASE 256-bit, and that is FIPS 140-2 validated. So especially if you're trading information with the federal government, that's a big requirement from them.

Key management, so we have the tools built in to let you create, import, export and manage your keys that you may need for your OpenPGP or SFTP connections or any FTPS connections that you may have. And you can have as many administrators in the product as you'd like. Each administrator can have different levels of security. And, for instance, maybe you only have certain administrators, you just want to look at the audit logs, others that you may want to allow them to set up new scheduled jobs. There's about 13 different levels of authority that you can set up per user.

A couple of things here, private cloud, you can, again, use like a replacement for Dropbox or box. It lets you quickly share files between individuals. You can then give a custom branded portal to your trading partners. So when they come into your website, they'll have your corporate logo, your corporate privacy policy with a link to full policy. And so, we really look like a custom built app that you're providing to your customers.

We did talk about secure mail briefly that does include an outlook plugin. So you can not only send files as links, right, from Outlook, but also through a batch process sheet. For instance, maybe you could generate a bunch of reports from the IBM i, and you could just distribute those as secure mail links out to your own users if you'd like.

Two factors are really becoming important, so again, for SFTP you'll definitely want to use a key, for FTPS you'll want to use a certificate as an additional level of security. But if they're coming into the browser, you may want to let them use a token, a randomly generated token in addition to their user and password. And we support that as well.

Now, if you are allowing for inbound connections into your system, we have what's called the GoAnywhere gateway that you can put out in your DMZ. The DMZ is like the public facing portion of your network. And then when your customers come in instead of hitting your IBM i directly, they'll hit the gateway first. The gateway will be sitting on like a Windows or Linux box. And then that's going to have a special connection, what we call a control channel between the gateway and GoAnywhere MFT, which would be sitting on your IBM i in this case.

And that control channel is actually opened up from the IBM i to the gateway startup claim so you don't have to open up any inbound ports into your system. So that's going to make it much safer by not having inbound ports. And since your services will then reside in your private network, all of your files can stay in your private network. You don't have any file stage in your DMZ area. So that's going to keep your auditors happy.

There's a couple of other things. We also [inaudible 00:30:40] assign job priorities to jobs, so it is a multi-threaded environment, so you can have thousands of transfers running throughout the day. You could have hundreds running at the same time. That's managed through those priorities. So you can assign jobs numbers to choose how much attention the CPU will give to each job.

File transfer acceleration, if you're needing to send large files between yourselves and other systems, we can actually break up the file into multiple channels, UDP channels, and reassemble those files on the receiving end, which is great if you're sending out multi gig files.

And then finally, we also support clustering. So if you do want a true active environment, you can have multiple copies of GoAnywhere running. And if one system fails, the other copies are aware of that and will continue to process transactions. Let me get to some screens here. So let's go out here.

Now, if you just want to use our green screen commands to do some file transfers, those are provided in the product, and so you never even have to open your browser. Although the browser is a very nice interface, I'll show you that in a little bit, but you could just use the green screen. For instance, maybe you simply want to send a file over SFTP. So we have a command called SFTP put, and you can prompt, and you can put in your trading partner's IP or host name, you can then put in the port, the user and password logins with them, and then you can choose if you're going to send them an ifs file.

Let's say you got an outbound folder, you could certainly do that. Or you could send them a physical file and we'll convert it over to an ASCII file and we send it out to them. So you just put the name of it there. So this is just a quick way. You could put this command in a CL program or you could run it from the command line. And so just for a quick SFTP transfer, this is a great way to go.

We also have a corresponding community, get a file from their system. So you just put in their IP address or hosting, the file you'd like to get, and then where you'd like to store that on the IFS. Okay. We also have commands to let you encrypt and decrypt files with PGP. So you can put in the name of the file. It does support wild cards. And so you can put the name of it here and then where your keys are stored and where you'd like the destination, the files to be stored. And then they can automatically encrypt those files to store them in that location. And then in turn, you can also decrypt files with our PGP decrypt command.

