Manycom FTP Server Automation and Security
Example Use Cases
Manycom FTP Server Automation and Security is typically used for both automatically starting pre- and post-transfer processes and securing the FTP server.
A very typical situation for automation arises from the need to start automatically an application to process the file, which the FTP client sends. In this case, the FTP client is typically requested to send first the file with a temporary name, and then rename the file to a new name known by the application. This kind of PUT/REN procedure is one way to avoid the situation, where the application could start processing the file too early, i.e. could read the file to the ‘end-of-file’ flag before the entire file has been transferred, which would probably cause a problem.
In order to implement the above need, a ’local task’ can be attached to (i.e. configured for) the rename operation performed by the specific request profile (corresponding to the specific FTP user connecting from the specific IP address). The local task runs the configured CL command interactively or in batch mode, as defined, or the local task creates a data queue entry to the configured data queue.
In both cases, the file path (directory/library name, file and member names) can be passed in three variables to the CL command, or to the data queue entry, correspondingly.
Notice that, different local tasks can be configured with different renaming operations depending on the IP address/FTP user combination and the resource name (file path) used with the operation.
In addition to RENaming operation, local tasks can be attached also to the following file operations: LIST, PUT/APPEND, GET and DEL operations.
Other variables to pass to the local tasks are IP address and FTP user.
Remote FTP clients should never log in the FTP server using the real OS/400 or i5/OS user profiles and passwords, since this causes sending the values over the insecure Internet. Hackers could catch them and try TELNET terminal connection to your system. Instead, you should have possibility to provide the FTP client a ‘mapped’ FTP user ID and password, which cannot be used for terminal access. Manycom FTP Server Automation and Security makes this possible, and much more.
You can reject any unauthorized FTP connection, FTP login, FTP subcommand and access to local resources (directories, libraries, files and CL commands) in a very simple way. You just do not configure those at all. When the MCM FTPSA security programs do not find the configuration entry that completely matches the request, MCM FTPSA returns to the OS FTP server the ‘rejected’ code, which causes the OS FTP server send ‘550 Rejected’ or the corresponding message to the FTP client.
MCM FTPSA is very flexible and easy to configure. When configuring the allowed operations, you can use subnets for IP addresses, as well as generic names (*ALL, *ANY, abc*) for the FTP users, directory/library names, file and member names, and CL commands. At the same time, you can configure also specific addresses and names for the FTP operations that you want to handle differently from the generic ones. MCM FTPSA selects always the most specific found configuration match for controlling the operation.
You can use this solution not only for controlling remote FTP clients, but also for controlling local FTP access from your LAN or intranet, e.g. from Windows PCs - without forgetting the virtual LAN and ‘loopback’ connections to the FTP server from inside the same system.
Finally, if you do not want to automate or reject any FTP server transaction, it would be a very nice idea just to log all transactions for viewing and controlling. These log entries are a great help, not only when revealing possible hackers, but also when helping authorized users to key in proper parameter values with the FTP subcommands.