Enterprise Application

Integration

servers outside of your organizational control and easy reach. Even sophisticated IT organizations may shy away from these tasks: • Negotiating and complying with partner’s security and firewall policies,

• Tracking changing members of the user community, who are not your employees,

• Software distribution of server patches and new upgrades to thousands of partners

Tumbleweed SecureTransport™ provides a unique solution that preserves all of the robustness and security of partner connections without requiring each partner to deploy a server. SecureTransport provides anuncompromising set of enterprise-grade data transfer features using a hub-and-spoke model, where the spokes are lightweight clients. This keeps the deployment cost low, and requires minimal user support. Tumbleweed customers have deployed SecureTransport into communities with thousands of users. For example,

• One of the largest health insurers in US is using SecureTransport with over three thousand of their partners, including small and large healthcare providers, pharmacies, other insurance companies, clearinghouses, and regulators.

• A large US bank with over $90B in assets is using SecureTransport to support its electronic

Treasury services with 6,000 of its corporate banking customers.

• A major Central Bank is deploying SecureTransport to support over 1,000 of its banking

customers as part of check image transfer project for inter-bank clearing.

SecureTransport provides a wide range of client needs based on platform and feature requirements,

including:

• Web Browser Support (w/ActiveX Control.)

Downloaded automatically and under 100KB in size,

this control provides guaranteed delivery through data integrity checks and auto-restart capability,

as well as a checkpoint/restart feature allowing a failed connection to be restarted at the point it left

off and ensuring the convergence of a transfer operation over poor (e.g., dial-up) connection.

Coupled with HTML templates and dynamic HTML support, this provides the lowest cost, yet

completely secure and reliable connection with customizable user interface.

• Windows GUI Client. A simple client that can be

downloaded and installed in minutes, it provides all of the reliability and security features, supports both HTTP/SSL and FTP/SSL, provides multiple user connection profiles, and offers batch capabilities as well as built-in scheduler for automated,

scheduled transfers with a comprehensive calendar support for multiple events. Additionally,

tunneling FTP protocol over HTTP enables it to navigate complex network environments with multiple firewalls and proxies.

• Command Line Client for Windows and UNIX.

Supporting command line invocation for easy

scripting, this client maintains the same security and reliability features as all other clients, supports both HTTP/SSL and FTP/SSL, and offers batch data transfer support. Scheduling can be provided

by using native platform features (e.g., UNIX cron) to schedule events. FTP tunneling is supported

similar to Windows GUI client.

• OS/390 (MVS) Client. Supporting both binary and

ASCII transfer modes, this client can be invoked from a command shell under UNIX System Services (USS), TSO executive, or from within a JCL job. Sophisticated firewall and IBM Tivoli Policy Director support ensures compliance with corporate security policies for datacenter networks.

• AS/400 Client. Supporting IBM iSeries users, this

java client can be invoked from a command line

61

A Web-server portal tries to address the issues of cost and deployment

complexity by allowing partners to use a Web browser for their data exchange

and communication needs. This leads to a compromise in a different direction

- browsers by themselves cannot provide support for advanced data exchange

needs such as guaranteed delivery, data integrity checks, checkpoint/restart,

multiprotocol support, legal-grade audit trails and client-side automation

options such as scheduled and batch transfers.

SecureTransport in

Enterprise Application

or incorporated into clients’ applications.

• Software Development Kits (SDKs). These are

available in C and Java and support client-side application integration for those partners that need complete application-to-application connectivity. Imbued with the same security and reliability features, the SDKs provide premier client automation solution for customers wanting to evolve their environment from EAI to IAI (Internet Application

Integration.)

The usual deployment mix for customers’ partner communities uses large numbers of Web browsers and Windows or UNIX clients in large numbers, with a smaller number of participants using OS/90 (MVS) clients, AS/00 clients and the SDKs.

When Partner Portal Is Not Enough

Another alternative for partner communications is a partner portal – a dynamically driven Web site that allows partners to view documents, execute transactions, and track status. However, when security, integrity and reliability of the data transfer are critical, so-called “partner portals” may fall short.

Consider TIBCO Partner Express, which provides a document-centric partner data exchange solution through a set of functions added behind a Web server designed to make user experience richer and more customized. It can even allow users to upload a file attachment or download one to their machine. This is typically done using HTTP/SSL, which is supported by every browser. In some cases, as does TIBCO, portals can also offer out-of-bound communication channels, most often SMTP email with attachments.

Lacking guaranteed delivery and audit trail, facing the firewalls that often reject emails with large attachments (e.g.,  or MB attachments often aren’t allowed past a corporate firewall,) – email makes an even poorer choice than direct HTTP transfer for critical data exchange.

However, even when relying on HTTP/SSL data transfer, these solutions are limited by the native browser capabilities and lack the ability to verify the integrity of the data uploaded or downloaded by the user. Nor can they offer an auto-restart if the connection drops or checkpoint/restart for a file partially transferred before a dropped connection. All these capabilities require the client to provide more capabilities than available in the browsers.

SecureTransport addresses these requirements by providing a small but sophisticated ActiveX Control that is downloaded when a browser-based user first connects to the SecureTransport server. From that point on, the control will:

• Create an MD5 file hash on the user’s side and provide it to the server to let it determine if any

errors occurred during the transmission that may have violated data integrity

• Auto-restart the transfer if an error occurs or the server notifies it that the hash doesn’t match

• Checkpoint the file transfer in progress and restart a failed transfer at the appropriate place

These capabilities provide for guaranteed data delivery in a browser-based environment and use built-in browser functionality to maintain the currency of the ActiveX control, downloading a new version when it appears on the server. For non-IE platforms, similar functionality can be provided using Java SDK. Of course, partners who require automated or scheduled transfers cannot use an interactive browser connection to the portal. SecureTransport GUI and command line clients provide the automation and scheduling capabilities often required by the partners to support unattended transfers. And C and Java SDKs provide an even tighter degree of integration when automation within a context of a partner application environment is required.

