FTP Server

Version: v6.3.4 Q2

November 10, 2010

Table of Contents

1 Terms and Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

2 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

3 Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 FTP Protocol Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

3.2 FTP Data Transfer Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

3.3 Security Extensions - FTP/S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

4 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4.1 Features and Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

4.2 Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

4.3 Certificate Rollover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

4.4 Integration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

4.5 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

5 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

6 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
6.1 Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

6.2 Adapter Control over the Control Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

6.3 Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

7 Master Data Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

7.1 Configuring FTP Server Listeners. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

7.2 Configuring FTP Server Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

7.3 Assigning Addresses to Listeners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

8 Process Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
8.1 InitiateMessage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

9 Extended Functionalities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
9.1 Using Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

10 Adapter Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

11 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

12 Known Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

A Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

B Sample File Initiation Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

C Sample File Polling Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

D FTP over Secure Sockets Layer (SSL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Copyright (c) 2010 SEEBURGER AG (http://www.seeburger.de). All rights reserved.

If (registered or pending) trademarks are named in this document, the rights of the respective proprietors
apply.

Note: False configuration and/or improper use of communication components may result in significant
charges from your telecommunication provider. Also consider configuration changes initiated by your
telecommunication provider. SEEBURGER is not liable for related additional costs.

Note: We expressly declare that the document "SEEBURGER Legal Information" (delivered also with
your BIS installation media) is part of this documentation.
Figures

4-1 BIS Architecture 7

FTP Server

1 Terms and Definitions

Term Definition
FTP (File Transfer Protocol): TCP based protocol for file exchange. Based on
RFC959.
SSL Secure Sockets Layer - a cryptographic protocol allowing secure
communication over the Internet.
TLS Transport Layer Security - the successor of SSL, currently the latest
secure protocol.
FTP/S File Transfer Protocol via Secure Sockets Layer referred as FTP over SSL
(or TLS).
TCP (Transmission Control Protocol): communications standard used in TCP/IP
networks (e.g. Internet), which allows two computers to establish a
connection and exchange data.
Implicit Security Implicit security requires a SSL connection as soon as the FTP client
connects to a FTP server. The default port used for implicit security is 990.
Explicit Security Explicit security requires that the FTP client establishes an unencrypted
connection to the FTP server and then issues a specific command (AUTH
TLS or AUTH SSL), after which the connection is encrypted. The default
FTP server port is used. This formal method is documented in RFC 2228.
EDI Electronic Data Interchange.

FTP Server - v6.3.4 Q2 1

FTP Server

2 Introduction

The FTP Server Adapter optimizes data exchange over the File Transfer Protocol (FTP). It is designed to
automatically forward incoming messages to the Business Process Engine of BIS 6. It eliminates the need of
an external FTP server for the communication with FTP clients included in BIS 6.

FTP Server - v6.3.4 Q2 2

FTP Server

3 Basics

3.1 FTP Protocol Basics

The general function of the File Transfer Protocol is to transfer data from one system to another over a
TCP/IP based network. FTP is a client-server based protocol. Its main objectives defined in the RFC 959
specifications are:

• To promote sharing of files (computer programs and/or data).

• To encourage indirect or implicit use of remote computers.
• To shield a user from variations in file storage systems among different hosts.
• To transfer data reliably, and efficiently.

FTP is a request-response based protocol, which runs over TCP. FTP servers listen on port 21 by default for
incoming connections from FTP clients. The first connection made on the server FTP port from the client is
the control connection. The control connection is used for sending FTP commands (requests) by the client to
the server, on which the server answers with FTP response status messages. The actual data is transferred
on a second connection, called data connection.

The FTP protocol requires an authentication, which is user/password based. It also supports anonymous
logins.

FTP Server - v6.3.4 Q2 3

FTP Server

3.2 FTP Data Transfer Modes

The restrictions of network firewalls and NAT routers have lead to the development of two transfer modes in
FTP: Active and Passive.

Active Mode

In the Active mode the FTP client opens a control connection from a random unprivileged port (>1024) to the
FTP server's control port (default 21). Then the client starts listening on another unprivileged port, and sends
to the FTP server the command PORT which argument is a HOST-PORT specification for the data port. The
server then connects back to the client's specified data connection port from its local data connection port
(default 20).

