ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere DataPower » DMZ (SFTP/HTTP/MQ Integration) <-> IBM Integration Bus

Post new topic  Reply to topic
 DMZ (SFTP/HTTP/MQ Integration) <-> IBM Integration Bus « View previous topic :: View next topic » 
Author Message
mgrx
PostPosted: Sat Oct 24, 2015 5:15 am    Post subject: DMZ (SFTP/HTTP/MQ Integration) <-> IBM Integration Bus Reply with quote

Novice

Joined: 01 Oct 2015
Posts: 20

Hi,

We have some business partners/customers that integrate with SFTP, right now they access our internal network directly, however we now have to possibility to rebuild this legacy topology and I would appreciate some architecture advice on how to handle the integration the best way. So far I have come up with the following ideas:

1. put a MQ FTE Agent on the SFTP-server on the DMZ and send the file to a FTEInput Node in the Integration Bus every time the scheduler in the MQ FTE Agent finds a file with the right extension.

- The probem I have with this solution is that Im afraid performance might be an issue due to the number of directories the MQ FTE Agent have to search thorugh every time the scheduler kicks in. We have around 3000 SFTP accounts with multiple directories in every account.

2. put an MQ FTE Agent on the SFTP-server, develop a script/application that use Linux inotify to react when a file lands on the file system and is IS_CLOSE_WRITE. This would remove the need to use the AgentMonitor and instead create a transfer every time a specific file lands on the file system.

- Downside is that it requires another component and the script/application needs to be robust enough to handle a variety of faults that could occur.

3. Use a SFTP-server like ProFTPd and module like mod_exec. Trigger a transfer when the SFTP-server thinks the file has been successfully transferred.

- Downside with this is that ProFTPd has had alot of problems with security and mod_exec is a big "bad-habit" when it comes to security.

These are the best solutions I have so far, am I missing something that would be a cleaner solution.. Can DataPower help us with this problem?

Btw, the thread might be in the wrong part of the forum, if its better suited somewhere else please move it.


Thanks,
mgrx


Last edited by mgrx on Sun Nov 01, 2015 2:55 am; edited 2 times in total
Back to top
View user's profile Send private message
gbaddeley
PostPosted: Sun Oct 25, 2015 3:39 pm    Post subject: Reply with quote

Jedi

Joined: 25 Mar 2003
Posts: 2492
Location: Melbourne, Australia

You should consider IBM Sterling B2B Integrator as an alternative to developing a custom solution. It does all the SFTP management and integrates with FTE if files need to be sent / forwarded with other internal servers (eg. those that run IIB / MB).
_________________
Glenn
Back to top
View user's profile Send private message
mgrx
PostPosted: Tue Oct 27, 2015 1:40 pm    Post subject: Reply with quote

Novice

Joined: 01 Oct 2015
Posts: 20

Thanks gbaddeley, I will certainly look into the Sterlign B2B Integrator!
Back to top
View user's profile Send private message
mqjeff
PostPosted: Wed Oct 28, 2015 5:10 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

You might also look at file system simlinks or etc to map all of the directories of every SFTP account into a single directory being read by MQ FTE.

So if UserA has directories /home/userA/deposit and /home/userA/withdraww and UserB has the same structure, or even a different structure, you could set up symlinks that maps all of those directories to something like /MQFTE/deposit and /MQFTE/withdraw

So the agent only has to search one directory for each type of file being exchanged.

Obviously this doesn't work for outgoing files, but that doesn't require directory searching.
_________________
chmod -R ugo-wx /
Back to top
View user's profile Send private message
mgrx
PostPosted: Thu Oct 29, 2015 2:59 pm    Post subject: Reply with quote

Novice

Joined: 01 Oct 2015
Posts: 20

mqjeff wrote:
You might also look at file system simlinks or etc to map all of the directories of every SFTP account into a single directory being read by MQ FTE.


Thanks for input mqjeff, I appreciate it!

We had some IBM representatives at our company yesterday, and I tried to understand if we could do everything we need with the DataPower. The sales rep was convinced that they could support the requirements we have, however I would really like your opinion on it. What do you think?

The most important requirements:

- SFTP Server and/or SFTP streaming to a SFTP Server
- SFTP brige to MQ or MQ FTE (both directions, both inbound and outbound.. target would be an Integration Bus installation)
- XML Firewall (validate, protect against xDoS, SQL Injections and so on) .. on both HTTP transfers and when XML documents arrive as files over SFTP from customers.
- LDAP/Active Directory integration if the SFTP Server is embedded in DataPower.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Fri Oct 30, 2015 7:20 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

I'm not really qualified to discuss DataPower in a meaningful way.

If your local IBM team says it will provide a solution, then you should work with them to implement a POC and verify, or at least a POT.
(proof of concept, proof of technology).
_________________
chmod -R ugo-wx /
Back to top
View user's profile Send private message
mgrx
PostPosted: Sat Oct 31, 2015 2:09 am    Post subject: Reply with quote

Novice

Joined: 01 Oct 2015
Posts: 20

Should I make another post in the DataPower forum, or could we move the thread there and change the topic?
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Sat Oct 31, 2015 7:42 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

So moved. You can change the title yourself by editing the original first post in the thread.
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
mgrx
PostPosted: Sun Nov 01, 2015 2:56 am    Post subject: Reply with quote

Novice

Joined: 01 Oct 2015
Posts: 20

fjb_saper wrote:
So moved. You can change the title yourself by editing the original first post in the thread.


Done, thanks!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere DataPower » DMZ (SFTP/HTTP/MQ Integration) <-> IBM Integration Bus
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.