And then finally you're going to get commands that let you zip and unzip files, for instance, here's the zip command. You just put in the names of one or more files here. Oh, let's say you want to encrypt or zip everything in that outbound folder, you give it the name of the zip file, and, oh, and then you can password protect that if you'd like. And you can use AES 256. And again, you're going to have to use a password. And that's a problem, zipping issue is going to make sure that you safely exchange that password with your trading partner.

So if you just want to do some quick encrypting or SFTP or zipping of files in GoAnywhere you could certainly use these commands. Now, another approach to do transmissions and encryption is through our graphical interface. So let me bring that up. So once you get GoAnywhere installed on your IBM i, just point your browser to the IP or the host name of your IBM i and 4-8000 is the default admin port. You can change that if you like.

And it'll bring up this login screen, and then you can configure it. So you just login to the product to an IBM i profile, or you can use active directory or LDAP to authenticate your administrators. And then they'll log in with their account. And that will take them into what we call the dashboard. Now this is going to really nice because right from one place you'll be able to see all the file transfer activity going on within this installation in GoAnywhere. So it's going to have all these different gadgets laid out on the dashboard. There's about 24 different gadgets to choose from.

p>And it's just going to tell you all this critical information about what's going on within GoAnywhere. Now these gadgets can be rearranged. You can hide, you can add new gadgets, you can create your own dashboard to share those with other administrators. So, again, it's just giving you a lot of good information all at once on the screen. Now, all of the different features that you have authority to, you'll be able to access those through these dropdown menus along the top. And then you're also going to get these big buttons for the most popular features in the product. Okay. And you can customize what those are as well.

Now, depending on your authorities in the product, you may even get different features than other administrators. So, again, you could only be allowed to get into audit logs, for instance, as an administrator where others may be get to the scheduler and triggers and other options. To start off with let's talk about resources. If I click here, and from resources you'll see all the different types of connections that we support in the product. Okay. And so we organize those for you by their type or protocol.

Let's start off with Secure FTP connections or SSH. So you can set up as many connections as you'd like. It's all database-driven, and you can add a new connection just by clicking the add button here. To add an existing connection, you just click on it. Let's go ahead and click on this production SFTP server. For each connection we just need to know the IP address, the port number, and user password. You can test out your connections, just click the test button here, and it'll actually go out to that server, make sure you've set it up properly.

You can then put an SSH key on it if you'd like, you want to use dual factor authentication. You can then choose your auto retry attempts, so in this case we're going to try to connect up to, for the next 10 times, every 60 seconds. You can even put in contact information. So if you're having troubles connecting to that server, you'll know who to call or email with the issue.

Now, another nice way that a resource can be used, like this one's called production, if I flip back over to our commands here, let's prompt this command here. Notice that it's asking for the resource. So, instead of specifying the IP user password in all this, on this command I just simply say I want to connect up to the server and now it's not going to prompt me for the IPs or password. That's very nice because now if someone is still looking to a SL program where you've placed this command, none of that information will be listed.

So it's going to give you better security around your user IDs and passwords to connect up to those systems because they're all going to be stored in the database. You simply now just refer to the system by its name as you've defined it as a resource. That's another nice feature with that. But you'll also be able to choose these resources through our graphical work post, which I'll show you here in a little bit.

That's enough of SFTP connection. You can also set up connections to FTPS servers in which case you're going to go over an SSL connection. So it shows its IP or host name, you can put in a number of retry attempts and interval. You can even choose the type of SSL to use for the connection where your certificates are stored and so on. Now to work with your certificates and keys, so you would go under the encryption menu. So let's start with the certificate manager. And this is where you'll be able to import new certificates, you can export, you can also create brand new certificates here.

So we support certificate sizes is up to 4,096 bit. You just put your company's name here and other information and create a certificate from this screen. You can also go into the SSH key manager and you're going to get a lot of the same options, the ability to import, export, as well as generating brand new SSH keys. Okay. Now if you're into PGP, you can also then go into the PGP key manager and also be able to create import and the manager, your PTP keys as well. Okay.

Going back to your resources then, once you've set up your keys and certificate, some other things you may want to do is maybe set up some connections to some database servers that are within your organization, perhaps you have another AS 400 IBM i sitting out there. We ship drivers for all the popular database systems. You can just choose your driver from the list. You can then choose the type you're host thing, and then you'll be able to run SQL right within a workflow to connect up to the database. I'll show you that here in a little bit.

