Secure FTP in SAP XI

Hello,
I have seen that there is an FTP adapter in SAP XI. We currently have guidelines to use Secure FTP (SFTP) for FTP communication over an 'unsecure' network.
We would like at least 128bit encryption, preferably 1024bit key.
Can SAP XI also support this (and how)? Or is there a possibility with third party adapters?
Best regards

While the File/FTP adapter does not support secure FTP, there are a couple of options for protecting FTP communications.
1. Develop a custom FTPS adapter. There are some good commercially-available Java libraries that implement FTPS; I've found the Secure FTP Bean from Glub Tech (www.glub.com) to be reliable and compatible with many common FTPS servers. It's called a bean, but it really is just a basic Java API library. (It's shareware -- free to download for prototyping, $500 for internal use.)
You do need to understand the various options in the FTPS specification to get this to work. Reading IETF RFC 2228 will help.
2. Use the FTP adapter, and encrypt/decrypt the file contents through a user exit in the adapter. Something on the FTP server side will have to do the same.
--Dan King
Capgemini

Similar Messages

Secure FTP from SAP

Hi,
How do you handle secure FTP from SAP without using scripting ?
Is it possible to set up your RFC destination using the SSL option under the Logon/Security Tab ?
Or is there another method ?
Cheers
Colin.

Check out - Call RSFTP020
Here is an example of
how to FTP a file from the Application server to a remote server using standard SAP functions.
REPORT ZKBTST32 LINE-SIZE 132.
Test SAP FTP functions
DATA: BEGIN OF MTAB_DATA OCCURS 0,
LINE(132) TYPE C,
END OF MTAB_DATA.
DATA: MC_PASSWORD(20) TYPE C,
MI_KEY TYPE I VALUE 26101957,
MI_PWD_LEN TYPE I,
MI_HANDLE TYPE I.
START-OF-SELECTION.
MC_PASSWORD = 'password'.
DESCRIBE FIELD MC_PASSWORD LENGTH MI_PWD_LEN.
*-- FTP_CONNECT requires an encrypted password to work
CALL 'AB_RFC_X_SCRAMBLE_STRING'
ID 'SOURCE' FIELD MC_PASSWORD ID 'KEY' FIELD MI_KEY
ID 'SCR' FIELD 'X' ID 'DESTINATION' FIELD MC_PASSWORD
ID 'DSTLEN' FIELD MI_PWD_LEN.
CALL FUNCTION 'FTP_CONNECT'
EXPORTING
USER = 'userid'
PASSWORD = MC_PASSWORD
HOST = 'servername'
RFC_DESTINATION = 'SAPFTP'
IMPORTING
HANDLE = MI_HANDLE
EXCEPTIONS
NOT_CONNECTED = 1
OTHERS = 2.
CHECK SY-SUBRC = 0.
CALL FUNCTION 'FTP_COMMAND'
EXPORTING
HANDLE = MI_HANDLE
COMMAND = 'dir'
TABLES
DATA = MTAB_DATA
EXCEPTIONS
TCPIP_ERROR = 1
COMMAND_ERROR = 2
DATA_ERROR = 3
OTHERS = 4.
IF SY-SUBRC = 0.
LOOP AT MTAB_DATA.
WRITE: / MTAB_DATA.
ENDLOOP.
ELSE.
do some error checking.
ENDIF.
CALL FUNCTION 'FTP_DISCONNECT'
EXPORTING
HANDLE = MI_HANDLE
EXCEPTIONS
OTHERS = 1.
Hope this helps you,
CHeers,
THomas

How do you send by secure ftp from SAP R/3 4.6C on iseries

We have been using the SAP Standard program, RSFTP002, to ftp files to remote servers for many years. We have now had a requirement to send via secure ftp. We are using R/3 4.6C. Unfortunatley this is not a straight forward change and it seems we may need to install some client software to enable this.
I have searched for any SAP notes and in several user groups but have not been too sucessful.
Has anyone ever set this up before? What client software did you use?
Any pointers / advice on this would be much appreciated.
Many thanks,
Steven