Passive Mode

In the Passive mode the FTP client initiates both connections to the server. After initiating the control
connection, the client sends the PASV command. The server then opens a random unprivileged port and
sends back the response which includes the host and port the server is listening on. The client then initiates
the data connection to the newly opened unprivileged server port. Security devices in front of the server
(NAT, firewalls, bridges) must be configured so the remore hosts (clients) can establish connections on any
port >1024.

3.3 Security Extensions - FTP/S

The need of a secure authentication and data encryption has lead to the development of security
mechanisms as extension (defined in RFC 4217 and RFC 2228) to the standard FTP (RFC 959). The FTP/S
stands for FTP over SSL and includes implicit, and explicit SSL/TLS security.

Explicit Security

In order to establish the secure connection by explicit SSL/TLS, the client is required to send the AUTH SSL
or AUTH TLS command to the FTP server after establishing the control connection in plain text. After that a
secure handshake is initiated, and the user authentication can start in the encrypted control connection.

Implicit Security

In implicit SSL/TLS, immediately after establishing a socket connection, a secure handshake is initiated and
the user authentication can begin.

Client Authentication

Client authentication is a way to authenticate a client to the FTP server using implicit or explicit security. It
occurs during the secure connection handshake using certificates. When the FTP server is configured to use
client authentication (please refer to the topic Listener Security Settings ), the client is required to send its
SSL certificate for validation when establishing the secure connection handshake. If the client certificate
matches a certificate from the User Truststore in the FTP server adapter configuration, the client is
authenticated and the connection is established.

If the client certificate cannot be validated, the client will be disconnected from the server.

FTP Server - v6.3.4 Q2 4

FTP Server

4 Overview

This topic provides an overview of the features, the restrictions, and the integration of the adapter to the BIS
system, and the system requirements.

4.1 Features and Restrictions

Supported Features:

• Standard FTP commands compliant with RFC 959.

• Parallel running FTP listeners configuration.
• Active and Passive connection modes.
• Active port and passive ports customization.
• Automatic message forwarding to the Business Process Engine.
• Messages are forwarded based on filter criteria defined in the Include or Exclude filters of the Adapter
Master Data Configuration.
• FTP Addresses can be assigned to multiple FTP listeners.
• FTP/S - Implicit and Explicit support, server authentication.
• Client Authentication for Implicit and Explicit security.

4.2 Logical Systems

The FTP Server supports Logical Systems as described in the manual Master Adapter Configuration Guide.

In particular, master data and runtime data exclusively belong to one Logical System. The adapter is able to
process data and processes according to their Logical System, and therefore one instance of the adapter
may be shared across all Logical Systems.

Listeners Configuration

In order to make the Listeners belong to one Logical System exclusively, the check for duplicate Listeners is
performed on adapter start-up. This check is created by two criteria:

1. Unique Listener root path - the Listener's canonical paths must be unique, and not nested. If two
Listeners are recognized to have nested, or equal root paths, they both are not started. Instead an error
entry is logged in the Adapter Error Monitor.
2. Unique IP:PORT - The combination IP and port must be unique. To achieve this, there is a constraint on
the columns for IP and port in DB tables. The FTP server uses as a default network interface 0.0.0.0
which is equal to ALL INTERFACES. This default value must be used with caution, because it may result
in creating duplicates. The following configuration is an example of an IP socket DUPLICATE:

FTP Server - v6.3.4 Q2 5

FTP Server

• Both Listeners are members of the same group and both use the default FTP port 21. Listener 1 is
using the network Interface 0.0.0.0 (all interfaces) and Listener 2 the single interface 123.123.123.123.
Listener 1 is already bound to all interfaces including 123.123.123.123 on Port 21, thus Listener 2
cannot be started. These both Listeners are considered to be duplicates. An error entry explaining the
problem is added to the Adapter Error Monitor.

For Listeners which must run on more that one node, the Listener Group field is extended to contain different
Listener groups separated by the “;” symbol. E. g., if a Listener must run in three different nodes, the Listener
Group field should look like:

group1;group2;group7,

where the three node’s instance IDs are separated by “;”.

