Online Banking for Business
Secure FTP with SSL (Secure Socket Layer)
Contents
Secure FTP Setup
... 1
Introduction
...
1Secure FTP Setup Diagram
...
1Before You Set Up S/FTP
...
2Setting Up S/FTP
...
2Sending Files
... 3
Address construction
...
3To Send a File
...
3Receipt file
...
4Receiving Files and Reports
... 5
Outbound (from BMO) Mail Slots
...
5Listing received files
...
5Receiving files
...
6Appendix A – Client Questionnaire
... 8
Appendix B - Definitions
... 10
File encoding
...
10Other definitions
...
10Appendix C – Certified Secure FTP software
... 11
Secure FTP Setup
I N T R O D U C T I O N
This guide explains how to configure a secure FTP connection to BM O Bank of Montreal (BMO) to allow secured communication over the Internet. The FTP transmission service provides a high speed and reliable method of transmitting files between your PC/Server and BMO.
Note: The Secure FTP service uses standard File Transfer Protocol services. It simply adds a secured (SSL) tunnel through the Internet for the FTP commands sent from third party software to the FTP Service.
This Service is provided in conjunction with GXS.
S E C U R E F T P S E T U P D I A G R A M
A Secure FTP (S/FTP) setup is illustrated in the diagram shown below.
B E F O R E Y O U S E T U P S / F T P
The following items are required before you begin the setup:
• Obtain Secure FTP client software. This service recommends that a pre-approved Secure FTP client be used to access the service. See Appendix C for a list of GXS certified Secure FTP software products.
To use the FTP transmission service, you will need to have received the following from the BMO: 1. This user guide.
2. A Secure FTP questionnaire (Appendix A) - to be completed and returned to BMO. 3. A mailbox ID (same as FTP user ID) and password.
4. Your trading relationships (also know as mail slots).
5. Your BMO Implementation Specialist (IS) will provide you with your user number (mailbox id) and password as well as your trading relationships (mail slots). Please review the Send and Receive sections of this document.
S E T T I N G U P S / F T P
Follow the instructions below to begin setting up Secure FTP.
Note: if you have a firewall on your system, you will need to have the following ports open:
Data port range – 6366-6416 FTP ports 20 and 21
•
Install and setup your Secure FTP client software. Use default values in the setup with the following exceptions:• Server address is sftp.am.gxsics.com • Enter your mailbox id and password.
• Enter the applicable FTP commands for a session.
• Log on to Interchange Services using your user number and password. If you encounter problems with your Interchange Services user number, contact your IS. Work with your IS to test the setup and begin exchanging documents.
Sending Files
A D D R E S S C O N S T R U C T I O N
• You can send files to us from your mailbox. In order to send files you must
establish/confirm your mail slots with your IS. Depending on the number of services you have with us, you may have more than one inbound mail slot. The construction of the Send address for you is mailbox-SEND. Your mailbox is the same as the FTP user ID.
• BMO Receive addresses have been constructed using the application, document type and file encoding. This constructs your inbound mail slot to BMO. Your inbound mail slot consists of the following:
• Application name – provided by the IS;
• Application document type – provided by the IS;
• File encoding – provided by you when implementation was requested.
Example: When you are sending an Electronic Transfer File (EFT) file to BMO, your inbound trading relationship will look as follows: DEFT-DEFT80-A – where DEFT is the application name, DEFT80 is the document type, and A is encoding. The above mail slot means that you can send 80 bytes DEFT files in ASCII format. Please work with your IS to get details of all of your inbound mail slot. Refer to Appendix B for available file encodings.
T O S E N D A F I L E
In order to send files, FTP commands must be entered in your secure FTP software.
1. You must first change to the /send directory on the server. This is performed as follows: cd /send
2. You must also include two commands that instruct the FTP Service on how to process the file(s) being sent. Both use the “QUOTE SITE” command. There is no order preference between these two commands, either one can come before the other. The only requirement is that they come before the actual sending of the file(s).
The first command causes the service to treat the file as binary. This is required in order to instruct the service to forward the file to BMO without additional processing. The syntax is as follows:
QUOTE SITE standard=none
The second command defines the sending and receiving addresses for the PUT command. The required syntax is:
QUOTE SITE parm=sa=sender_address;ra=receiver_address
Refer to the Address Construction section for details on address construction.
The sender_address is your userid(or Mailbox ID)-SEND. The receiver_address is your inbound mail slot. (See Address Construction for details). For Example, you can use the following command:
QUOTE SITE parm=sa=AAA12345-SEND;ra=DEFT-DEFT80-A
The above means that you are sending an 80 byte EFT file from your mailbox ID AAA12345.
3. The final step to send a file is to use the PUT command.
In the example below, a file named “testfile.dat” located in C:\temp directory will be used. This file will also be sent in binary mode. The command to send this file would appear as:
PUT C:\temp\testfile.dat
As a result there will be four commands
cd /send binary
QUOTE SITE standard=none
QUOTE SITE parm=sa=AAA22755-SEND;ra=DEFT-DEFT80-A PUT C:\temp\testfile.dat byparm
In the example above, a file named “testfile.dat” located in C:\temp directory will be sent. This file will also be sent in binary mode.
