Documente Academic
Documente Profesional
Documente Cultură
Version: v6.3.4 Q2
2 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3 Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 FTP Protocol Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
4 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4.1 Features and Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
5 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
6 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
6.1 Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
6.3 Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
8 Process Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
8.1 InitiateMessage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
9 Extended Functionalities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
9.1 Using Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
10 Adapter Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
11 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
12 Known Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
A Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
If (registered or pending) trademarks are named in this document, the rights of the respective proprietors
apply.
Note: False configuration and/or improper use of communication components may result in significant
charges from your telecommunication provider. Also consider configuration changes initiated by your
telecommunication provider. SEEBURGER is not liable for related additional costs.
Note: We expressly declare that the document "SEEBURGER Legal Information" (delivered also with
your BIS installation media) is part of this documentation.
Figures
Term Definition
FTP (File Transfer Protocol): TCP based protocol for file exchange. Based on
RFC959.
SSL Secure Sockets Layer - a cryptographic protocol allowing secure
communication over the Internet.
TLS Transport Layer Security - the successor of SSL, currently the latest
secure protocol.
FTP/S File Transfer Protocol via Secure Sockets Layer referred as FTP over SSL
(or TLS).
TCP (Transmission Control Protocol): communications standard used in TCP/IP
networks (e.g. Internet), which allows two computers to establish a
connection and exchange data.
Implicit Security Implicit security requires a SSL connection as soon as the FTP client
connects to a FTP server. The default port used for implicit security is 990.
Explicit Security Explicit security requires that the FTP client establishes an unencrypted
connection to the FTP server and then issues a specific command (AUTH
TLS or AUTH SSL), after which the connection is encrypted. The default
FTP server port is used. This formal method is documented in RFC 2228.
EDI Electronic Data Interchange.
2 Introduction
The FTP Server Adapter optimizes data exchange over the File Transfer Protocol (FTP). It is designed to
automatically forward incoming messages to the Business Process Engine of BIS 6. It eliminates the need of
an external FTP server for the communication with FTP clients included in BIS 6.
3 Basics
FTP is a request-response based protocol, which runs over TCP. FTP servers listen on port 21 by default for
incoming connections from FTP clients. The first connection made on the server FTP port from the client is
the control connection. The control connection is used for sending FTP commands (requests) by the client to
the server, on which the server answers with FTP response status messages. The actual data is transferred
on a second connection, called data connection.
The FTP protocol requires an authentication, which is user/password based. It also supports anonymous
logins.
Active Mode
In the Active mode the FTP client opens a control connection from a random unprivileged port (>1024) to the
FTP server's control port (default 21). Then the client starts listening on another unprivileged port, and sends
to the FTP server the command PORT which argument is a HOST-PORT specification for the data port. The
server then connects back to the client's specified data connection port from its local data connection port
(default 20).
Passive Mode
In the Passive mode the FTP client initiates both connections to the server. After initiating the control
connection, the client sends the PASV command. The server then opens a random unprivileged port and
sends back the response which includes the host and port the server is listening on. The client then initiates
the data connection to the newly opened unprivileged server port. Security devices in front of the server
(NAT, firewalls, bridges) must be configured so the remore hosts (clients) can establish connections on any
port >1024.
Explicit Security
In order to establish the secure connection by explicit SSL/TLS, the client is required to send the AUTH SSL
or AUTH TLS command to the FTP server after establishing the control connection in plain text. After that a
secure handshake is initiated, and the user authentication can start in the encrypted control connection.
Implicit Security
In implicit SSL/TLS, immediately after establishing a socket connection, a secure handshake is initiated and
the user authentication can begin.
Client Authentication
Client authentication is a way to authenticate a client to the FTP server using implicit or explicit security. It
occurs during the secure connection handshake using certificates. When the FTP server is configured to use
client authentication (please refer to the topic Listener Security Settings ), the client is required to send its
SSL certificate for validation when establishing the secure connection handshake. If the client certificate
matches a certificate from the User Truststore in the FTP server adapter configuration, the client is
authenticated and the connection is established.
If the client certificate cannot be validated, the client will be disconnected from the server.
4 Overview
This topic provides an overview of the features, the restrictions, and the integration of the adapter to the BIS
system, and the system requirements.
In particular, master data and runtime data exclusively belong to one Logical System. The adapter is able to
process data and processes according to their Logical System, and therefore one instance of the adapter
may be shared across all Logical Systems.
