For information about Globalscape, visit www.globalscape.com.
(Requires File Transfer Client module in EFT SMB; included in EFT Enterprise) You can configure EFT to copy or move (also known as "offload") files to a specific location using a particular protocol whenever certain Events occur, such as when a report is created. You must provide EFT with connection information (protocol and login details) and file information (source path and destination path).
The Copy/Move Action can be applied to all File System Events; the User Events "User Quota Exceeded," "User Logged In," and "User Logged Out"; and the Server Events "Timer" and "Log Rotated."
If you create an Upload Rule that sends a file transfer activity report, the file transfer that triggered the Rule is not included in the report.
When you add a Copy/Move file to host or Download file from host Action to a Rule, the Client FTP offload engine performs retries upon failures (network failures is the typical example) based upon the settings in the Advanced Options dialog box. Be aware that the Copy/Move file to host or Download file from host Action does the transfer, including all retries, before moving on to the next Action, such as an e-mail notification. A long-running transfer that also retries numerous times with large delays will cause the Event Rule to take a long time to complete.
A Move Action over the local file system updates the variables FS.PATH, FS.FILE_NAME, and FS.FOLDER_NAME to match the NEW file location.
When EFT opens a file for copy, it uses FILE_SHARE_READ sharing mode. This mode ensures that a file cannot be changed by another process while EFT copies it, preventing corruption of the file.
Refer to Connection Profiles for details of setting up a Connection Profile before defining the Action.
To configure EFT to copy/move files
Follow the procedure in Creating Event Rules, or select the Rule to which you want to add the Action. For example, create a Scheduler (Timer) Event.
In the right pane, in the Actions list, double-click Copy/Move (push) file to host.
In the Rule Builder, click Copy to toggle between Copy and Move to choose the Action you want for this Rule.
In the Rule Builder, click one of the undefined parameters (e.g., '/%SOURCE.FILE_NAME%').
The Offload Action Wizard appears.
In the Connection Profile box, specify a connection profile for this Event. If none is specified, you will need to configure the Connection details as described below.
On the Offload method box, specify a protocol type for the connection: Local (Local File or LAN), FTP (standard File Transfer Protocol), FTP SSL/TLS (AUTH TLS), FTP with SSL (Explicit encryption), FTP with SSL (Implicit encryption), SFTP using SSH2 (Secure Shell), HTTP (HyperText Transfer Protocol), HTTPS (Secure HTTP access), Accelerated Secure Transfer.
(Optional) If you selected Local (Local Files or LAN), under Optional credentials override, provide the Windows account username and Password for connecting to remote shares (not local folders).
These credentials are used for the remote destination folder ONLY for copy/move actions. The source (Local) folder will still use EFT server service account at all times. (When using download (PULL) actions over LAN, the same concept applies, but credentials will be used for the source directory and EFT server service account for the destination.)
Only if/when a resource cannot be accessed using the credentials under which the EFT service is running do you need to include the optional credentials. The Optional credentials override feature allows you to specify an alternate set of logon credentials for accessing the destination network shares to which the EFT service account may not have access (due to security constraints).
If alternate credentials are specified, EFT will use its current security token (associated with the "Log on as" account specified in the EFT server service settings) for LOCAL folder access and then a new security token (associated with the alternate logon credentials) for the remote destination folder accessed over network connections (e.g. network shares).
Think of Local Transfer as an operation (offload or download) with a remote server.
Think of "Optional credentials override") as "credentials to access remote server."
For download action, it is "credentials for source folder."
For copy/move (offload ), it is "credentials for destination folder."
"Credentials to access local folder" ("source" for offload and "dest" for download) is Event Rule execution context (EFT account, or Folder Monitor account for FM rules, or Connected Client account for client-originated rules on an AD site):
TEST1: Offloads file from "local" Share A (access as EFT account, i.e., X) to "remote" folder B (access as Y) => Fails, as X has no permissions on A.
TEST2: Downloads file from "remote" Share A (access as Y) to "local" folder B (access as EFT account, i.e., X) => Succeeds, as Y has permissions on A and X has permissions on B.