If you are experiencing problems with the above QUOTE SITE commands, such as, “Bad command or it is not implemented here”, use the following user ID syntax on the FTP login prompt:
ADW12345@iftp.am.gxsics.com , instead of just ADW12345 - where ADW12345
is your mailbox ID provided by IS.
R E C E I P T F I L E
Important: The following Receive address is provided in order for you to confirm whether the
file was transmitted. The address has the following format: mailbox-RECEIPT
This address is used to receive a receipt, providing you with information on whether or not a Sent transaction was delivered successfully. These files are text-based and contain a single line without record terminators and should be readable on either Unix or Windows platforms. The receipt message indicates that BMO has received your file successfully and will convey it to the appropriate product (e.g., EFT).
Note: to verify that your file has been successfully processed by the appropriate product, please check any output reports or files generated.
Receiving Files and Reports
Any product files or reports that you expect to receive from any BMO service such as EFT, can be delivered electronically to you via the FTP transmission service.O U T B O U N D ( F R O M B M O ) M A I L S L O T S
BMO will send your reports and files to your mailbox. Depending on the number of services you have with us, you may have more than one outbound mail slot (also known as trading
relationship). Your outbound mail slot consists of the following: • Mailbox ID – provided by the IS
• Application name – provided by the IS
• Application document type – provided by the IS
• File encoding – provided by you when implementation was requested.
BMO will send your files / reports to one of the outbound mail slots. For example, if you are set up to receive EFT reports or files your mail slot will look as follows:
AAA12345-DEFT-WINTESTE20RPT-A – where AAA12345 is your mailbox ID, EFT is the application name, WINTESTE20RPT is the document type, and A is
encoding.
The above mail slot will be receiving reports from the EFT system in ASCII format. Refer to
Appendix B for available file encodings.
Please work with your IS to get details of all of your outbound mail slots (or trading relationships).
L I S T I N G R E C E I V E D F I L E S
The following section will describe commands that can be used to obtain a listing of messages in your inbox that corresponds to what you have received from BMO.
1. You must first change to the /receive (inbox) area in ICS. The command used to perform this change is:
cd /receive
2. The FTP transmission service provides a way to filter the listing based on your outbound mail slot. Using the filter feature, you can obtain a listing of your inbox, and only display files received by a specific mail slot. The following command is used to define this filter:
QUOTE SITE parm=ad=filter_address
The filter_address is replaced by any one of your mail slots. For example, to see what Receipt messages have been received, the following filter is set:
QUOTE SITE parm=ad=AAA12345-RECEIPT
To see only EFT reports:
QUOTE SITE parm=ad=AAA12345-DEFT-WINTESTE20RPT-A
3. Once this command has been accepted by the service, you can then request a list of files based on this filter by using the command:
dir byparm
This tells the server to use the filter (parm) to generate a directory listing.
4. Therefore to list a file for a specific mail slot you will need to perform the following commands:
cd /receive
QUOTE SITE parm=ad=AAA12345-RECEIPT (or any other mail slot) dir byparm
The matched files will be listed e.g.
Detail: "Sender ILOG IC Control# Sent (GMT) Mfile" Detail: "BMOCOM-SEND 08031488350 03AUG05|14:53 M8300744" Detail: "BMOCOM-SEND 08031488767 03AUG05|14:53 M8300745" Detail: "BMOCOM-SEND 08031489150 03AUG05|14:53 M8300746"
The content is normally displayed showing the sender, date and time, and what is termed the Mfile. The Mfile is named uniquely by the service and does not reflect the file name given by BMO. Your mail slots allow you to identify relevant files and reports.
If you are experiencing problems with the above QUOTE SITE commands, such as, “Bad command or it is not implemented here”, use the following user ID syntax on the FTP login prompt:
ADW01234@iftp.am.gxsics.com , (instead of just ADW01234) - where ADW01234 is
your mailbox ID provided by IS.
R E C E I V I N G F I L E S
The process of receiving content/files uses the same QUOTE SITE parm command as described in the Listing Received Files section. However, in order to actually receive the messages instead of just listing them, the GET command must be used. The GET command shown below will download all messages/files based on the QUOTE SITE filter set. The messages/files will be stored in separate files based on the Mfile name. The command used is:
GET byparm
If no files are found, nothing will be downloaded.
You may also wish to download files received by a specific mail slot and store them in a unique folder. This can be accomplished by appending the folder (destination) to the GET command used above.
