| Author |
Message
|
| mgrx |
 Posted: Sat Oct 24, 2015 5:15 am Post subject: DMZ (SFTP/HTTP/MQ Integration) <-> IBM Integration Bus |
 |
|
Novice
Joined: 01 Oct 2015
Posts: 20
|
Hi,
We have some business partners/customers that integrate with SFTP, right now they access our internal network directly, however we now have to possibility to rebuild this legacy topology and I would appreciate some architecture advice on how to handle the integration the best way. So far I have come up with the following ideas:
1. put a MQ FTE Agent on the SFTP-server on the DMZ and send the file to a FTEInput Node in the Integration Bus every time the scheduler in the MQ FTE Agent finds a file with the right extension.
- The probem I have with this solution is that Im afraid performance might be an issue due to the number of directories the MQ FTE Agent have to search thorugh every time the scheduler kicks in. We have around 3000 SFTP accounts with multiple directories in every account.
2. put an MQ FTE Agent on the SFTP-server, develop a script/application that use Linux inotify to react when a file lands on the file system and is IS_CLOSE_WRITE. This would remove the need to use the AgentMonitor and instead create a transfer every time a specific file lands on the file system.
- Downside is that it requires another component and the script/application needs to be robust enough to handle a variety of faults that could occur.
3. Use a SFTP-server like ProFTPd and module like mod_exec. Trigger a transfer when the SFTP-server thinks the file has been successfully transferred.
- Downside with this is that ProFTPd has had alot of problems with security and mod_exec is a big "bad-habit" when it comes to security.
These are the best solutions I have so far, am I missing something that would be a cleaner solution.. Can DataPower help us with this problem?
Btw, the thread might be in the wrong part of the forum, if its better suited somewhere else please move it.
Thanks,
mgrx
Last edited by mgrx on Sun Nov 01, 2015 2:55 am; edited 2 times in total |
|
| Back to top |
|
 |
| gbaddeley |
| Posted: Sun Oct 25, 2015 3:39 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
You should consider IBM Sterling B2B Integrator as an alternative to developing a custom solution. It does all the SFTP management and integrates with FTE if files need to be sent / forwarded with other internal servers (eg. those that run IIB / MB).
_________________
Glenn |
|
| Back to top |
|
|
| mgrx |
| Posted: Tue Oct 27, 2015 1:40 pm Post subject: |
|
|
Novice
Joined: 01 Oct 2015
Posts: 20
|
| Thanks gbaddeley, I will certainly look into the Sterlign B2B Integrator! |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Oct 28, 2015 5:10 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You might also look at file system simlinks or etc to map all of the directories of every SFTP account into a single directory being read by MQ FTE.
So if UserA has directories /home/userA/deposit and /home/userA/withdraww and UserB has the same structure, or even a different structure, you could set up symlinks that maps all of those directories to something like /MQFTE/deposit and /MQFTE/withdraw
So the agent only has to search one directory for each type of file being exchanged.
Obviously this doesn't work for outgoing files, but that doesn't require directory searching.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| mgrx |
| Posted: Thu Oct 29, 2015 2:59 pm Post subject: |
|
|
Novice
Joined: 01 Oct 2015
Posts: 20
|
| mqjeff wrote: |
You might also look at file system simlinks or etc to map all of the directories of every SFTP account into a single directory being read by MQ FTE.
|
Thanks for input mqjeff, I appreciate it!
We had some IBM representatives at our company yesterday, and I tried to understand if we could do everything we need with the DataPower. The sales rep was convinced that they could support the requirements we have, however I would really like your opinion on it. What do you think?
The most important requirements:
- SFTP Server and/or SFTP streaming to a SFTP Server
- SFTP brige to MQ or MQ FTE (both directions, both inbound and outbound.. target would be an Integration Bus installation)
- XML Firewall (validate, protect against xDoS, SQL Injections and so on) .. on both HTTP transfers and when XML documents arrive as files over SFTP from customers.
- LDAP/Active Directory integration if the SFTP Server is embedded in DataPower. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Oct 30, 2015 7:20 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
I'm not really qualified to discuss DataPower in a meaningful way.
If your local IBM team says it will provide a solution, then you should work with them to implement a POC and verify, or at least a POT.
(proof of concept, proof of technology).
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| mgrx |
| Posted: Sat Oct 31, 2015 2:09 am Post subject: |
|
|
Novice
Joined: 01 Oct 2015
Posts: 20
|
| Should I make another post in the DataPower forum, or could we move the thread there and change the topic? |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Oct 31, 2015 7:42 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
So moved. You can change the title yourself by editing the original first post in the thread. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mgrx |
| Posted: Sun Nov 01, 2015 2:56 am Post subject: |
|
|
Novice
Joined: 01 Oct 2015
Posts: 20
|
| fjb_saper wrote: |
| So moved. You can change the title yourself by editing the original first post in the thread. |
Done, thanks!  |
|
| Back to top |
|
|
|
|