If you chose anything but Local do the following; if you chose Local, skip to the Source File Path page step.
In the Host address box, type the IP address.
The Port number for the selected protocol changes automatically based on the offload method. Provide a different port number, if necessary.
Provide the Username and Password needed to establish the connection.
Select the Use connected client's login credentials to authenticate check box if you want to use the local system account to authenticate. The availability of this check box is controlled on the Site's Security tab by the Persist username and password credentials for use in Event Rule context variables check box.
If you chose SFTP, provide the client SFTP certificate information.
If you chose a protocol that uses SSL (FTPS or HTTPS), provide the client and remote server's SSL certificate information.
In the Client SSL Certificate Path box, click the folder to specify the client SSL certificate path.
In the Client SSL Private Key Path box, click the folder to specify the client SSL private key path.
In the Client SSL Private Key Passphrase box, provide the passphrase for the client SSL certificate.
In the Server SSL Certificate box, specify the remote server's certificate file. It is recommended, especially for production systems, that the EFT administrator obtain the remote server's SSL certificate and save it as a file in a place accessible by the EFT server service (such as the shared configuration path in HA mode or a local configuration path). EFT will validate that the server side of any SSL-based connection made for that event action will match the server certificate. If you do not specify an SSL certificate in this box, EFT will accept any server-provided SSL certificate, which would leave the connection open to a man-in-the-middle attack.
If you are connecting to a remote host through a SOCKS server, click SOCKS.
Specify the Socks Type (SOCKS4 or SOCKS5).
Specify the Host name and Port.
If you specified SOCKS5 and the server requires authentication, select the Use Authentication check box, then provide a Username and Password.
If you are connecting to a remote host through a proxy, click Proxy. The Proxy Settings dialog box appears.
Specify the Proxy type, Host name, Port, Username, and Password.
Using the DMZ Gateway as proxy is available only in EFT Enterprise and only if DMZ Gateway is configured and connected to EFT. Contact your system administrator for the proper host name, port, username, password, and proxy type, as well as any required advanced authentication methods.
To specify an Authentication Type and login sequence, click Advanced. You must select FTP Proxy or HTTP Proxy to specify advanced settings. (Advanced proxy settings are not available when using the DMZ Gateway as the outbound proxy.)
Specify one of the following Authentication Types:
USER user@site if your proxy server requires the USER command followed by your user name and the Site name to allow connection with a remote Site. You can change the @ symbol if a different separator is required by your proxy server.
SITE site if your proxy server requires the SITE command followed by the address of the remote FTP site to allow a connection.
USER with logon if your proxy server requires the USER command followed by a user name and password to allow connection with a remote Site.
USER/PASS/ACCT if your proxy server requires all three commands before allowing a connection to a remote Site.
OPEN site if your proxy server requires the OPEN command followed by the Site name before allowing connection to the Site.
Custom if your proxy server requires a login sequence different from those above. Refer to the procedure below for details of creating a custom authentication method (login sequence).
In the Advanced Proxy Settings dialog box, click Custom, then specify the login sequence in the text box using the following variables: %host%, % user%, %pass%, %port%, %fire_pass%, %fire_user%. Be sure to type each variable with percent signs before and after, and press ENTER to separate commands.
Type any other commands and variables, separating commands with a line break (press ENTER).
Click OK to accept the changes and close the Advanced Proxy Settings dialog box.
Click OK to accept the changes and close the Proxy Settings dialog box.
To specify transfer options and time stamps, in the Offload wizard, click Advanced. The Advanced Options dialog box appears.
In the General transfer options area, you can provide more control over Max concurrent transfer threads, Connection timeout, Connection retry attempts, and Delay between retries. When files are being transferred with Event Rules (copy/move), if there are connection problems (e.g., the network is unavailable), the server will attempt to establish a connection the number of times specified in Connection retry attempts. When EFT is able to re-establish the connection, it continues to transfer the file even if there are multiple interruptions.