Note: If a Listener is configured to run on several nodes, this Listener can always be marked as
duplicate in some of the nodes for which it is configured.

4.3 Certificate Rollover

This communication adapter provides a Certificate Rollover mechanism to ensures a seamless transition of
certificates or keys in communication scenarios.
It may be used for example to rollover smoothly from an old, expiring certificate to a newly issued one.
There are two different list controls for managing the rollover lists. Their type depends on the usage of the
certificate.
There are two usage scenarios. Usages like signature validation or decryption for inbound messages, where
several certificates may be in charge in parallel, and usages like signing and encrypting outbound messages,
where a dedicated certificate is used at a certain point of time.

Refer to the topic Configuration in the Certificate Rollover manual for further details.

4.4 Integration
The figure below illustrates the BIS 6 architecture.

FTP Server - v6.3.4 Q2 6

FTP Server

Figure 4-1: BIS Architecture

Each communications adapter runs inside the Adapter Engine. Send requests are passed from the Process
Engine via the Queuing System Worklist, the Direct Mode or the sync connector to the appropriate
communications adapter in the Adapter Engine.

Incoming messages received from a listener for example, are forwarded to the Process Engine using the
Initiator.

4.5 System Requirements

The system requirements are described in the topic Installation and Configuration of the BIS Installation
Guide, and in the Release Notes for your software version.
There are no adapter-specific requirements.

FTP Server - v6.3.4 Q2 7

FTP Server

5 Installation

Please refer to the BIS Installation Guide for the detailed installation steps. There are no adapter-specific
requirements.

FTP Server - v6.3.4 Q2 8

FTP Server

6 Usage

6.1 Operations
Operation Definition
initiateMessage This is the uploaded file that matches the filter criterion is initiated to the
engine.

initiateMessage
The FTP Server Adapter supports one operation type Module-to-Server: initiateMessage. The
initiateMessage operation is executed for an incoming message (please refer to the topic Extended
Functionalities (page 18)). The message is forwarded to the Business Process Engine of BIS 6.

The FTP Server Adapter operation process can be summarized as follows:

• A partner client connects to the FTP Server Adapter and authenticates.

• The partner client uploads a message on the FTP Server Adapter.
• The FTP Server Adapter checks whether the file name matches the filter criteria defined in the adapter
master data.
• The FTP Server Adapter forwards the message to the Business Process Engine by initiating a call-back
operation (initiateMessage).

6.2 Adapter Control over the Control Center

To start and stop the adapter, use the adapter-related Control Center. There, also the adapter's user
configuration can be displayed and edited.

For more information, refer to the topic Control Center in the Master Adapter Configuration Guide.

6.3 Monitoring
The Adapter is connected to different monitors. The specific function of each monitoring tool is described in
the Master Adapter Configuration Guide.

FTP Server - v6.3.4 Q2 9

FTP Server

Monitor Description
Adapter Monitor Provides runtime information.
Queue Monitor Gives an overview of orders waiting for the Adapter.
Recovery Monitor If individual orders require recovery, they are listed in the Recovery
Monitor.
Transaction Monitor The SEEBURGER Transaction Monitor is a monitor for showing the
Message ID Store entries used by the Adapter to correlate messages and
related reports.
Resource Monitoring Provides information about the resource reservations.

FTP Server - v6.3.4 Q2 10

FTP Server

7 Master Data Configuration

The adapter master data is configured over the Front-end and is saved in the Configuration Repository of
BIS 6. It is loaded from the FTP server at adapter's initiation and also when reloading the configuration after
modifications. Three essential configuration types described in the next topics: Configuring the FTP Server
Listener (page 11), Configuring the FTP Server Addresses (page 14) , and Assigning Addresses to
Listeners (page 14) .

7.1 Configuring FTP Server Listeners

Note: Up to version 6.3.3, changes in the listeners' configuration such as adding new, or
disabling/deleting current listeners required a configuration reload from the Application Center. Starting
with version 6.3.4 this is no longer needed. Listener changes take affect immediately.

Field Description
Name * Unique name for the listener identification.
Group The listener group is used to specify the node instances on which the
listener should be started. If the Group field is left empty, the listener will
be started up on all nodes. Use a semicolon (";") separated list of Instance
IDs to enable the Listener on the specified instances, only.
Active If this option is disabled, this record is ignored at the FTP server's start-up.