Listeners Configuration
In order to make the Listeners belong to one Logical System exclusively, the check for duplicate Listeners is
performed on adapter start-up. This check is created by two criteria:
1. Unique Listener root path - the Listener's canonical paths must be unique, and not nested. If two
Listeners are recognized to have nested, or equal root paths, they both are not started. Instead an error
entry is logged in the Adapter Error Monitor.
2. Unique IP:PORT - The combination IP and port must be unique. To achieve this, there is a constraint on
the columns for IP and port in DB tables. The FTP server uses as a default network interface 0.0.0.0
which is equal to ALL INTERFACES. This default value must be used with caution, because it may result
in creating duplicates. The following configuration is an example of an IP socket DUPLICATE:
• Both Listeners are members of the same group and both use the default FTP port 21. Listener 1 is
using the network Interface 0.0.0.0 (all interfaces) and Listener 2 the single interface 123.123.123.123.
Listener 1 is already bound to all interfaces including 123.123.123.123 on Port 21, thus Listener 2
cannot be started. These both Listeners are considered to be duplicates. An error entry explaining the
problem is added to the Adapter Error Monitor.
For Listeners which must run on more that one node, the Listener Group field is extended to contain different
Listener groups separated by the “;” symbol. E. g., if a Listener must run in three different nodes, the Listener
Group field should look like:
group1;group2;group7,
Note: If a Listener is configured to run on several nodes, this Listener can always be marked as
duplicate in some of the nodes for which it is configured.
Refer to the topic Configuration in the Certificate Rollover manual for further details.
4.4 Integration
The figure below illustrates the BIS 6 architecture.
Each communications adapter runs inside the Adapter Engine. Send requests are passed from the Process
Engine via the Queuing System Worklist, the Direct Mode or the sync connector to the appropriate
communications adapter in the Adapter Engine.
Incoming messages received from a listener for example, are forwarded to the Process Engine using the
Initiator.
5 Installation
Please refer to the BIS Installation Guide for the detailed installation steps. There are no adapter-specific
requirements.
6 Usage
6.1 Operations
Operation Definition
initiateMessage This is the uploaded file that matches the filter criterion is initiated to the
engine.
initiateMessage
The FTP Server Adapter supports one operation type Module-to-Server: initiateMessage. The
initiateMessage operation is executed for an incoming message (please refer to the topic Extended
Functionalities (page 18)). The message is forwarded to the Business Process Engine of BIS 6.
For more information, refer to the topic Control Center in the Master Adapter Configuration Guide.
6.3 Monitoring
The Adapter is connected to different monitors. The specific function of each monitoring tool is described in
the Master Adapter Configuration Guide.
Monitor Description
Adapter Monitor Provides runtime information.
Queue Monitor Gives an overview of orders waiting for the Adapter.
Recovery Monitor If individual orders require recovery, they are listed in the Recovery
Monitor.
Transaction Monitor The SEEBURGER Transaction Monitor is a monitor for showing the
Message ID Store entries used by the Adapter to correlate messages and
related reports.
Resource Monitoring Provides information about the resource reservations.
The adapter master data is configured over the Front-end and is saved in the Configuration Repository of
BIS 6. It is loaded from the FTP server at adapter's initiation and also when reloading the configuration after
modifications. Three essential configuration types described in the next topics: Configuring the FTP Server
Listener (page 11), Configuring the FTP Server Addresses (page 14) , and Assigning Addresses to
Listeners (page 14) .
Note: Up to version 6.3.3, changes in the listeners' configuration such as adding new, or
disabling/deleting current listeners required a configuration reload from the Application Center. Starting
with version 6.3.4 this is no longer needed. Listener changes take affect immediately.
Field Description
Name * Unique name for the listener identification.
Group The listener group is used to specify the node instances on which the
listener should be started. If the Group field is left empty, the listener will
be started up on all nodes. Use a semicolon (";") separated list of Instance
IDs to enable the Listener on the specified instances, only.
Active If this option is disabled, this record is ignored at the FTP server's start-up.
* Required.
Listener Settings
Attention: The default network interface 0.0.0.0 must be used carefully, otherwise it may result in
creating duplicates. For more information, see Logical Systems. (page 5)
Field Description
Network Interface * IP address of the network interface on which the listener will bind. The
default is 0.0.0.0, which corresponds to all network interfaces.
Port * TCP port on which the listener will be bound. The default port for FTP is 21.