In the Use the following local IP for outbound connections box, click the down arrow to specify an IP address. If the computer has multiple IP addresses available and/or both IPv4 and IPv6 addresses, you can let EFT choose which IP address to use or you can specify which one it is to use.
Select the Validate file integrity after transfer check box to specify that EFT should double check binary files to ensure the files downloaded completely and correctly. (Not applicable to SFTP.)
In the Data port mode box, click the drop-down list and select one of the following (not applicable to SFTP):
Auto—When Auto is selected, EFT initially makes connections in PASV mode. If the PASV connection fails, EFT attempts to connect in PORT mode automatically.
Active—When Active mode is selected, EFT opens an additional port and tells the remote server to connect to <IP:PORT_RANGE> to establish a data connection. This is useful when the server is behind a firewall that closes all unnecessary ports. If you select this mode, specify the port range from which the client will choose. (For security best practices, Active mode is not allowed when brokering outbound connections through DMZ Gateway.)
Passive—When Passive mode is selected, EFT tells the remote server to provide <IP:PORT> to which EFT can connect to establish a data connection. This is useful when a client is behind a firewall that closes all unnecessary ports. Helps avoid conflicts with security systems.
Select the Clear command channel check box to send FTP commands in clear text. (Only available when FTPS is specified.)
Select the Clear data channel check box to transfer files without encryption. (Only available when FTPS is specified.)
In the Filename encoding area, specify whether the filename is encoded as UTF-8 or ASCII.
To conserve Unicode file names, the remote server must support UTF-8 and advertise UTF-8 in its FEAT command.
To conserve Unicode file content you must transfer the file using binary transfer mode or save the file using UTF-8 encoding before offloading it in ASCII mode. (Refer to Knowledgebase article #11113 for more information.)
To enforce binary transfer mode for text files with UTF-8 encoded content, you should remove all the extensions from the ASCII transfer mode area in the next step or transfer files with extensions that don’t match those on the ASCII types list.
Text (ASCII) files transferred in binary mode will retain their carriage return (CR) and line feed (LN) hidden characters which are not supported by *nix systems by default.
In the ASCII transfer mode area, specify the file types that can be transferred. Use a comma and a space between extensions. If you use only a comma with no space, then the Rule will not recognize the extension/file type. TXT, INF, HTML, and HTM are specified by default. If an asterisk (*) is specified, all files are downloaded in ASCII mode, even if that file doesn't have an extension. (To conserve Unicode file content, you must transfer the file using binary transfer mode. To force download in binary, clear the file types box.)
In the Time stamps area, select one of the following:
Select the Preserve remote time stamp for downloaded files check box to keep the time stamp the same on the destination file as it is on remote file.
Select the Preserve the local time stamp for uploaded files if the server allows MDTM check box to keep an uploaded file's time stamp the same on remote server as it is on the source file system. (Not applicable to SFTP.)
(optional) To define commands to occur before and after this operation, click Pre/Post.
In the Pre/post commands dialog box, you can specify one of the following operations to occur before and after the Copy/Move Action.
Mainframe Support - Used to specify information that may be required when sending a file/dataset to a mainframe computer.
When you choose the Mainframe Support operation, then click Configure, the Configure Mainframe Support dialog box appears.
Select the applicable check boxes and provide the parameters:
LRECL = Logical Record Length; By default, Windows creates files with a logical record length of 256, at which point the line wraps. You can specify a different length in this box.
BLKSIZE = Block Size of the data set; Normally a multiple of LRCEL.
RECFM = Record Format; Specifies the characteristics of the records in the data set as:
F - Fixed record length
V - Variable record length
U - Undefined record length
B - Blocked records
S - Spanned records
A - Records contain ISO/ANSI control characters
M - Records contain machine code control characters
Click Next. The Source File Path page appears.
In the Source path box, provide the path to the file(s) that you want to offload. (No validation is performed.) For example, type:
C:\Staging\*.dat or \\mydomain\common\jsmith\file.txt
You can leave Source path blank or use %FS.PATH% to offload the files associated with the Event that triggered the Action. In a Timer Event, there is no context variable available for the path, so you must specify a filename.