* Required.

Listener Settings

Attention: The default network interface 0.0.0.0 must be used carefully, otherwise it may result in
creating duplicates. For more information, see Logical Systems. (page 5)

FTP Server - v6.3.4 Q2 11

FTP Server

Field Description
Network Interface * IP address of the network interface on which the listener will bind. The
default is 0.0.0.0, which corresponds to all network interfaces.
Port * TCP port on which the listener will be bound. The default port for FTP is 21.
The default port for implicit FTP/S is 990. Note: the Node's runtime user
must have permission to open this port (i.e. on Linux/Unix ports <1024 are
restricted to root or special privileges. We do not recommend you run the
node as root user. Use a port redirection instead or us the OS method to
allow the privileged port to be bound by the node runtime user).
Use TLS This field contains the encryption type the listener will use. It supports:

• No encryption (Clear mode as defined in RFC 959).

• Implicit security (Implicit SSL/TLS).
• Explicit security (Explicit SSL/TLS).
A TLS tab will be shown when implicit or explicit security is selected. It is
described below.
Root Path *
Attention: If the listener root path does not exist and cannot be
created, the listener will not start.

This field contains the absolute path, defining the root directory of the FTP
Server.
Examples:
• Microsoft Windows: D:\srv\ftpserver
• Unix: /srv/ftpserver
Data idle time Idle time for both control and data connections. If the connection does not
receive/send any request/response, e.g. it is in idle status, after this
amount of time it will be disconnected from the server. The default value is
120s (2 min).

Note: This value is also used as transmission timeout when dealing

with blocked sockets that cannot establish connections, or if there are
read/write problems.

Max. connections
Allow active mode
Active mode port *
Passive mode ports
Maximum number of concurrent connections to the listener. The FTP
protocol requires at least two connections (a control and a data connection
channel). The maximum number of connections is limited by the available
TCP ports. The default value is 999999 (available maximum).
The FTP Server's Active mode will be enabled.
Local port to be used during active data connection. The default value is
20 (default FTP data port). If 0 is specified, any free port will be used. This
field is only visible if the option Enable active mode is checked.
If the client uses a passive data connection, the server should provide the
port to use. By default, the FTP server will choose any available port.

* Required.

TLS Server Settings

In order to use TLS, the flag Use TLS has to be set. A new tab TLS is then shown where the TLS settings
can be made.

FTP Server - v6.3.4 Q2 12

FTP Server

Server Authentication

One or more server keys have to be selected from the BIS keystore. If several certificates are configured
here, they become effective one after another according to their “Effective From Date & Time”; at each point
in time at most one server certificate is in use. Refer to the topic Configuration in the Certificate Rollover
manual for further details.

Client Authentication

If client authentication shall be required by the server, the flag Require client authentication must be set, and
a TLS client list must be selected, refer to the topic TLS Client Lists (page 13) for details.

TLS Client Lists

The lists of clients, who are allowed to connect to a specific TLS server, are maintained in so called TLS
client lists, which are administered within the BIS Keystore Manager. For each TLS server requiring client
authentication, a TLS client list has to be specified.

Trusted CAs

In order to be able to add a CA-issued client certificate to the TLS client list (as opposed to a self-signed
certificate), the corresponding CA certificate has to be available either in the sytem default list, or the custom
list of trusted CAs. If a partner certificate is issued by a CA which is not contained the the system default list,
the CA certificate has to be imported into a keystore (within the CA section of the BIS Keystore Manager)
which is used as custom list of trusted CAs.

TLS Clients

For each partner who shall be granted access to the TLS server, the partner’s certificate has to be added to
the TLS client list in one of several ways:

• From the BIS keystore: The partner’s certificate has to be selected from the BIS Keystore tree view. If it is
a self-signed certificate, a direct trust entry is created in the client list. If it is a CA-issued cert, and the
corresponding CA certificate is contained in the list of trusted CAs, a CA-based trust entry is created.
• From the file system: The partner’s certificate is selected from the file system. If it is a self-signed
certificate, the certificate has to be added to the BIS keystore before a direct trust entry for this partner is
created. If it is a CA-issued certificate, a CA-based trust entry will be created, but the certificate will not
be imported into the BIS keystore.
• From another TLS client list: Entries may be copied from another TLS client list.

