CASHNet
Secure File Transfer
Instructions
Copyright © 2009, 2010 Higher One Payments, Inc.
CASHNet, CASHNet Business Office, CASHNet Commerce
Center, CASHNet SMARTPAY and all related logos and designs are the exclusive Trademarks of Higher One Payments, Inc.
Introduction ... 3
Batch versus Real-Time ... 3
Who Initiates the File Transfer? ... 3
Getting Started ... 4
Your File Transfer Login and Password ... 4
Transferring Files – Step-by-Step ... 4
Installing Software ... 4
Sending Files to CASHNet ... 8
Picking Up Files from CASHNet ... 10
Transferring Files – Advanced ... 12
Introduction
This guide will help you securely transfer batch files between your institution and CASHNet. For beginning users, background information and complete step-by-step instructions are provided. I.T. professionals and others familiar with file transfer protocols may wish to skip directly to the sections of interest.
Batch versus Real-Time
CASHNet supports two different types of interfaces: batch interfaces and real-time interfaces.
Much of the communication between CASHNet and an institution’s ERP system happens through “real-time” interfaces. These interfaces are used to retrieve a customer’s status and balance from the ERP system immediately when CASHNet needs information about the customer. Real-time interfaces are also used to inform the ERP system of payments made in CASHNet as soon as they are completed. These real-time interfaces will be configured by your CASHNet Implementation Team.
This manual deals only with the batch interfaces. These interfaces transfer an entire file of data in bulk, rather than sending each piece of data as it is needed (the way the real-time interfaces do). Batch interfaces are often used to send CASHNet your intuition’s general ledger chart of accounts, complete lists of who your customers are and what they owe (especially immediately before you go live on CASHNet), and files of electronic bills to be published to your customers. Batch interfaces are also frequently used to send files of payments received to your general ledger system and to other systems that may not be able to receive data in real time.
Who Initiates the File Transfer?
Whenever you use a batch interface, a file containing the data needs to be transferred between your institution and CASHNet. Depending on the nature of the interface, the data may be transferred from your institution to CASHNet (as in the case of a file of ebills) or it may be going back from CASHNet to your institution (as with a file of payments received).
However the key issue here is not which direction the data is flowing. Instead it is which party will initiate the file transfer.
Many customers prefer to initiate the transfers themselves. This means that they run a program on one of their computers to send the data to CASHNet or retrieve the data from CASHNet. This manual will take you through the details of how to do that.
Alternatively the CASHNet system can automatically initiate the transfers itself, either retrieving data from your server or placing data on your server. To enable this
CASHNet access through your firewall. For complete details, please refer to the System Setup User Manual or consult with your CASHNet Implementation Team.
Getting Started
The instructions which follow are for customers who need to transfer files for batch interfaces. If you are using online interfaces exclusively you do not need to be concerned with the rest of these instructions. Similarly, if CASHNet will be initiating the file transfers, you do not need to review the rest of these instructions.
Your File Transfer Login and Password
A single login and password are used for all file transfer activities associated with your CASHNet database.
The login name is the same as the client code for your database (which you see on your CASHNet operator login screen). This usually looks like “myschool_prod”.
The password will be communicated directly to the designated person at your institution. If you have multiple CASHNet databases (for example, most institutions also have a training database), there will be a separate login and password for each database. You are not able to change this password yourself. However the staff at CASHNet will be happy to change it for you at your request. To initiate a change, one of your
institutions’s authorized contacts just needs to email or call CASHNet OneSupport.
Transferring Files – Step-by-Step
This section will provide step-by-step instructions for how you can transfer files to or from CASHNet. If you’re not too familiar with how to transfer files, or you only need to transfer files once in a while (maybe for an initial load of students or a monthly bill file), these instructions will guide you through the process. If you’re an I.T. professional who knows about file transfer protocols (and perhaps wants to automate the process), you’ll probably want to skip to the “Advanced” section below.
Installing Software
The software we will use is called WinSCP. By using this software, your passwords and files will be encrypted for security when they are sent over the Internet. There are many other software programs that can also accomplish this; we’ve just chosen WinSCP because it is easy to install and easy to use.
WinSCP will run on most Windows computers. The software is available at no cost. Complete details are available on their website.
Follow these steps to download and install the software. These steps only need to be done once on any particular computer.
2. Click the “Download” link near the top of the page. 3. Click “Installation Package”.
4. The WinSCP installer will begin downloading.
a. If you are using Internet Explorer, you will probably see a yellow bar across the top of the screen warning you that the site is trying to download files. Click on the bar and choose “Download File.” Then click “Run”. If prompted again, choose “Run” once more.
b. If you are using a browser other than Internet Explorer, follow the prompts to download WinSCP and begin running the installation program.