You're going to get connections to Amazon Buckets. In the next release we're also going to let you connect up to Azure blob storage. You're going to be able to connect up to your existing mail servers so you can connect up to your POP3 or IMAP mail boxes as well as you'll be able to connect to SMTP servers to send out email. You'll be able to connect up to SOAP servers for web services, if you want to, you'll just need to put on the URL and then how you're going to authenticate against that server. Then you'll build to send and retrieve messages.

So all the different connection types are supported on the left side of the screen. Once you've set those up, then you can go into what's called projects. So projects is where the actual work is performed. I think of a project that's like a script or a program, but you don't have to be a programmer to actually set up a project. You just go through our graphical [inaudible 00:41:29] to do that.

Now, let me show you an example project, a popular one. And so I'm going to go ahead and open that up. And this project has several different tasks within it. Each little team needs a separate task, but before we get into that, you give each project a name, so we've called this DB tech cell to PTP and SFTP. You can call them whatever you'd like. And then after that we've got a module called main. You can have multiple modules. Think of a module, it's like a sub routine where you can have multiple tasks.

So we've got a main module where we're going to run these main set of tasks for this workflow. And then if we have any problems we're going to route control down to the problems module. You can see here if there's a error to call problems, which is, in this case, is going to send an email off this person, let them know that there's an issue. But let's start back to the top. In one of our first tasks we're just going to create a temporary workspace.

Think of it as a cute temp library where we want to store some temporary files that we're creating, like maybe after you've created some files and used them and you want to just get rid of them, after you've created the workspace and used it, then you can do it. Delete workspace down below here. Do you see where my cursor's positioned? And that will just get ready any of those temp files.

And then one of the first tasks we've told it to do is to connect up to this IBM i system. You'll be able to choose your database from the list as long as you're authorized to it. And then you'll be able to then choose all your queries to run. In this case, I tell it to select these columns or fields from this table or physical file or the wages that are greater than equal to this variable that we're going to pass into the project. So you can pass that in as a parameter.

Now, if you don't know SQL that well or don't know your columns or field names, you can hit this little button here and it'll let you go into an SQL wizard. And let me show you what that looks like. And you choose your library, they'll let you choose your files and columns. So it'll build that select statement for you. After we'd selected the data, then I told it to create an Excel file from that. So we're going to give it this name, employee.xls, going to dump it out to the sheet name, we told to give a custom title, header, footer.

You can even format out your columns individually, like in this case we're going to write off the sip code and we're going to use this pattern to show the leading zeros. Now, you'll not only be able to take it out to Excel, but we have these other tasks too. If you look on the left side of the screen, you'll see all the other formats we can write out to within a workflow.

By the way, if you want to use a new component within a workflow, you're going to just simply drag that over here. So I could just simply just go into my outline where I'd like that to appear and it will then insert it within the outline. Okay. Going to go ahead and get rid of that?

After we've built the Excel file, I then wanted to encrypt it. So I told it to take that file that we just built in the prior step, go with the same name, but give it a PGP extension. Then we're going to use this PGP key to encrypt it. Now, if you don't know the key, you hit the browse button and it'll let you choose the key from the list. And then we told it to then connect up to an SFTP server, but you can just choose from the list.

If the haven't set up that connection yet, you can hit the create button and it will let you set up a new connection to that server. But in this case we want to choose an existing connection, and I told it to do a put to send this PGP file that was created in the prior step and place it into this folder location. And we're going to use this timestamp to prefix the file name when we write it up there. So you can use timestamps to do, and dates and times, to automatically prefix and suffix your files.

And then finally we told it to send an email confirmation, let them know this file was sent successfully. Let's go ahead and run this project interactively. You just hit the execute button and it will run that project from top to bottom. You can then view the job log, this is going to show you all the details so you can see where the job number that was assigned to it. You can then see the select theme that that was running. Here's where it wrote out the Excel file, here's where it then encrypted the file with PGP, and then it did an SFTP upload.