When business process integration requirements

FOCUS

SECURITY

include straightforward data exchange with the partners, SecureTransport hosted mailboxes and shared directories provide a compelling solution that is more secure and reliable while also easier to adapt to specific data exchange needs. Alternatively, if the requirements include transaction-related features unique to a portal, SecureTransport can be coupled with a partner portal to offer a seamless reliable data exchange to portal users.

Increasing Security of Externally Accessible Data

One of the critical issues facing organizations that need to exchange critical data with an external community is a tradeoff between making the data accessible over the Internet, while protecting its confidentiality and integrity. More specifically, a server (such as Vitria’s BBi server or TIBCO’s PortalExpress) must be accessible, and therefore visible from the Internet. Of course, strong authentication and access control measures add a degree of security. But all too often we hear about a server’s application software or operating system being compromised, allowing a hacker to take over the application or machine – no user credentials required.

A common way to address this problem is to use a network proxy in front of the server, typically locating it in the DMZ as a point of presence on the Internet. The proxy can then “hide” the real server on the secure network, but still deliver all network traffic destined to that server. Common proxy solutions pass through network data without regard to the user credentials or whether the data is properly authorized by the application. This allows for attacks – where intentionally bad content is delivered to the application with the purpose of either shutting it down to deny the service to other users or to gain unauthorized access (e.g., through buffer overflow or other application- specific attacks).

SecureTransport offers a unique defense against these threats. Instead of deploying a common proxy, SecureTransport Security Gateway server can be deployed in the DMZ to act as an application proxy in front of SecureTransport Data Management server deployed on the secure network to host the data and control the data exchange, and thus requires protection from Internet attacks. What’s the difference? When the SecureTransport Security Gateway is deployed in a DMZ to act in a proxy mode it brings added application intelligence to this task by:

1. Requiring the users to be authenticated before their requests can be passed on to the protected Data Management server. The user credentials are sent over to the protected server to be examined since the Security Gateway server doesn’t host any user information (which therefore prevents it from being compromised if the server itself is breached.) Back-end Data Management server then determines if the user should be granted access to the proxy server using any of the numerous authentication mechanisms, such as userid/password, LDAP, digital certificates, smart cards, secure tokens, single sign-on session IDs, or custom solutions for other enterprise authentication services.

. Restricting the content that can be passed to the back- end Data Management server using very granular access control mechanism. In effect, the Secure Gateway server can be put into a stealth mode, allowing only specific data requests to be passed on to the protected server and rejecting any other requests or commands. . Communicating with the protected Data Management server over SSL, thus ensuring that anyone who may have breached the DMZ (e.g., in case of a snooping attack) will remain powerless to intercept or compromise the communication with the protected server.

. Streaming data transfers from/to the protected Data Management server without writing them to disk,

thus ensuring that no sensitive data resides in DMZ, subject to compromise if someone penetrates the DMZ. These capabilities are supported by SecureTransport ActiveAgent framework that makes it possible to launch an event-driven agent for any login, directory access, navigation command, or data transfer event in SecureTransport.

When considering the options available to secure critical data while making it available to partners over Internet, network security exports now have a new and powerful weapon in their arsenal – an applicationlevel Security Gateway proxy that can be deployed on a dataless server in DMZ and stream the data from and to the secure Data Management server hosting partner information. SecureTransport can also be deployed as an application proxy to protect an EAI server - using custom agents to connect a SecureTransport Security Gateway server to an EAI environment such Vitria or TIBCO.

Integrating SecureTransport into an EAI Environment

Now that we have shown the benefits of using SecureTransport as a secure data exchange solution for partners, customers, and large trading communities, the question is raised, “Can it be easily integrated into an EAI environment to fill this role?” For integration to be easily accomplished, the following capabilities must be present:

1. Ability to integrate into a shared or rd party authentication and access control environment. SecureTransport can easily do that using shared session-Ids in Single Sign On (SSO)

environments, using LDAP directories, or custom integration using ActiveAgents.

. Ability to customize the UI for common look-and- feel. SecureTransport’s static HTML templates and

dynamic HTML generation through agents allows it to easily present a seamless look-and-feel.

. Ability to execute specific modules or commands on user navigation or data exchange (upload, download) events. ActiveAgent framework is specifically provided to make this an easy-to-use capability of SecureTransport.

. Ability to perform data extraction, transformation, and loading (ETL). SecureTransport provides one of the premier ETL tools for this purpose, Data Junction™, which makes it possible not only to convert data formats without writing a line of code, but also to extract the data from or post it to any of the common databases, corporate applications, and datacenter data communications environments such as IBM MQ Series or MS MQ.

This optional SecureTransport module can be used to make the integration between SecureTransport and EAI environment much deeper than simply sending and receiving files. Incoming data can be cleansed, enriched, burst, or converted to/from XML or EDI formats before being passed into the core EAI application or loaded into a database. Transaction status, reports, and other information can be automatically extracted

from the EAI application and provided back to the users in any suitable format, including files and HTML formatted Web pages.

FOCUS

SECURITY

6