FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing

"FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing" table of contents

  1. FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing
  2. Export user/password from VSFTPD to LDAP
  3. Export users from VSFTPD to SB2BI
  4. Export folder structure from VSFTPD to SB2BI Mailbox
  5. Create setup in SEAS to fetch Routing Information from LDAP
  6. Create Policy, Netmap and Adapter in SSP for Dynamic Routing
  7. Test setup as is and routing to SB2BI
  8. Summary

In the last release of Sterling Secure Proxy (SSP), v. 3.4.2.1, IBM introduced Dynamic Routing based on User ID for HTTP, FTP and SFTP. That means that if SSP is connected to an LDAP, the LDAP can include a parameter that says what backend system the user should be routed to.

Typical use cases for this is migration from an old solution to a new solution. This does not ease the migration job itself regards to artifacts that needs to be moved from old to the new solution. But it offers the possibility to have a more controlled move of the users themselves from the old to the new system. So instead of moving all users in a “big-bang” by rerouting IP or similar, it is possible to route single users from the old to the new solution when the artifacts needed is migrated. And of course move them back if something goes wrong.

In this example I will do a simple migration from a FTP server to Sterling B2B Integrator. I have a test system consisting of multiple servers.

Server: Software: OS:
sinode1.demos.ibm.int Sterling B2B Integrator 5.2.5 RHEL 7
sidb.demos.ibm.int IBM DB2 Workgroup 9.5 CentOS 7
ssp.demos.ibm.int Sterling Secure Proxy 3.4.2.1 CentOS 7
sspcm.demos.ibm.int Sterling Secure Proxy
Configuration Manager
CentOS 7
seas.demos.ibm.int Sterling External
Authentication Server
CentOS 7
ldap.demos.ibm.int OpenLDAP Debian 7
ftp.demos.ibm.int VSFTPD Ubuntu 14.04

 

Scenario

I have 4 users on my “old” FTP server. Each user is authenticated directly to the FTP Server and each user has its own folder structure in it’s root folder. My scenario is to do a mini migration of the users. There is no backend processes in my mini-migration, so I will only focus on getting the users moved and rerouted. I will also try to use Sterling B2B Integrator Business Processes and Translation to automate parts of the migration effort. With only four users, it is faster to do it manually, but the point is to show that it is possible to automate to a certain degree.

The scenario consists of two main parts. First 3 steps handling the migration of artifacts from the “old” FTP Server to Sterling B2B Integrator. Then 2 steps setting up the Dynamic Routing in Sterling Secure Proxy and Sterling External Authentication Server. And in the end a step to test everything.

The following steps will be performed:

  1. Export user/password from the VSFTPD server to  OpenLDAP
  2. Export users from VSFTPD to SB2BI
  3. Export folder structure from VSFTPD to SB2BI Mailbox
  4. Create setup in SEAS to fetch Routing Information from LDAP
  5. Create Policy, Netmap and Adapter in SSP for Dynamic Routing
  6. Test setup as is and routing to SB2BI

To make this post more readable, I have divided the post in separate pages for each step.

"FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing" table of contents

  1. FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing
  2. Export user/password from VSFTPD to LDAP
  3. Export users from VSFTPD to SB2BI
  4. Export folder structure from VSFTPD to SB2BI Mailbox
  5. Create setup in SEAS to fetch Routing Information from LDAP
  6. Create Policy, Netmap and Adapter in SSP for Dynamic Routing
  7. Test setup as is and routing to SB2BI
  8. Summary

0 comments on “FTP Server migration using Sterling Secure Proxy – UserID based Dynamic RoutingAdd yours →

Leave a Reply

Your email address will not be published. Required fields are marked *