5. The WinSCP installer will prompt you to Select Setup Language. Make sure “English” is selected and click “OK”.
6. You will see the WinSCP Setup Wizard Welcome screen. Click “Next”. 7. You will see the WinSCP License Agreement screen. To agree to the license,
click “Next”.
8. You will be prompted to select the Setup Type. Choose “Typical Installation” and click “Next”.
9. You will be prompted to select the Interface Style. Choose “Norton Commander Interface” and click “Next”.
10. You will see the Ready to Install screen. Click “Install”. Wait while the software is installed.
12. The WinSCP Login screen appears:
a. In the Host Name box, type eft.cashnet.com.
b. In the User Name box, type your assigned username (for example, “myschool_prod”).
c. Leave the Password box blank. (This will cause the system to prompt for your password each time you connect, which is the most secure option.) d. Leave the Port Number at the default value of 22.
13. The screen should now look like this:
Click Login
14. Since this is your first login, you will see a box that says “Warning. The server’s host key was not found in the cache.” Click “Yes”.
16. Once the password has been accepted, the screen will look similar to this:
The left side of the screen displays files on your computer, and the right side of the screen displays files on the CASHNet file transfer server. (The left side will look somewhat different depending on the actual files on your computer.) 17. You have completed setting up WinSCP. Click the close (“X”) box in the
upper-right corner to exit. Click “OK” to confirm.
Sending Files to CASHNet
Once the WinSCP software has been installed, any time you need to send a file to CASHNet follow these steps:
1. To launch WinSCP, click on your Start button. Choose All Programs, then the WinSCP group, then WinSCP.
2. The WinSCP login screen is displayed. Click “Login”.
4. Once the password has been accepted, the screen will look similar to this:
The left side of the screen displays files on your computer, and the right side of the screen displays files on the CASHNet file transfer server. (The left side will look somewhat different depending on the actual files on your computer.) 5. On the right side of the screen, double click “files” to move into that folder. 6. On the left side of the screen, navigate to the folder on your computer that
contains the file you want to send. You can use the dropdown box to select from a list of common locations, click the pathname displayed in the blue bar, or click any folder in the left pane.
7. In the left pane, click the file you wish to transfer. Then either press F5, click “Copy” (at the bottom of the screen), or drag the file to the right pane.
8. A confirmation window appears. Click “Copy”.
9. A progress bar will display while the transfer is occurring. Once the transfer has completed, the progress box will close and you will see the file appear in the right pane.
10. Repeat steps 6 through 9 for any additional files you need to copy.
Picking Up Files from CASHNet
Once the WinSCP software has been installed, any time you need to pick up a file from CASHNet follow these steps:
1. To launch WinSCP, click on your Start button. Choose All Programs, then the WinSCP group, then WinSCP.
2. The WinSCP login screen is displayed. Click “Login”.
3. You will be prompted for the password. Type your assigned password and click “OK”.
4. Once the password has been accepted, the screen will look similar to this:
The left side of the screen displays files on your computer, and the right side of the screen displays files on the CASHNet file transfer server. (The left side will look somewhat different depending on the actual files on your computer.)
5. On the left side of the screen, navigate to the folder on your computer where you want to put the file. You can use the dropdown box to select from a list of common locations, click the pathname displayed in the blue bar, or click any folder in the left pane.
7. In the right pane, click the file you wish to transfer. Then either press F5, click “Copy” (at the bottom of the screen), or drag the file to the left pane.
8. A confirmation window appears. Click “Copy”.
9. A progress bar will display while the transfer is occurring. Once the transfer has completed, the progress box will close and you will see the file appear in the right pane.
10. Repeat steps 6 through 9 for any additional files you need to pick up. 11. Click the close (“X”) box in the upper-right corner to exit. Click “OK” to
Transferring Files – Advanced
CASHNet supports the following file transfer options:
• SFTP – Secure File Transfer over ssh (port 22)
• FTP/S – FTP over SSL (port 21)
• FTP – standard FTP without encryption (port 21). Because this option does not encrypt the data, it is only allowed over VPN tunnels.
Details on each option follow below.
Using SFTP
CASHNet permits the use of most standard SFTP clients. To transfer files to or from CASHNet using SFTP:
1. Use your SFTP client to access eft.cashnet.com. 2. Login with your assigned login and password.
3. If sending files, put them in your login directory and do not change the default permissions assigned by the system. (If you are using a standard command line sftp client, the command will be “put filename”.)
4. If retrieving files, get them from your login directory. (If you are using a standard command line sftp client, the command will be “get filename”.)