So this is the kinds of detail that customers really like to see because it's showing you step by step what's going on within the product. Now, if I'd like to run this project right from the IBM i, remember we give it this name here, so I can just simply use that name on a command called run projects.

Let's do run project, and so I can just simply put that project name here and then you can prompt for parameters, maybe for that minimum salary, whatever we call it, I can't remember for sure, but just put that variable name in here and pass in whatever you want to feed into that parameter. And then it will run that project just like you have a defined but with variable. You can not only pass in information like this, but also you can pass in file names, folder names and so on.

You can also run a project right from a CL program if you going into... We have source examples. Here's a case where we've embedded run project, and in this case we're going to override the state codes in the city. And you can do a mon-message trap for any errors that might be encountered. Okay.

Another way around a project is right from our scheduler. So I'll just show a quick example. So here I have, let's say, this job set up. You just type the name of the project to run and then the schedule here, you can run it again by the minute, hour, you can run certain days of the week, then you want to run it Monday through Wednesday. You can choose the time of day, you can then set a frequency. Okay. Maybe if there's any problems I want to keep trying it.

And the scheduler has built an email notification. So if there's any issues you can get a email sent to you, let you know of that problem. And then finally you can also run a job to folder monitor. In this case we want it to watch a folder called outbound. We want it to watch it for any files with the ADI extension, and I pull it to watch that folder from 9:00 AM to 10:00 AM every 15 seconds. If it finds any files during that time I told it to run this project to transfer the files to the bank.

And then you can set up email notifications. So for instance, if no files were found during that timeframe, you may want to get email on that because maybe your user or one of your applications didn't put the file in that folder like they're supposed to. So the secret to GoAnywhere is getting that project set up firsthand. Once you've set up the project, then you'll be able to run it through our interface right from a IBM i command line, or we also have commands for Windows and Linux.

Let me pop over to my PowerPoint here. So even though GoAnywhere may be running on your IBM i, you can install these commands on other systems. Here's the Windows example. So you could have this GA command for GoAnywhere command. They'll tell the URL where GoAnywhere installed and then you can pass in the name of the project. In this case we're going to pass in this file name and this folder path with it. So that's a great way to run projects. Of course, here's the command by IBM i.

And so essentially what's happening is you're going to have a central copy of GoAnywhere sitting there, and it's going to be listening for requests from all the different systems on your network and need to make requests to GoAnywhere. It will then run the project within the parameters you pass in. And then it will then connect out to whatever systems that needs to, and then it will return a response back to your application to let know if that was successful or not.

Now let me show you a little bit on the logging side. So if you goes to logs here and you'll be able to see all the jobs that ran, every job, again, is assigned a unique tracking number or job number, it'll tell you if it failed or not, who ran it when it started, how many seconds it took. And right from here you'll be able to drill down into any job log. You'll also be able to just focus on jobs that failed. For instance, maybe if the job failed, I see Dan had a problem here, I can drill down into his job log.

Now notice it's not marked as result, that means no one's taken care of that job yet. So if you did fix it you can then go next to and put in your notes on what you did to fix it. Right. User... Now it works. And then that will be stored with the job. So you can see now it's marked as resolved. You can then go next to the job and view the job details and you'll be able to see all the details, who ran it, date and timestamps, what the original error was, and I can see it was resolved, and I can see the notes around that. Okay.

You can then go into reports, and we got all kinds of graphs and charts that show you quickly what's going on in this system from a management perspective, here are some job statistics, let's go ahead and run that. And this is going to show me a PDF, lets pop that open. And so it's showing me by hour where we're getting most of our activity throughout the day.

So this case I had it look over the last week's time and it saw that we did over 14,000 file transfers, transferred almost 42 gig and you can see where that workload's been distributed throughout the day. So I could see where I'm getting most of my bandwidth utilized. Okay.

So we've been mostly talking about workflow automation, you can also let your trading partners connect up to your system. One way to do that is right through our web client. So you can have your corporate logo here, your own custom disclaimer, and then they can log in with their assigned account. You can have them, again, authenticated against the IBM i profile or against LDAP or active directory. They'll login with their account, it'll take them into the folders you've authorized them to. And then they just click on any file to open it up. They can upload new files to you. They just hit the upload button here.