Since files will be downloaded to different locations based on the three addresses shown above, the following commands will be needed:
cd / receive
QUOTE SITE parm=ad=AAA12345-DEFT-WINTESTE20FLE-A GET byparm “D:\Program Files\Inbox\WINTESTE20FILES”
If you are experiencing problems with the above QUOTE SITE commands, such as “Bad command or it is not implemented here”, use the following user ID syntax on the FTP login prompt:
ADW01234@iftp.am.gxsics.com , instead of just ADW01234 - where ADW01234
is your mailbox ID provided by IS.
Appendix A – Secure FTP SSL
Client Questionnaire
S E C T I O N I : BA S I C I N F O R M A T I O N A B O U T Y O U R C O M P A N Y
Company Name:
Company Business Contact Name: Company Business Contact Phone: Company Business Contact Fax: Company Business Contact Email:
Company Address:
City:
Zip/Postal Code:
Country
Online Banking for Business
Customer ID (if known)
Other Customer Contacts
Technical Contact Name: Technical Contact Phone:
Technical Contact Fax:
Technical Contact Email: Desired Production Date:
DD/MMM/YYYY
Please list services to which you want to enable file exchange (e.g. EDI, BAI, DEFT, etc.)
SE C T I O N I I : G X S M A I L B O X I N F O R M A T I O N:
1. Do you have an existing mailbox on the GXS Interchange Service platform and would you like to use it?
YES, enter mailbox ID
NO, proceed to the next question
2. Would you like the same files/reports delivered and shared with multiple mailboxes (i.e. users), e.g., multiple divisions within your company that require separate access? Additional fees apply.
--- If NO, proceed to Section III.
3. Please provide your GXS mailbox Ids (if they exist) for multiple mailbox delivery. If no mailboxes are currently set up, indicate the number of required mailboxes.
- Use this field to fill in other mailbox Ids (if you answered Yes in question 1).
4. Would you like all files and reports delivered (shared) to multiple mailboxes or only to specific ones (e.g., specific EFT reports, EDI files, etc)?
---If only Specific product option selected, fill in the following:
Enter product(s)
SE C T I O N I I I – SE C U R E F T P ( S S L ) I N F O R M A T I O N
Please provide the Secure FTP (SSL) software you want to use with this service.
Software Version
Important: Refer to Appendix C in the Secure FTP SSL User Guide to review the list of certified software for this service.
Indicate file encoding (See Appendix B in the User Guide for encoding description)
Inbound file to BMO
A (ASCII) E (EBCDIC)
Outbound files from BMO
W (WINDOWS) - CR (Carriage Return) and Line Feed (LF). This means that the record terminators within the application files on the windows platform are CRLF.
A (ASCII) - The default delimiter on Unix platform is Line Feed (LF). This means that the record terminators within the application files on the Unix platform are LF
E (EBCDIC) - Mainframe format
Indicate if you require PGP and / or file compression (WinZip)?
NOTE: These are optional features and they
are not required to exchange files with the Bank
PGP file encryption WinZip file compression (not recommended for files less than 20 Mb).
Additional Notes:
Appendix B - Definitions
F I L E E N C O D I N G
BMO supports several file encoding types. These are:
W: Windows (ASCII machine) – This encoding can be used in Outbound transmission from BMO ONLY.
The default delimiter on the Windows platform is CR (Carriage Return) and Line Feed (LF). This means that the record terminators within the application files on the windows platform are CRLF.
A: Unix (ASCII machine).
The default delimiter on Unix platform is Line Feed (LF). This means that the record terminators within the application files on the Unix platform are LF.
E: Mainframe (EBCDIC machine).
There is no specific character as the record delimiter on mainframes (Unisys or IBM). The encoding of the data is EBCDIC. While sending and receiving files from the mainframes, no data conversion needs to be performed.
O T H E R D E F I N I T I O N S
• Mailbox – This is your user ID on the Secure FTP service.
• Mail slots (or trading relationships) – Mail slots belong to a mailbox and are used to receive various Cash Management files and reports. BMO sends your files and reports to an appropriate mail slot. By using mail slots, you can easily identify the application to which your files and reports belong.
Appendix C – Certified Secure
FTP software
Secure FTP connectivity helps to provide secure, authenticated and encrypted communications that enable clients to exchange files with BMO. Secure FTP connectivity allows various business documents to be exchanged by means of File Transfer Protocol (FTP, specification RFC 959) over the Internet using Secure Sockets Layer (SSL)/Transport Layer Security (TLS).To date, the following Secure FTP software products have been certified by GXS* for connectivity to this service:
• Cleo Lexicom 2.1
• New Bridges ZMOD FTP Client V3R1 PTF Level PFT3100034 • QualEDI for Windows, 32-bit version
• Ascential DataStage TX, Release 7.5
• Future 3 – Advanced Communication Module Plus (ACM Plus) • eBridge FTPS Communicator for GXS version 5.3
• Inovis BizConnect Software, version 3.0.2.361
• Seeburger Business Integration Server (BIS) Version 5.5.1
Please note: software certification to access this service is performed by GXS.
* This list does not imply any endorsement or warranty by Bank of Montreal.