A sample session from a command line would look like this:
$ sftp [email protected] Connecting to eft.cashnet.com... Password:
sftp> dir
bin etc files lib usr sftp> cd files
sftp> dir finance.dat
sftp> get finance.dat
Fetching /files/finance.dat to finance.dat
/files/finance.dat 100% 31KB 30.7KB/s 00:00 sftp> put bills.dat
Uploading bills.dat to /files/bills.dat
bills.dat 100% 103 0.1KB/s 00:00 sftp> quit
$
Please note the following important points:
• You should not attempt to change the default permissions assigned by the system. Doing so may make it impossible for the CASHNet application to properly
• Many file transfer clients attempt to convert the last modified times on the files to your local time zone. If the timestamps on the files seem strange, please check your software for options related to this. The CASHNet file transfer servers are set to U.S. Central Time (GMT-5 when daylight savings time is observed and GMT-6 at all other times).
• CASHNet does not support the use of the scp protocol.
Automating SFTP Transfers
You can automate file transfers between a Unix/Linux system and CASHNet by generating and installing an RSA key pair which will allow a designated account on a client machine to access your CASHNet file transfer account without needing to provide the password each time. Follow the steps below.
First generate the keys. On your campus Unix or Linux system generate a key pair by running this command:
ssh-keygen -t rsa -b 4096
(4096 could be considered excessive. Use a smaller key if you feel it is appropriate.) CASHNet can accept keys in either OpenSSH format or SSH2 format.
Next, provide your public key file (id_rsa.pub) to CASHNet OneSupport. An authorized contact from your institution may email the key file to [email protected].
Alternatively you may place the file in your directory on the file transfer server and an authorized contact can call or email CASHNet OneSupport to inform them that the file has been uploaded. CASHNet OneSupport will coordinate having your production file loaded onto the production servers.
Now you can use SFTP transfers without entering a password each time.
Once your account has been configured to work with SFTP keys, you will no longer be able to login using SFTP with a password.
One way to automate file transfers on a Linux or Unix system is to create a “here script”. To do so, make a shell script that looks like this:
sftp -o User=username -o IdentityFile=.ssh/id_rsa eft.cashnet.com <<@ put localfile remotefile
get remotefile localfile
(include any other valid SFTP commands you want here) @
Save that script file, set the permissions to 700, and execute the script. The files should be transferred without prompting you for a password.
Note that anyone who has access to the account you are using on the client machine will have access to your eft.cashnet.com account. Please secure the client machine account accordingly.
Using FTP/S
CASHNet permits the use of most standard FTP/S (also known as FTP over SSL) clients. Please note: FTP/S is a completely different protocol from SFTP. FTP/S uses SSL to encrypt a standard FTP session. It uses port 21 and, depending on your settings, a negotiated high port. SFTP is a method of transferring files over an SSH session using port 22. In general SFTP is easier to implement than FTP/S, in particular because it is easier to get SFTP traffic to traverse firewalls. If you wish to use SFTP, please see the instructions above.
To transfer files to or from CASHNet using FTP/S:
1. Set your client to use FTP over SSL explicit encryption. You may use either an active or passive mode connection with CASHNet.
2. Open a connection to eft.cashnet.com.
3. Request an encrypted session using the “AUTH SSL” command. 4. Login with your assigned login and password.
5. Request protected transfers using the “PROT P” command.
6. If sending files, put them in your login directory and do not change the default permissions assigned by the system. (If you are using a standard command line ftp client, the command will be “put filename”.)
7. If retrieving files, get them up from your login directory. (If you are using a standard command line ftp client, the command will be “get filename”.) Please note the following important points:
• You should not attempt to change the default permissions assigned by the system. Doing so may make it impossible for the CASHNet application to properly
process your files.
Using FTP
Because the standard FTP protocol does not provide any encryption, it may only be used to transfer files over a VPN tunnel that has been established between your institution and the CASHNet data center. This will require advance coordination with your CASHNet implementation team.
FTP Over a VPN Tunnel
This option requires that a VPN tunnel be established between your institution and the CASHNet data center. When your network technicians establish the VPN tunnel, they will want to include the server that you will use to initiate FTP transfers in the VPN tunnel’s interesting traffic list.
Once the tunnel is up and running, CASHNet will provide you with a special IP address to use for your file transfers. In order to insure that your files are sent over the VPN tunnel, it is important that you use that IP address rather than the hostname
eft.cashnet.com when you connect to the CASHNet file transfer server.
Once you have connected to the specified IP address, you can login using your assigned login and password. You will then be able to put and get files in the default login directory.
Data Storage
The CASHNet File Transfer Servers are intended only for the short-term storage of data being transferred between your institution and CASHNet.
When your transfer a file to be imported into CASHNet, in most cases the file is
automatically deleted after the import completes. When CASHNet creates a file for you to pick up, we recommend that you delete the file once you have successfully retrieved it. For security reasons, the CASHNet File Transfer Servers should not be used for long term storage or archiving of files. While these servers are protected by firewalls and other measures, the data is most secure when it is inside the CASHNet database. When it is stored inside the CASHNet database, the data is protected by even greater security measures and, in some cases, additional encryption.
If you ever need to access an extract file that had been created by CASHNet, most files can be re-created on demand through the CASHNet End of Day screen.