The default port for implicit FTP/S is 990. Note: the Node's runtime user
must have permission to open this port (i.e. on Linux/Unix ports <1024 are
restricted to root or special privileges. We do not recommend you run the
node as root user. Use a port redirection instead or us the OS method to
allow the privileged port to be bound by the node runtime user).
Use TLS This field contains the encryption type the listener will use. It supports:
This field contains the absolute path, defining the root directory of the FTP
Server.
Examples:
• Microsoft Windows: D:\srv\ftpserver
• Unix: /srv/ftpserver
Data idle time Idle time for both control and data connections. If the connection does not
receive/send any request/response, e.g. it is in idle status, after this
amount of time it will be disconnected from the server. The default value is
120s (2 min).
Max. connections Maximum number of concurrent connections to the listener. The FTP
protocol requires at least two connections (a control and a data connection
channel). The maximum number of connections is limited by the available
TCP ports. The default value is 999999 (available maximum).
Allow active mode The FTP Server's Active mode will be enabled.
Active mode port * Local port to be used during active data connection. The default value is
20 (default FTP data port). If 0 is specified, any free port will be used. This
field is only visible if the option Enable active mode is checked.
Passive mode ports If the client uses a passive data connection, the server should provide the
port to use. By default, the FTP server will choose any available port.
* Required.
In order to use TLS, the flag Use TLS has to be set. A new tab TLS is then shown where the TLS settings
can be made.
Server Authentication
One or more server keys have to be selected from the BIS keystore. If several certificates are configured
here, they become effective one after another according to their “Effective From Date & Time”; at each point
in time at most one server certificate is in use. Refer to the topic Configuration in the Certificate Rollover
manual for further details.
Client Authentication
If client authentication shall be required by the server, the flag Require client authentication must be set, and
a TLS client list must be selected, refer to the topic TLS Client Lists (page 13) for details.
The lists of clients, who are allowed to connect to a specific TLS server, are maintained in so called TLS
client lists, which are administered within the BIS Keystore Manager. For each TLS server requiring client
authentication, a TLS client list has to be specified.
Trusted CAs
In order to be able to add a CA-issued client certificate to the TLS client list (as opposed to a self-signed
certificate), the corresponding CA certificate has to be available either in the sytem default list, or the custom
list of trusted CAs. If a partner certificate is issued by a CA which is not contained the the system default list,
the CA certificate has to be imported into a keystore (within the CA section of the BIS Keystore Manager)
which is used as custom list of trusted CAs.
TLS Clients
For each partner who shall be granted access to the TLS server, the partner’s certificate has to be added to
the TLS client list in one of several ways:
• From the BIS keystore: The partner’s certificate has to be selected from the BIS Keystore tree view. If it is
a self-signed certificate, a direct trust entry is created in the client list. If it is a CA-issued cert, and the
corresponding CA certificate is contained in the list of trusted CAs, a CA-based trust entry is created.
• From the file system: The partner’s certificate is selected from the file system. If it is a self-signed
certificate, the certificate has to be added to the BIS keystore before a direct trust entry for this partner is
created. If it is a CA-issued certificate, a CA-based trust entry will be created, but the certificate will not
be imported into the BIS keystore.
• From another TLS client list: Entries may be copied from another TLS client list.
• Windows: \userhome
• Unix: /userhome
The relative path is the root directory for the FTP user.
Write permission If this field is selected, it gives the user the permission to create, change,
and delete files etc, on the FTP Server. Otherwise the user will only be
able to read existing files, and browse his home directory.
Max. concurrent logins This field contains the maximum number of concurrent logins for this user.
Filter type The filter is used to define and restrict files from being initiated to the
Business Process Engine. It is based on a simple file name pattern match.
The filters are assigned to the addresses. The adapter supports two types
of filters: Include and Exclude. The default filter is the Include filter.
Filter This field is visible when the selected Filter type is set to Include Filter.
The Include filter is used to explicitly specify which messages will be
automatically forwarded to the Business Process Engine. In the Include
filter input field a filter mask is defined. For more detailed information,
please refer to the topic Using Filters (page 18) .
Exclude pattern This field is visible when the selected Filter type is set to Exclude Filter.
The exclude pattern is used to explicitly specify which files will not be
forwarded to the Business Process Engine. The syntax of the Exclude
Pattern is also a filter mask. For more detailed information, please refer to
the topic Using Filters (page 18) .
