|
This online help file is for the Secure Ad Hoc Transfer Module version 3. For other versions, please refer to http://help.globalscape.com/help/index.html. (If the Index and Contents are hidden, click Show Contents pane in the top left corner of this topic.) |
The Secure Ad Hoc Transfer (SAT) module version 3 has been tested on Windows XP Professional, Windows Server 2003, Windows Server 2008 (Standard, Enterprise, and Datacenter editions) x86-64, and Windows 7 and requires the following:
Connection to a computer running EFT Server v6.3 or later
If SAT is installed on a separate computer from EFT Server, EFT Server must be configured for remote administration.
Microsoft Internet Information Services (IIS) Web Server version 6 or 7. (Ideally, you should install IIS first, then .NET, then EFT Server, then SAT.)
To use SAT with IIS7, you must configure several options BEFORE you install the software. On operating systems other than Windows 2008, you will need to install .NET Framework AFTER these features are enabled.
.NET Framework Runtime version 4 or later. (Install .NET before installing SAT.)
An available connection to an SMTP mail server. Also refer to the following topics, if necessary:
Allowing application servers to relay off Exchange Server 2007 (Microsoft Exchange Team Blog)
How to troubleshoot mail relay issues in Exchange Server 2003 and in Exchange 2000 Server (Microsoft KB article ID 895853)
Java JRE 1.6 or later running on the client (sender/user) system that will be accessing the SAT Send Mail page. (In EFT Server v6.4.0, SAT's transfer engine was updated to use Java SE Runtime v6u26 and JFileUpload version 2.9C.)
A web browser; SAT was tested on current (as of this release) versions of Internet Explorer, Firefox, Safari (Windows and Mac OS), and Chrome browsers.
Before installing the SAT module, the following tasks must be completed:
Both EFT Server and IIS must be installed, configured, and running before installing the SAT module. (The installer detects which version of IIS is installed.)
If EFT Server and IIS are not running on the same computer, you must ensure that IIS can reach EFT Server via the EFT Server administration port. By default, the administration port is set to 1100.
IIS and .NET Framework version 4 must be installed, configured, and running before installing the SAT module.
Before installing the SAT module, you should have the following information available:
The EFT Server "server role" administrator account user name and password
The EFT Server IP address and administration port number. (By default, the administration port is set to 1100.)
The SMTP server IP address and port number and authentication credentials, if required
A SAT Module activation serial number (unless installing as a trial)
The following settings should be configured in EFT Server before installing the SAT module:
Define a Site that uses GlobalSCAPE authentication or ODBC authentication. If SAT is using an AD or LDAP Site, it cannot create temporary users.
Enable Remote Administration in EFT Server.
Enable the HTTPS protocol in EFT Server at the Site level.
Temporarily disable password complexity for administrator accounts during the SAT installation. After SAT installation is complete, generate a new password for SAT, then update the password via the SAT administration page. If you are using the HS module and the SAT module with EFT Server, you should create a separate, non-PCI DSS Site that is used only for the SAT module. Or you can disable the features on the PCI DSS Site that are not compatible (e.g., administrator password expiration and forced reset), but that would take the Site out of compliance with the PCI DSS.
To test the connection
On the IIS server, open a command prompt.
Type telnet <IP_address> <port_number> then press ENTER. For example type:
telnet 192.168.20.123 1100
If EFT Server is not reachable, the Telnet response is Connect failed.
The Secure Ad Hoc Transfer (SAT) Module is installed on the IIS server computer. The IIS server computer can be on the same server computer where EFT Server is running, or on a separate computer.
Common Deployment Methods
Place IIS with SAT inside your network. Access to the SAT interface is limited to internal users who can exchange files with external users.
Place IIS with SAT in the DMZ. Access to the SAT Web interface is available to external users who can exchange files with internal users or other external users. GlobalSCAPE recommends against placing the IIS server with SAT in the DMZ to prevent possible misuse of the SAT module as a mail relay.
The architectural diagram below demonstrates this setup with EFT Server and IIS both on separate boxes. It also assumes the use of the DMZ Gateway; without it, you would need to configure the solution differently, so that recipients can reach EFT Server.
The sender, inside your network, connects to the web page provided by IIS running the Secure Ad Hoc Transfer module page.
Secure Ad Hoc Transfer on IIS then offloads the file to EFT Server, creates a notification message, and sends that directly to the recipient through your SMTP server.
The recipient connects using the link-back https hyperlink to EFT Server to download the available files and, if applicable, uploads files back to EFT Server for later pick-up by the originator (sender).