Further to my initial post, I have now discovered that there are additional options on the ftp command on iseries, so I am hoping if I can perform this manaully, then a CL called from SAP would allow me to resolve this challenge.
I am trying to use the command below but this will use the port 990.
FTP RMTSYS(INTNETADR) INTNETADR('*.*.*.*') PORT(SECURE) SECCNN(*SSL)
The vendor is requesting that we use port 443 for secure ftp with SSL and even specifying this in the command as below still does not work. It seems to me there may be an issue at the receiving end. Port 443 is normally used for https so not sure whether specifying this port could cause issues. The resultant error is below.
FTP RMTSYS(INTNETADR) INTNETADR('*.*.*.*') PORT(443) SECCNN(SSL)
Connecting to remote host 62.39.53.181 using port 443.
No response from remote host; all connections closed.
Any other comments would be welcomed.
Many thanks,
Steven

Can we do a Secure FTP for an XML file from ABAP when firewall is enabled?

Hi all,
I have a requirement to send an XML file to an External FTP Server which is out of our corporate network and our firewall is enabled.
I have to send an XML file with Purchase Order details. I completed that with the help of this blog https://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/2657. [original link is broken] [original link is broken] [original link is broken]
Now I need to FTP the XML file that is generated. How should I be doing this? Can some of help me with this?
I need to do a Secure FTP to the external non SAP server which is out of our corporate network and our firewall is enabled. Can some one tell me if SFTP is possible in ABAP.
This is not a web service. I am working on dropping an XML file in an external FTP serveru2026 I have searched the forums but still in a confusion if weather Secure FTP is possible in ABAP or not when our company firewall is enabledu2026
If some one encountered this situation earlier please help,,,..any help will be highly appreciated.
Regards,
Jessica Sam

Thanks a lot for your valuable suggestions Richu2026
I agree with you Rich that web services would be a better option. But I need to send this file to an external third party and they dont have web services.
They are telling us that either we can send them an XML file or a CSV file in the format that they want. We decided to go with XML file format.
I am done with formatting the Purchase Order details in the format that they want. Now the challenge is that I need to send this FTP file to them and it should be a Secure FTP when our fire wall is enabled,
When you say
1) Run an ABAP program to generate the XML file and put it on the local PC
2) Log into the FTP site via some FTP client, could simply be windows as well.
3) Manually cut/paste the file from the PC to the FTP site.
For Step 1 running ABAP Program can I schedule a batch job?
For Step 2 and Step 3 can I automate it in any other way..if not in ABAP?
Can I advice my company to follow any alternate method in which they can automate this step 2 and step 3u2026if not in ABAP can it be possible in any other way as the third party does not have web services I now have no other alternative.
Please Helpu2026
Regards,
Jessica Sam

Secure FTP using ABAP

Hello,
Can we do a secure FTP using ABAP code ??
Thanks
John

Hi John,
Sorry, I think the SAP function modules FTP_CONNECT, FTP_COMMAND und FTP_DISCONNECT are implemented according to RFC859 which is far behind secure connections. As SAP ftp goes throug SAP RFC destinations, this may be the spot where something has to be done to enable a secure connection.
Regards,
Clemens

Secure FTP using FTPS (SSL/TLS) - need help!

I am trying to use an FTP Sender Channel using Secure FTP. I am currently getting a "java.net.ConnectException: Connection timed out: connect" error.
I am on XI 3.0 with SP13.
Settings are FTPS (FTP Using SSL/TLS for Control and Data)
Command Order Auth TLS, USER, PASS, PBSZ, PROT.
I am able to connect from my pc using WSFTP Pro which looks to be using the same command order. I made sure WSFTP Pro was set for passive connections as XI only supports this until SP15.
I have asked our Basis support to make sure the proper ports are open that are used for the connection and file transfer. They have deployed the Java Cryptographic Toolkit on XID, and changed the startup mode for SSL runtime from 'manual' to 'always'. The site I will connect to uses a certificate from Equifax which was added to the TrustedCAs keystore view. After still not being able to get a file, I also added the certificate of the site, which I was able to export from WSFTP Pro and import onto XI with STRUST.
I have increased the J2EE trace for com.sap.aii.adapter.file to Debug, but I haven't been able to get much out of the log. I see entries, such as some SSL activity and the timeout, but nothing that points me to an answer. Of course, I really don't know what to look for.
I have tried to connect to the remote server by name or ip with the same connection timeout.
I currently don't have it set to use X.509 certificate for Client Auth, but I did try a few of those options with no luck.
Any pointers would be appreciated.
Thanks,
Eric Peterson