Note: Lists for listeners in logical system ALL

If the TLS client list is supposed to be accessed by a listener which is bound to the logical system ALL,
it is vital to create this TLS client list in the logical system ALL, too. Please note, that such a TLS client
list can only reference certificates and truststores which are also bound to the logical system ALL.

Note: Upgrade from versions prior to BIS 6.3.4

With previous BIS versions it was possible to use TLS client authentication trust stores containing not
only client certificates, but also CA certificates, so that each client using a certificate issued by one of
those CAs was authenticated. As of version 6.3.4 this is no longer possible. However, in order to retain
working configurations, in these cases TLS client lists with special wildcard entries (using '*' as subject
name) are created during the upgrade from previous versions to BIS 6.3.4. It is recommended to review
and cleanup these configurations where appropriate. wildcards cannot be entered manually.

FTP Server - v6.3.4 Q2 13

FTP Server

7.2 Configuring FTP Server Addresses

Field Description
Name * This field contains the descriptive and unique name that describes the
data set.
Active If this field is selected, the user can log in.
User * This field contains the user name used for the authentication.
Password * This field contains the password required for the authentication.
If you are using an anonymous login, the password field must not be
empty, but it is disregarded when authenticating.
Relative path This field contains the relative path corresponding to the user's home
directory. It is appended to the absolute path of the Listener root. The
directory slash "/" in front of the relative path is automatically added. Valid
values are:

• Windows: \userhome
• Unix: /userhome
The relative path is the root directory for the FTP user.
Write permission If this field is selected, it gives the user the permission to create, change,
and delete files etc, on the FTP Server. Otherwise the user will only be
able to read existing files, and browse his home directory.
Max. concurrent logins This field contains the maximum number of concurrent logins for this user.
Filter type The filter is used to define and restrict files from being initiated to the
Business Process Engine. It is based on a simple file name pattern match.
The filters are assigned to the addresses. The adapter supports two types
of filters: Include and Exclude. The default filter is the Include filter.
Filter This field is visible when the selected Filter type is set to Include Filter.
The Include filter is used to explicitly specify which messages will be
automatically forwarded to the Business Process Engine. In the Include
filter input field a filter mask is defined. For more detailed information,
please refer to the topic Using Filters (page 18) .
Exclude pattern This field is visible when the selected Filter type is set to Exclude Filter.
The exclude pattern is used to explicitly specify which files will not be
forwarded to the Business Process Engine. The syntax of the Exclude
Pattern is also a filter mask. For more detailed information, please refer to
the topic Using Filters (page 18) .
Default encoding This field contains the user specific default encoding when creating
attachments (initiating files to BIS 6). If the transfer type used in the FTP
communication is ASCII, the encoding is automatically set to US-ASCII. If
transfer type is Binary, any of the default encodings can be used. It is
important to use the default encoding with caution, because it may result in
corrupting the file. The default value is <binary> which means no encoding.

* - Indicates that field is required.

7.3 Assigning Addresses to Listeners

In order to assign an address to a single, or multiple listeners, the BIS 6 GUI provides two sub types, one in
the Listeners form Address Assignments, and one in the Addresses form Listener Assignments. In order to
access these forms, simply open a listener or address configuration in the BIS 6 GUI and then click the
Assignments Tab right to the Settings tab.

FTP Server - v6.3.4 Q2 14

FTP Server

The assignment forms consist of two lists and Add and Remove buttons.
The list on the left contains the available addresses or listeners that can be assigned to the current object.
The list on the right contains the addresses or listeners assigned to the current object. After selection of a list
entry, the buttons in the middle of the form can be used to add or remove assignments.

