File Transfer Server
The File Transfer Server is a process that is included on every Control-M/Agent that has Control-M MFT installed. It supports FTP/S, SFTP, and HTTP/S, and is embedded in the MFT process. The process runs by default, which you can disable, as described in MFT Server General Parameters.
The following diagram shows the File Transfer Server architecture:
Configuring MFT Client and Server
This procedure describes how to configure the MFT Client and Server, which enables you to transfer files directly from one MFT host to another MFT host, without using an FTP server on a third computer.
You can connect to a SFTP or a FTP client on an ad hoc basis, as follows:
-
SFTP client: <FTS hostname>:<FTS SFTP port>
-
FTP client: <FTS hostname>:<FTS FTP port>
By default, the FTP server is down. You must enable the FTP server, as described in MFT Server General Parameters.
You can connect using a Web browser (HTTP/S), as follows:
-
https://<FTS_hostname>:<FTS HTTPS port>
Begin
-
From the icon, select Configuration.
-
From the drop-down list, select Plug-ins.
- Select the required File Transfer plug-in and then from the Configuration drop-down list, do one or more of the following:
- To configure the MFT client, select MFT Client Configuration and type or select the required parameters, as described in MFT Client Configuration Parameters.
- To configure the MFT Server, select MFT Server Configuration, and type or select the required parameters, as described in the following:
- Click Save.
Stopping the File Transfer Server
This procedure describes how to manually stop the File Transfer Server. The Agent host starts the File Transfer Server automatically after 30 seconds. You can disable the File Transfer Server permanently, as described in MFT Server General Parameters.
Begin
From the Agent host, run one of the following commands:
-
UNIX: <Agent Home>/cm/AFT/exe/shutb2b.sh
-
Windows: <Agent Home>\cm\AFT\exe\shutb2b.cmd
Starting the File Transfer Server
This procedure describes how to manually start the File Transfer Server.
Begin
-
From the Agent host, run one of the following commands:
-
UNIX: cm/AFT/exe/startb2b.sh
-
Windows: cm\AFT\exe\startb2b.sh
-
MFT Client Configuration Parameters
The following table lists the Control-M for MFT configuration parameters.
MFT Server General Parameters
The following table describes the MFT Server General parameters.
Parameter | Description |
---|---|
Enable File Transfer Server |
Determines whether the File Transfer Server is enabled or disabled. |
Host |
Defines the hostname where the File Transfer Server is installed |
Home directory |
Defines the root path where transferred files are stored. If you want to use a different directory for each logged in user, you must add \${userName} to the path. C:\temp\${userName} Bob connects to the File Transfer Server and uploads the file a.txt to the root directory, the file is saved in C:\temp\Bob\a.txt. Default:<Agent_Home>/CM/AFT/ftshome/${userName} |
Generate Access Log |
Determines whether the File Transfer Server creates a daily log, which tracks all internal user access information. The log file format is fts_access_log.<YYYYMMDD>.csv and is located in the <Agent>/proclog directory. |
Multiple login allowed |
Determines whether multiple users can connect to the File Transfer Server simultaneously. FTP only |
Max. logins |
Determines the number of users that can connect to the File Transfer Server simultaneously FTP only |
Max login failures |
Determines the maximum number of login attempts that are allowed before no more logins are allowed for the period of time defined by the next parameter FTP only |
Delay after login failure |
Determines the number of seconds to wait after a login failure before the next attempt FTP only |
Throttling activated |
Determines whether to limit number of simultaneous uploads and downloads. |
Max simultaneous uploads |
Determines the maximum number of simultaneous uploads |
Max simultaneous downloads |
Determines the maximum number of simultaneous downloads |
FTP/FTPS Server Parameters
The following table describes FTP/FTPS server parameters.
Parameter | Description |
---|---|
Determines whether the File Transfer Server that supports client connection via FTP/FTPS is enabled |
|
Port |
Determines the port number that the File Transfer Server listens to for FTP/FTPS connections This port is used by clients to connect to the FTP/FTPS server (Default: 1221). |
Secured (FTPS) |
Determines whether FTPS is enabled |
Keystore file path |
Defines the path to the file that contains the server certificate. The keystore must be in PKCS#12 format. If FIPS is enabled, the format must be BCFKS. |
Keystore file password |
Defines the password of the file that contains the server certificate |
Ciphers |
Lists the names of ciphers used for FTPS. If no ciphers are specified, all available ciphers are supported. |
Listen for implicit connections |
Determines whether to automatically turn on security after a connection is established between the FTPS client and the Managed File Transfer server. |
Passive Port/s |
Limits the range of dynamic ports that can be used for passive connections in FTP. Ports can be defined as single ports, closed or open ranges. Multiple definitions must be separated by commas. EXAMPLE: 2300 :Uses 2300 as the passive port 2300-2399:Uses all ports in the range 2300-:Uses all ports larger than 2300 2300, 2305, 2400-: Uses 2300 or 2305 or any port larger than 2400 |
Authentication |
Authenticates the FTP user with one of the following methods:
|
SFTP Server Parameters
The following table describes SFTP server parameters.