They can download a whole group of files by highlighting those and hitting the download button. They'll package them all into a single zip file, all this activity is being audited, doesn't matter if they're coming in through ACPS or through a SFTP or FTPs, this is all being tracked. In fact, let me slip over to the audit logs. So I'm back in the administrator. If I go on to the audit log section I'm going to see, let's say for HTTPS, I can see all the users coming in, what activity they've had. And for any audit record, I can then drill down into that to see the full activity on it. Okay.

I know we're getting close to the end of the time. Dan, I don't know if you have your audio on, but do you see any other questions? I know you've been answering quite a few as I've been talking on the control panel, but do you see any questions there coming through that you think the audience would appreciate hearing?

Dan Freeman: There was a couple questions that came in. One of the specifically asking him about how we do handle FIPS, and mentioned going through the encryption menu in the FIPs 140-2 module that only allows certain cipher suites algorithms, key exchange methods for the different protocols. That was one of the-

Bob: Good.

Dan: ... questions. So, yup. Yup.

Bob: Okay. Yup. That's just a toggle switch. Some companies don't want to be as restricted as they are with... especially if they're not trading with the federal government. If you do turn on FIPS mode, it doesn't allow you to use certain algorithms and encryption algorithms. So that may be a problem if you have some legacy trading partners. So that's why we've made it a toggle you can choose if you're a security officer, if you'd like to enable that or not. Good. Good question.

From the dashboard you can click the little question mark there and it'll bring up the full help texts for GoAnywhere. So everything I've been showing you you can explore within the help text, it's fully searchable. So maybe you want to learn how to do SFTP, you can just key in SFTP, there's a start there, and it will tell you step by step how to create a key, how to set up a connection to your trading partner, how to then automate that transmission with that training partner.

This is also available in PDF form. Of course you can always call us if you get stuck anywhere. And let me just pop over here. I want to bring up the install requirements because it does run on a lot of different platforms. I know mainly we've been talking about the IBM i, so if you do install just the IBM i, you do need to be on V7R1 or higher. It's going to take about 275 mega disc, 512 mega memory. You do need to have 1.7 of the JVM or later, which is a free ISIS program you can get from IBM.

You can also install the product on Windows or Linux, if so, then here's the insulation requirements for those as well. I do see a question coming in. Someone's asking about setting up trading partner folders, if I could show that. Going to just pop over here. So, yes, if you do have trading partners that need to connect up to you, you would set up an account for them. We call them a web user. And essentially for each web user they'll choose what protocols are allowed to log in with.

So maybe you want them to be able to come in through, let's say, HTTPS or SFTP, and then you'll set the folders here. And so for each trading partner they'll have a rep folder. This could be an IFS folder where you can actually map them how to a Windows or Linux box or an Amazon S3 Bucket as an example. And then, let's just choose this IBM i box, and then you can set up additional folders for them. You can actually map them to other FTP and Secure FTP servers, you can map to other local folders and you can give them user friendly names, like in this case I've called this folder inbound that's actually mapped to this long path here.

So they won't actually see the the physical paths behind that, they'll just see these user friendly aliases. Okay. That was a good question that came in. Dan, do you see anything else coming through for the group?

Dan: No, not right now.

Bob: Okay, great. Great. So again, if you would like to try out the product, everything I've shown you is available. It's on a 30 day trial. You can install it, work with it, give us a call if you get stuck anywhere. I think you'll be very pleased. You can really bring all those file transmissions under one umbrella with GoAnywhere.

And this sums it up nicely, this graphic here, you can use it not only for server to server type transmissions, but also person to person file transfers as you need to between individuals. So with that, Dan, thanks for answering questions along the way, and thanks to all of you for joining us. And again, this webinar was recorded and you should get a link within the next 24 hours to that recording. So thank you for your time and have a great day. Bye bye.

See Full Transcript Close Full Transcript

Ready to See GoAnywhere in Action?

Schedule a live demo. Choose from our 15-, 30-, or 60-minute options to pick the level of detail that works best for you! Plus, check out the Azure and Amazon GoAnywhere pages.

SCHEDULE MY DEMO