Case Study - Managed File Transfer
ActiveBatch supports Managed File Transfer through both job steps as well as events. Workflows can be triggered based on incoming files. Files can be encrypted and transferred securely using a variety of protocols. The example workflow in this case study generates keys in which a file is encrypted, sent via FTPS, received and then decrypted. A folder named ManagedFileTransfer_SFTP will be used to hold the necessary objects.
A Map View of the workflow appears below.
/Figure 66 Heuristic Queue_26.jpg)
The main Plan is MFTUseCase and is meant to be triggered to begin the workflow.
-
EncryptSourceFile is a job that encrypts the file we intend to use for this example.
-
UploadFile is a job that securely transfers, via FTPS, the file to a location.
-
DownloadFile is a job that securely transfers, via FTPS, the file to a different location.
-
DecryptDownloadFile is a job that decrypts the downloaded file.
-
Cleanup ensures that this example workflow can be run multiple times.
-
GenerateKeys is not part of the main workflow but is expected to be executed once to create the set of keys that the OpenPGP steps will require.
Let’s examine each of the objects. Beginning with GenerateKeys.
GenerateKeys
This job is meant to be once or on-demand whenever a set of OpenPGP keys need to be created.
Note: Normally we would use variables rather than hardcoding values. That said, we didn’t, as we only wanted to make it easier to read precisely what we are trying to achieve.
/Figure 66 Heuristic Queue_27.jpg)
The CreateOpenPGPKeyring step creates both a public and secret (private) key ring file. The rings are stored in files as indicated. The actual keys are not created until….
GenerateOpenPGPKeys is executed. Specifying a UserID allows for possible later signature authentication. In this example, a 2048-bit RSA key will be created. One public meant to be used for encrypting and a secret key meant to be used to decrypting. We could have specified a “Passphrase” for additional security. The Expiration property is useful. ActiveBatch supports specifying the expiration of the keys using either a date or in days (relative from when the keys are created).
Managed File Transfer Connection
Since we plan to transfer this file via FTPS (FTP via SSL) we need both user security credentials and an SSL certificate. In addition, since all this security related information is specific to a given FTP Server as well as being reusable the Best Practice approach is to create a User Account object of type “Managed File Transfer Connection”. With this approach all of the FTP server, network and security information are in one easily managed, maintainable and reusable object.
/Figure 66 Heuristic Queue_28.jpg)
The SSL certificate itself must be in a portable format that ActiveBatch can process and load the certificate into the User Account object. Once loaded the User Account object can then be associated with a Managed File Transfer job step(s).
The object is named FTPSSL_Certificate (used with examples that follow).
MFT Use Case Workflow
This Plan is meant to hold the workflow and is the point at which the workflow would be triggered. The Plan contains no other special usage.
Encrypt Source File
This job is meant to encrypt a file and calculate a checksum.
/Figure 67 User Account Managed.jpg)
The first step encrypts the source file (secretinfo.txt) to an encrypted version (secretinfo.pgp). We choose a simple encryption algorithm. Note that the file could have been signed for additional protection. We calculate the checksum of the source file and set that calculated value into a variable named Checksum that will be used later in the workflow.
UploadFiles
/Figure 67 User Account Managed_1.jpg)
First, the Working Directory is set (based on the variable “BasePath”).
Next, the FTP and security information is taken from the User Account object FTPSSL_Certificate which represents a Managed File Transfer Connection (that we previously created).
DownloadFiles
/Figure 67 User Account Managed_2.jpg)
The first step creates a new folder (note this job step will recursively create the underlying folders if not present). The second step downloads the encrypted file into that new location.
DecryptDownloadFile
This job decrypts the file and compares the received file against its checksum.
/Figure 67 User Account Managed_3.jpg)
The first step decrypts the file using the secret key. The second step calculates a checksum of the received file.
/Figure 67 User Account Managed_3a.jpg)
The next set of steps compares the calculated checksum against the file just received. This ensures the entire file has been sent and received properly.