Parameter | Description |
---|---|
Determines whether the File Transfer Server that supports client connection via SFTP is enabled | |
Port |
Determines the port number that the File Transfer Server listens to for SFTP connections This port is used by clients to connect to the SFTP server (Default: 1222). |
Keystore file path |
Defines the path to the file that contains the client's certificate |
Keystore file password |
Defines the password for the file that contains the server's certificate. The keystore must be in PKCS#12 format. If FIPS is enabled, the format must be BCFKS. |
Ciphers |
Lists the names of ciphers used for SFTP. |
Known user file path |
Defines the path to the file that contains known users by SFTP |
Authentication |
Authenticates the SFTP user with one of the following methods:
|
Override home directory for specific internal users |
Determines which internal users can override their specific home directory to connect to the FTS/Hub with SFTP. The home directory changes are saved in the fts_config.proerties file in the following format: home.directory.expression.<user>=<home_dir> The home directory can be a network path in the UNC format. |
MFT Server Authentication Parameters
The following table describes MFT Server Authentication parameters.
Parameter | Description |
---|---|
Allowed users |
Determines who can access the File Transfer Server. The list is separated with a comma. Wildcards can be used. johnd,adm*,mydomain\user1 |
Blocked users |
Determines who cannot access the File Transfer Server. The list is separated with a comma. Wildcards can be used. johnd,adm*,mydomain\user1 |
Search User |
Defines the LDAP browse user |
Password |
Defines the password of the user defined in the Search user field. The value of this field can be left blank if the Search user does not have a defined password. |
URL |
Defines the URL address and port of a directory server. |
Base DN |
Defines the point from where the server searches for users. ou=sales,dc=company,dc=us,dc=com |
Username Attribute |
Defines the name of the LDAP attribute that contains the username. |
DN Attribute |
Defines the name of the LDAP attribute that contains the distinguished name |
Timeout |
Determines the number of milliseconds to wait before a timeout (Default: 30000) |
Service name |
Defines the PAM service name. Default: passwd In non-root mode, you can only authenticate the Agent user. To authenticate other users, you must run as root. BMC does not recommend to run as root. |
Connecting to the SFTP Server with Public Key Authentication
This procedure describes how to connect to the SFTP Server with Public Key authentication without logging in with a user and password for each connection.
The File Transfer Server only accepts SSH keys with a non-empty passphrase.
Begin
-
Generate client public keys or use existing keys from your SFTP client.
If your client is Control-M MFT, see Generating SSH Keys.
-
Navigate to the following location:
<Agent_Home>\CM\AFT\data\
-
Open the authorized_keys file and add a new line with the following format:
<user> <key format> <key content>
Where:
-
<user> is the username that is authenticated by an external authentication tool, such as LDAP or PAM.
-
<key format> key format that is defined by the key generator, such as ssh-rsa.
-
<key content> The public key conmponent with out the key comments section.
cuser ssh-rsa AAAAB3NzaC1yc2EAAAAB97sd6f7f6dsfe3sdfsdalkjhfsdklafdufdsAJSDJKAJDHGjhgaSDjhgAjkhgA=
-
Customizing the MFT File Transfer Server Website
This procedure describes how to customize your MFT File Transfer Server Website. You can customize the logo, change the login page background image, and change the site icon on the browser tab.
Begin
-
From the Agent account where MFT is installed, navigate to one of the following locations:
- Windows: <ag>\cm\AFT\data\resources\
-
LINUX: <ag>/cm/AFT/data/resources/
-
Customize your website, as follows:
-
To change the login page background image, update bg-login.jpg.
-
To change the company logo to appear on a dark background bar, update CompanyLogoForDarkBar.svg.
-
To change the company logo to appear on a light background bar, update CompanyLogoForLightBar.svg.
To optimize image dimensions, use the following:
-
.jpg file format: 1200 x 800 px.
-
.svg file format: 76 x 32 px (or any 2:1 ratio).
-
-
To change the site icon on the browser tab, update FileExchange.ico.
-
-
Restart the File Transfer Server by running one of the following:
-
Windows: shutb2b.cmd
-
LINUX: shutb2b.sh
-