FTP Server - v6.3.4 Q2 15

FTP Server

8 Process Configuration

Common Process Definitions

Parameter Description
clientId This parameter contains the Client ID, it will correspond to the logical
system in which the Listener is running.
originAddressId This parameter contains the unique ID of the FTP address assigned to the
Listener, it corresponds to the user that the FTP client is using to connect
to the Listener.
originAddressName This parameter contains the FTP address name that corresponds to the
originAddressId, the name is configurable via the adapter master data.
connectionId This parameter contains the unique ID of the FTP Listener that is running
and receiving the message.
connectionName This parameter contains the FTP Listener name. The name is configurable
via the adapter master data.
correlationId In requests, this field holds the Business Process Message ID. It is used
as primary ID in the MessageIdStore and it is visible in the Message
Monitor. If not specified, an UUID is generated and set in the request.
Please refer to the Correlation topic in the Master Adapter Configuration
Guide.

8.1 InitiateMessage
With the initiateMessage operation, the FTP Server Adapter forwards the payload of received messages to
the Business Process Engine, along with additional data. The message contains the following data:

FTP Server - v6.3.4 Q2 16

FTP Server

Listener Data

Parameter Description
name Listener name
type Encryption type applied by the listener.

Applicable values are:

• PLAIN
No encryption
• IMPLICIT
Implicit SSL/TLS encryption
• EXPLICIT
Explicit SSL/TLS encryption
IP IP address of the listener.
port TCP port of the listener.
root path Server root directory of the listener.

Address Data

Parameter Description
username User name applied for FTP server log-in..
relativePath Relative path of the FTP user.

File Data

Parameter Description
filename File name of the processed message.
fileSize File size.
creationTime Creation time of the file.
attachmentId Unique ID of the attachment which is stored with this file.
absoluteClientFilename Absolute file name used by the client for server upload.
transferData Nested element which includes the transfer data.

Transfer Data

Parameter Description
transferMode Transfer mode.

Applicable values are:

• ASCII
• BINARY
transferTime Time consumed for server upload.

Applied unit: milliseconds.

FTP Server - v6.3.4 Q2 17

FTP Server

9 Extended Functionalities

Message Initiation
The main FTP Server Adapter extension can automatically forward messages to the Business Process
Engine of BIS 6.
Messages can be initiated to the Business Process Engine on the following events:

• The partner client uploads (STOR command) a file on the FTP Server Adapter.
• The partner client appends (APPE command) a file to an existing file on the FTP Server Adapter.
• The partner client uploads (STOU command) a file with an unique name, which is set by the FTP Server
Adapter.
• The partner client renames (RNTO/RNFR commands) an existing file on the FTP Server Adapter.

Besides, the file names must match the filter criteria in order to be processed by the Business Process
Engine. For more information on filter criteria, refer to the topic Using Filters. (page 18)

9.1 Using Filters

Filters are required in order to explicitly specify the files which will be initiated to the BIS 6 Business Process
Engine . Filters are bound to addresses in the adapter master data. The FTP Server Adapter supports two
filters:

• Include filter
The messages that match the Include Filter mask will be initiated. If the Include Filter mask is left blank,
all messages will be initiated for the current address.
• Exclude filter
The messages that match the Exclude Filter mask will not be initiated. If the Exclude Filter mask is left
blank, all messages will be initiated for the current address.

The filters are required for the implementation of different scenarios, e.g.

• A scenario using the Message Initiation extended functionality of the FTP Server Adapter requires an
Include Filter in the Master Data Configuration of the Address parameter.
• A scenario using the standard FTP Server Adapter features of uploading and polling partners requires
specification of an Exclude filter in the Master Data Configuration of the Address parameter.

FTP Server - v6.3.4 Q2 18

FTP Server

Defining a Filter Mask

The filter mask is a pattern or several patterns separated by ";". Each pattern represents a file name or path
+ file name. It may contain the special symbols "*" - which means 0 or more symbols, and "?" - which means
exactly 1 symbol.

Examples of valid filter masks containing only file names:

• *.txt
Matches with all files with extension .txt
• *invoice*
Matches with all files containing the word invoice in the file name.
• invoice??
Matches with all files which name starts with invoice and has exactly 2 symbols after it.
• *.txt;*.doc;*invoice*
Matches with all files with extension .txt or .doc or containing the word invoice in the file name .