Select the Delete source file after it has been offloaded check box if you want to delete the file after it is copied/moved. (If the file is marked read-only, it will not be deleted.)
Select the Except when ... check box if you do not want to delete the source file after it is offloaded if the offload was skipped.
Select the If the source file is missing treat as success check box if you want the Action to be considered successful even if the source file is missing.
Click Next. The Destination File Path page appears.
In the Destination path box, specify the location in which to save the offloaded file. (No validation is performed when you type a path; the Folder icon is only available for local transfers.)
If you type a path to a folder that does not exist, the Event Rule will fail. Be sure you have the path defined correctly, e.g., make sure to use the proper slash. In general, forward slashes / are used in remote paths, and backward slashes \ are used in local Windows paths. Do not use both.
You can specify variables, such as \pub\usr\%USER.LOGIN%\%FS.FILE.NAME%.
In the Variables box, double-click the variable(s) that you want to add to the path.
In Move Actions over the LOCAL FILE SYSTEM, the %FS.PATH%, %FS.FILE_NAME%, and %FS.FOLDER_NAME% context variables are updated to match the new file location.
In the Matching filenames box, specify whether to Overwrite, Skip, Smart Overwrite, or Numerate files that exist with the same name. (Refer to Smart Overwrite for more information about Smart Overwrite.) This setting only applies to the initial transfer, not when the transfer is interrupted and then resumed. When resuming, EFT will follow the Smart Overwrite settings (i.e., performs a CRC match for the files; if the files are identical, the destination file is not overwritten).
Overwrite—Overwrite any existing file with the same name.
Skip—Skip the offload if a file with the same name exists in the destination directory.
Smart Overwrite—EFT performs a CRC match for the files. If the files are identical, the destination file is not overwritten. Refer to Smart Overwrite for more information about this feature.
Numerate—If a file in the destination folder has the same name as the file you are transferring, EFT renames the transferred file to "Copy of file.txt." If the same transfer occurs again, EFT renames the transferred file to "Copy (2) of file.txt" and so on.
If you want to rename the file, select the Rename transferred file to box and specify a new name.
You can rename the file when it is transferred. For example, when "myfile.doc" is uploaded, you might want to save it as "status_%EVENT.DATESTAMP%.doc" or something else more identifiable.
You can also use variables in the Rename transferred file to box. For example, /%FS.FILE_NAME%.%EVENT.TIMESTAMP%
For LAN renames, you must include the full path to the file.
(In v6.3) Only FTP and FTPS are currently supported.
EFT executes a RNFR + RNTO sequence for FTP transfers on the remote server. If the remote server supports cross-folder rename (as EFT does), it is possible for Rename-Pathname-Filename variable to point to a different folder than the Offload Destination folder.
The Offload transaction status will be FAILED if the rename fails, even though the file was transferred.
The Status Viewer will display the Rename-To value in the Remote Path field for Offload.
Click Finish then click Apply to save the changes on EFT and/or add other Actions and Conditions to the Rule.
If you are copying or moving the file to another location, and the file upload is a regularly occurring Event with a file of the same name, in the Offload Action wizard, add the variables %EVENT.DATESTAMP% and/or %EVENT.TIMESTAMP% to the path so that the date (YYYYMMDD) and/or time (HHMMSS) are added to the filename when it is moved/copied. Do not use %EVENT.TIME%, because the colon (e.g., 28 Aug 07 10:01:56) makes it unsuitable for file naming.
For example, in the Offload Action wizard, in the Destination path box, provide the path and variables. For example, type:
C:\Documents and Settings\Administrator\My Documents\upload\%EVENT.DATESTAMP%_%EVENT.TIMESTAMP%_%FS.FILE_NAME%
With this path and variables, when a file is uploaded to the monitored folder, the file is moved to \My Documents\upload and the date and time are prepended to the filename. For example, 20080422_101212_mydailyprogress.doc.