Default encoding This field contains the user specific default encoding when creating
attachments (initiating files to BIS 6). If the transfer type used in the FTP
communication is ASCII, the encoding is automatically set to US-ASCII. If
transfer type is Binary, any of the default encodings can be used. It is
important to use the default encoding with caution, because it may result in
corrupting the file. The default value is <binary> which means no encoding.
The assignment forms consist of two lists and Add and Remove buttons.
The list on the left contains the available addresses or listeners that can be assigned to the current object.
The list on the right contains the addresses or listeners assigned to the current object. After selection of a list
entry, the buttons in the middle of the form can be used to add or remove assignments.
8 Process Configuration
Parameter Description
clientId This parameter contains the Client ID, it will correspond to the logical
system in which the Listener is running.
originAddressId This parameter contains the unique ID of the FTP address assigned to the
Listener, it corresponds to the user that the FTP client is using to connect
to the Listener.
originAddressName This parameter contains the FTP address name that corresponds to the
originAddressId, the name is configurable via the adapter master data.
connectionId This parameter contains the unique ID of the FTP Listener that is running
and receiving the message.
connectionName This parameter contains the FTP Listener name. The name is configurable
via the adapter master data.
correlationId In requests, this field holds the Business Process Message ID. It is used
as primary ID in the MessageIdStore and it is visible in the Message
Monitor. If not specified, an UUID is generated and set in the request.
Please refer to the Correlation topic in the Master Adapter Configuration
Guide.
8.1 InitiateMessage
With the initiateMessage operation, the FTP Server Adapter forwards the payload of received messages to
the Business Process Engine, along with additional data. The message contains the following data:
Listener Data
Parameter Description
name Listener name
type Encryption type applied by the listener.
Address Data
Parameter Description
username User name applied for FTP server log-in..
relativePath Relative path of the FTP user.
File Data
Parameter Description
filename File name of the processed message.
fileSize File size.
creationTime Creation time of the file.
attachmentId Unique ID of the attachment which is stored with this file.
absoluteClientFilename Absolute file name used by the client for server upload.
transferData Nested element which includes the transfer data.
Transfer Data
Parameter Description
transferMode Transfer mode.
9 Extended Functionalities
Message Initiation
The main FTP Server Adapter extension can automatically forward messages to the Business Process
Engine of BIS 6.
Messages can be initiated to the Business Process Engine on the following events:
• The partner client uploads (STOR command) a file on the FTP Server Adapter.
• The partner client appends (APPE command) a file to an existing file on the FTP Server Adapter.
• The partner client uploads (STOU command) a file with an unique name, which is set by the FTP Server
Adapter.
• The partner client renames (RNTO/RNFR commands) an existing file on the FTP Server Adapter.
Besides, the file names must match the filter criteria in order to be processed by the Business Process
Engine. For more information on filter criteria, refer to the topic Using Filters. (page 18)
• Include filter
The messages that match the Include Filter mask will be initiated. If the Include Filter mask is left blank,
all messages will be initiated for the current address.
• Exclude filter
The messages that match the Exclude Filter mask will not be initiated. If the Exclude Filter mask is left
blank, all messages will be initiated for the current address.
The filters are required for the implementation of different scenarios, e.g.
• A scenario using the Message Initiation extended functionality of the FTP Server Adapter requires an
Include Filter in the Master Data Configuration of the Address parameter.
• A scenario using the standard FTP Server Adapter features of uploading and polling partners requires
specification of an Exclude filter in the Master Data Configuration of the Address parameter.
The filter mask is a pattern or several patterns separated by ";". Each pattern represents a file name or path
+ file name. It may contain the special symbols "*" - which means 0 or more symbols, and "?" - which means
exactly 1 symbol.
• *.txt
Matches with all files with extension .txt
• *invoice*
Matches with all files containing the word invoice in the file name.
• invoice??
Matches with all files which name starts with invoice and has exactly 2 symbols after it.
• *.txt;*.doc;*invoice*
Matches with all files with extension .txt or .doc or containing the word invoice in the file name .
If the pattern contains path separators, then it is assumed that it contains a path and a file name. The last
path separator is assumed as the separator of the path and the file name. The special symbol "./" can be
used in the path representing the current directory in the FTP Server. By specifying the path in the pattern
only the files that are under this path and all of its sub directories will match the filter criteria.
• user/*.txt
Forwards all files with extension .txt included in the folder user or any of its sub-folders.