If the pattern contains path separators, then it is assumed that it contains a path and a file name. The last
path separator is assumed as the separator of the path and the file name. The special symbol "./" can be
used in the path representing the current directory in the FTP Server. By specifying the path in the pattern
only the files that are under this path and all of its sub directories will match the filter criteria.

Examples of valid filter masks specifying a path and a file name:

• user/*.txt
Forwards all files with extension .txt included in the folder user or any of its sub-folders.
• ./*invoice*
Forwards all files containing the word invoice included in the current directory or any of its sub-folders.

FTP Server - v6.3.4 Q2 19

FTP Server

10 Adapter Configuration

Logging
For additional information about the configuration logging please refer to the topic Logging/Dumping in the
Master Adapter Configuration Guide.

FTP Server - v6.3.4 Q2 20

FTP Server
11 Troubleshooting
Symptoms
The listener is not starting.
The following error is thrown
when starting the listener:
Address already in use: bind.
Listener is not started. >>
java.net.BindException:
Address already in use: bind]
The following error is thrown
while trying to verify the user:
No addresses are assigned to
listener.
Your FTP client receives the
reply:
503 Cannot find the file which
has to be renamed.
Your FTP client receives the
reply:
505 invalid path
FTP Server - v6.3.4 Q2
Solution
There are three possible reasons why the listener may not start:
• Two or more listeners have equals or nested root paths. In this case,
none of these listeners will be started. For more information on the
subject, please refer to the topic Logical Systems (page 5).
• The listener is a duplicate, which means that there are two or more
listeners using the same IP:port configuration. For more information,
please refer to the topic Logical Systems (page 5).
• The specified listener root path does not exist and cannot be created.
There will be an entry in Adapter Error Monitor, which will explain which
one of the three reasons occurred.
The specified IP:port configuration in the listener's master data is already
in use. i.e. another application is already bound to this network interface.
To fix the problem, either disable the other application, or change the
listener's configuration.
An assignment between a user and a listener is missing. When trying to
connect with this user name, (there is no assignment for this user), the
FTP Server will treat the connection as anonymous and will request a
password. The authentication will fail, because the anonymous user also
requires a defined address and an assignment to the listener. In the
Adapter Error Monitor there will be entries for these errors. To fix the
problem, simply assign the user to the listener.
You are attempting to rename a file which has been already initiated to BIS
6 or deleted. Some FTP clients have a slow refresh for the working
directory, and the file can be still visible, but in fact, the file is not there and
the FTP server is returning the reply code 503. To fix the problem:
1. Check the FTP Server filter (Include filter). For more information on
filters, please refer to the topic Using Filters (page 18).
2. Check if other the connection is not issuing DELE for the specified file.
When uploading a file to the FTP Server, the 505 reply code is returned, if
the file cannot be uploaded. This is a misconfiguration issue between the
listener's root path and the user's relative path, and the client base
directory and the user's relative path. Please check your server and client
configurations.
21
FTP Server

Symptoms
Your FTP client receives the
reply:
421 Service not available,
closing control connection.
Solution
The FTP client is trying to communicate with the server, but the FTP
server is in the shutdown state. Please wait until the server restarts.

FTP Server - v6.3.4 Q2 22

FTP Server

12 Known Restrictions

For this adapter there are no known restrictions.

FTP Server - v6.3.4 Q2 23

FTP Server

A Checklist

During the setup and configuration procedure, the following information must be available:

X Action
General Listener Settings

• The IP address for the Listener.

• The port number (which is not already in use).
• The root directory for the Listener.
• The maximum number of connections must be at least 2; otherwise no
data connection can be established. If there is no restriction leave the
default value.
• The required data transfer mode - Active or Passive.
• The port ranges
Listener Security Settings

• The encryption type - Implicit or Explicit SSL/TLS.

• The server keys - server security certificates from the BIS 6 key store.
• The list of authorized clients - list of authorized clients from BIS 6 key
store, if client authentication is used.
Message Initiation

• The configured Listener - follow the checklists above.

• The configured Address - Write Permission must be enabled.
• The filter configuration for the Address - which files should be included
for processing.
• The value of the exclude pattern must not be "*".
• The address is assigned to the Listener.
Message Upload with no Processing

• The configured Listener - follow the checklists above.

