FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing (page 6)

Create Policy, Netmap and Adapter in SSP for Dynamic Routing

The next is to configure Sterling Secure Proxy. There are 3 artifacts that needs to be created. First a Policy, next a Netmap, that uses the created Policy and at last an Adapter that uses the created Netmap. Everything in SSP is nested, and thus always hard to delete again since everything is referenced somewhere else…:) But that is another story…

Start by logging in to the Sterling Secure Proxy Configuration Manager User Interface.

Sterling Secure Proxy Configuration Manager UI

Policy

The Policy is quite simple. Select Action -> New Policy… -> FTP Policy…

I give the Policy the name “FTP_Dynamic_Routing”.

FTP Policy - Basic

In the “Advanced” Tab, select User Authentication “Through External Authentication”, and add the “External Authentication Profile” created in SEAS in the previous step. Select “Pass-through”.

FTP Policy - Advanced

Netmap

The Netmap is he next step. Select Action -> New Netmap… -> FTP Netmap…

I give the Netmap the name “FTP_UserID_Netmap”.

FTP Netmap - General

Next is to create Inbound Node. In the “Inbound Node” tab, select “New”. I name it FTP_in, and set wildcard as “Peer Address Pattern”. Here it can be limited as you wish, but I allow anyone to connect. I link to the “FTP_Dynamic_Routing” policy created in the previous step. “Security” and “Advanced” tabs can be unchanged.

FTP Netmap - Inbound Node

The Inbound Node is now created.

FTP Netmap - Inbound Nodes Completed

Select the “Outbound Nodes” tab, and click “New”. Name the Node “SB2BI”, and set the correct Destination Address and Port. In my case the FTP Service on SB2BI is listening on port 40032.

FTP Netmap - Outbound Nodes - SB2BI - Basic

The “Security” Tab can be unchanged. In the “Advanced” tab, set the “Destination Service Name”. This is the name of your FTP Server Adapter in SB2BI.

FTP Netmap - Outbound Nodes - SB2BI - Advanced

Then SB2BI is configured as one of two Outbound Nodes. The second Outbound Node is the VSFTPD Server. Under the “Outbound Nodes” tab click “New” again, and add the VSFTPD Server as the other Node. My VSFTPD server is on the address ftp.demos.ibm.int and listen on port 21. The “Security” and “Advanced” tabs can be unchanged.

FTP Netmap - Outbound Nodes - VSFTPD - Basic

Now just save the Netmap.

FTP Netmap - Outbound Nodes Completed

The Netmap is now created.

And this is also what is important to get Dynamic Routing to work. The names of the Outbound Nodes need to be the exact same as the value in the “destinationIndicator” in the LDAP on each user.

The last step is to create the Adapter.

Adapter

Click Action -> New Adapter -> FTP Reverse Proxy…

I name the Adapter “FTP_UserID_Adapter”. It listens to port 21, and uses the “FTP_UserID_Netmap” I created previously. I select to use “Dynamic Routing with Fallback” and select “VSFTPD” as Fallback. By doing so, VSFTPD is the server the user is directed to if there is no routing information in the LDAP. When migrating from an old to a new solution it might be a good idea to have the fallback to the old solution where you will know that the user has access.

Click “Add” to add a SSP. I only have one SSP configured so I select “SSP1” and “SEAS1” since I only have one SEAS as well. I only use Local Perimeter Servers since I don’t have any PS configured.FTP Adapter - Basic

The “Advanced” and “Properties” tabs can be unchanged. In the “Custom” tab I write a “Server Greeting Banner” and “Login Banner” just to be able to see the difference when logging in on the FTP Servers directly or through SSP when testing.

Skjermbilde 2016-01-12 kl. 14.02.58

We are then finished with the configuration part. The only thing left now is to test if everything done in fact works as planned. That is done in the next chapter. Fingers crossed!

"FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing" table of contents

  1. FTP Server migration using Sterling Secure Proxy – UserID based Dynamic Routing
  2. Export user/password from VSFTPD to LDAP
  3. Export users from VSFTPD to SB2BI
  4. Export folder structure from VSFTPD to SB2BI Mailbox
  5. Create setup in SEAS to fetch Routing Information from LDAP
  6. Create Policy, Netmap and Adapter in SSP for Dynamic Routing
  7. Test setup as is and routing to SB2BI
  8. Summary

0 comments on “FTP Server migration using Sterling Secure Proxy – UserID based Dynamic RoutingAdd yours →

Leave a Reply

Your email address will not be published. Required fields are marked *