• ./*invoice*
Forwards all files containing the word invoice included in the current directory or any of its sub-folders.
10 Adapter Configuration
Logging
For additional information about the configuration logging please refer to the topic Logging/Dumping in the
Master Adapter Configuration Guide.
11 Troubleshooting
Symptoms Solution
The listener is not starting. There are three possible reasons why the listener may not start:
• Two or more listeners have equals or nested root paths. In this case,
none of these listeners will be started. For more information on the
subject, please refer to the topic Logical Systems (page 5).
• The listener is a duplicate, which means that there are two or more
listeners using the same IP:port configuration. For more information,
please refer to the topic Logical Systems (page 5).
• The specified listener root path does not exist and cannot be created.
There will be an entry in Adapter Error Monitor, which will explain which
one of the three reasons occurred.
The following error is thrown The specified IP:port configuration in the listener's master data is already
when starting the listener: in use. i.e. another application is already bound to this network interface.
Address already in use: bind. To fix the problem, either disable the other application, or change the
Listener is not started. >> listener's configuration.
java.net.BindException:
Address already in use: bind]
The following error is thrown An assignment between a user and a listener is missing. When trying to
while trying to verify the user: connect with this user name, (there is no assignment for this user), the
No addresses are assigned to FTP Server will treat the connection as anonymous and will request a
listener. password. The authentication will fail, because the anonymous user also
requires a defined address and an assignment to the listener. In the
Adapter Error Monitor there will be entries for these errors. To fix the
problem, simply assign the user to the listener.
Your FTP client receives the You are attempting to rename a file which has been already initiated to BIS
reply: 6 or deleted. Some FTP clients have a slow refresh for the working
503 Cannot find the file which directory, and the file can be still visible, but in fact, the file is not there and
has to be renamed. the FTP server is returning the reply code 503. To fix the problem:
1. Check the FTP Server filter (Include filter). For more information on
filters, please refer to the topic Using Filters (page 18).
2. Check if other the connection is not issuing DELE for the specified file.
Your FTP client receives the When uploading a file to the FTP Server, the 505 reply code is returned, if
reply: the file cannot be uploaded. This is a misconfiguration issue between the
505 invalid path listener's root path and the user's relative path, and the client base
directory and the user's relative path. Please check your server and client
configurations.
Symptoms Solution
Your FTP client receives the The FTP client is trying to communicate with the server, but the FTP
reply: server is in the shutdown state. Please wait until the server restarts.
421 Service not available,
closing control connection.
12 Known Restrictions
A Checklist
During the setup and configuration procedure, the following information must be available:
X Action
General Listener Settings
X Action
Message Polling
The partner's FTP Client connects to the FTP Server Adapter of BIS 6 and uploads a file. The file is checked
by the filters and automatically forwarded to the Business Process Engine.
2. Creatie an address. Enter the corresponding values in the FTP Address form as described:
Field Value
Name Sample address.
User FTP user
Password Your FTP user password.
Relative path Path for the /userhome.
Filter If you select *.txt, all text files are initiated to BIS 6.
2. Create an address and set Enter the corresponding values in the FTP Address form as described:
the exclude filter to *. Field Value
Name Sample address
User FTP user
Password Your FTP user password.
Relative path Path for the /userhome.
Filter type Select Exclude Filter.
Exclude pattern If you enter *, none of the uploaded files is initiated
to BIS 6.
For securing the FTP communication, one of the following encryption have to be selected (Implicit/Explicit
TLS ). In the following table is an example configuration for the Listener with the selection Explicit TLS. Enter
the values in the FTP Listener form as described in this table:
Field Value
Name Select in this field Explicit TLS Listener.
Network interface Enter in this field the IP address xxx.xxx.xxx.xxx . The usage of the default
interface 0.0.0.0 is not preferable, because it may result in creating
duplicates. It is better to specify a correct IP address.
Root path Enter in this field the path D:\ftpserver\root.
Use TLS For the encryption type select in this option Explicit SSL/TLS.
Server keys Add a list of valid certificates (i.e. USER\SSL\ftpserver) .
Require client authentication Check this option as Enabled. The option Enabled/Disabled is set
depending on if the client authentication is required.
List of authorized clients Select a valid TLS client list (i.e. ftpserver). This field is only visible, if the
client authentication is activated.
No special handling is required for FTP Addresses when using secure connection.