• The configured Address - Write Permission must be enabled.
• The filter configuration for the address - choose the Exclude Pattern set
value to *.

FTP Server - v6.3.4 Q2 24

FTP Server

X Action
Message Polling

• The configured Listener - follow the checklists above.

• The configured Address - Write Permission is not required.
• The filter configuration for the Address - choose Exclude Pattern set
value to *.

FTP Server - v6.3.4 Q2 25

FTP Server

B Sample File Initiation Scenario

The partner's FTP Client connects to the FTP Server Adapter of BIS 6 and uploads a file. The file is checked
by the filters and automatically forwarded to the Business Process Engine.

Action Detailed Description

1. Configure an FTP Listener. Enter the corresponding values in the FTP Listener form as described:
Field Value
Name Sample Listener.
Network interface IP address 123.123.123.123 . The usage of the
default interface 0.0.0.0 is not preferable, because
it may result in creating duplicates. It is better to
specify a correct IP address.
Root path Enter here the root path D:\ftpserver\root.

2. Creatie an address. Enter the corresponding values in the FTP Address form as described:
Field Value
Name Sample address.
User FTP user
Password Your FTP user password.
Relative path Path for the /userhome.
Filter If you select *.txt, all text files are initiated to BIS 6.

3. Assign the Address to the Follow these instructions:

Listener.
4. Create the process
5. Create the rule.
1. Open Listener Assignments tab in FTP Address form.
2. Select the Listener created in the first step.
3. Click on the Add button.
4. Save the data set.
Create and deploy a process with the operation: ftpserver/initiateMessage.
To create a rule follow the instructions:
1. Open Initiator rules and click the New button.
2. Enter a proper name for the rule, e. g. FTP server receive.
3. Set the port type to
FTPServerCallback/DtFTPServerCallback/initiateMessage.
4. Select the corresponding Target port.
5. Save the record.

FTP Server - v6.3.4 Q2 26

FTP Server

Action Detailed Description

6. Connect with the FTP client
and upload a text file.

FTP Server - v6.3.4 Q2 27

FTP Server

C Sample File Polling Scenario

Action Detailed Description

1. Configure an FTP Listener. Enter the corresponding fields in the FTP Listener form as described:
Field Value
Name Sample Listener.
Network interface Enter the IP address 123.123.123.123. The
usage of the default interface 0.0.0.0 is not
preferable, because it may result in creating
duplicates. It is better to specify a correct IP
address.
Root path Enter here the root path D:\ftpserver\root.

2. Create an address and set Enter the corresponding values in the FTP Address form as described:
the exclude filter to *. Field Value
Name Sample address
User FTP user
Password Your FTP user password.
Relative path Path for the /userhome.
Filter type Select Exclude Filter.
Exclude pattern If you enter *, none of the uploaded files is initiated
to BIS 6.

3. Assign the Address to the Follow these instructions:

Listener. 1. Open the Listener Assignments tab in the FTP Address form.
2. Select the listener created in the first step.
3. Click on the Add button.
4. Save the data set.
4. Connect with the FTP client
and upload/download files.

FTP Server - v6.3.4 Q2 28

FTP Server

D FTP over Secure Sockets Layer (SSL)

For securing the FTP communication, one of the following encryption have to be selected (Implicit/Explicit
TLS ). In the following table is an example configuration for the Listener with the selection Explicit TLS. Enter
the values in the FTP Listener form as described in this table:

Field Value
Name Select in this field Explicit TLS Listener.
Network interface Enter in this field the IP address xxx.xxx.xxx.xxx . The usage of the default
interface 0.0.0.0 is not preferable, because it may result in creating
duplicates. It is better to specify a correct IP address.
Root path Enter in this field the path D:\ftpserver\root.
Use TLS For the encryption type select in this option Explicit SSL/TLS.
Server keys Add a list of valid certificates (i.e. USER\SSL\ftpserver) .
Require client authentication Check this option as Enabled. The option Enabled/Disabled is set
depending on if the client authentication is required.
List of authorized clients Select a valid TLS client list (i.e. ftpserver). This field is only visible, if the
client authentication is activated.

No special handling is required for FTP Addresses when using secure connection.

FTP Server - v6.3.4 Q2 29