Eric,
Did you ever solve the problem ? I am having the same issue.
Cheers
Jon

Diff between FTP & Secured FTP

Hi,
What is the diff between FTP & Secured FTP.
Thanks
Koteswa Rao

Rao,
The File Adapter does not support SFTP (File Transfer over SSH). It supports FTPS.
U may view this here at point 28 in SAP Note: 821267
Just an add-on, if u want to view the difference between FTPS (that XI supports) and SFTP, please refer this link
http://www.enterprisedt.com/forums/viewtopic.php?p=136&sid=28d66491b43c6bf90448deea4936bc15
. SAP is looking into this. Please see this thread on this discussion:
SFTP supports in SAP Netweaver 2004s
---Satish

How can I find out the server port for a secured FTP site and creating a FTP Connection Manager

I have to create a FTP Task to go out and get the files that our 3rd party vendor will be dropping on a secured FTP site. I have all the credentials to access that Secured FTP Site and have successfully done so through FileZilla.
Now I need to set-up a FTP Task to go out and get their files and in so doing create a FTP Connection Manager. Is there any way I can determine the
Server Port number from the Secured FTP site? I let it default to 21 and tried the Test Connect and it failed.
Thanks for your review and am hopeful for a reply.

Hi ITBobbyP,
SSIS has a built in FTP task, while this only works for the FTP protocol, it doesn’t support SFTP. But there are some free clients like WinSCP and
SSIS SFTP Task Control Flow Component
available in the CodePlex which can invoked from SSIS.
References:
SSIS SFTP Task Control Flow Component approach
WinSCP approach
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support

How to copy/send text file from FTPS to SAP ECC File Port

Hi Frdns,
I am working on one design, actually my requirement as follows
I am receiving financial information document from Banks, which is in the form of BIA2 message format, it looks like text file. This information needs to be sending to SAP ECC system.
I identified some approaches to full fill the requirement
1)Using Conversion agent/or third party tools to convert BIA2 message in to XML, then using PI I will pick up the XML message, convert it in to IDoc.
2)Without any conversion I will copy the same file (original BIA2 message) in to SAP ECC file port, in this case no conversion required, calling some program I will schedule it.
I am looking forward t implement the second approach because it saves lot of money to my client.
Now I am wondering using File adapter can i copy to SAP ECC File Port or I required ABAP proxy?
What is the best approach to copy the BIA message text file from FTPS to SAP ECC File Port.??
Regards,
Raj

Hi Raja,
>>Now I am wondering using File adapter can i copy to SAP ECC File Port or I required ABAP proxy?
Yes you can do this copy, the only restriction that can happen is the file size.. If you are sure that the fiel will be of few MB at the max then you can use the Configuration part alone and copy it to ECC folder. For doing this you need the following:
1. Sender agreement (mention the sender interface as anything XYZ)
2. Sender communication channel. Pick the file in binary mode
3. Receiver determination (keep both the sender and receiver service as same)
4. Interface Detemiantion (dont specify any mapping and keep the receiver interface name as XYZ)
5. Create receiver agreement (with same service and interface)
6. Use file adapter here
Regards
Suraj

Webinar: How to implement secure scenarios with SAP NW PI 7.1

SAP Intelligence Platform & NetWeaver RIG APJ Expert Call
Dear valued SAP Experts,
Next SAP Intelligence Platform & NetWeaver RIG Expert Call Session will take place on Tuesday, August 18.
The SAP Intelligence Platform & NetWeaver RIG Expert Call Sessions are designed to support consultants, partners and customers during their implementation projects. The sessions cover all different aspects of SAP NetWeaver and are aimed at
thus provide knowledge which is not available via standard training courses. The session duration is typically 60min and includes questions and answers.
Tuesday, August 18, 2009:
How to implement secure scenarios with SAP NetWeaver Process Integration 7.1
Time: 2.00 - 3.00 p.m. Singapore Time (UTC +8)
This event will feature Makoto Sugishita with the SAP Intelligence Platform & NetWeaver Regional Implementation Group.
Makoto provides the following abstract:
In this session you will learn more about the core security concepts that are provided with the service-oriented architecture (SOA)
management capabilities in SAP NetWeaver Process Integration (SAP NetWeaver PI). This session will cover main use cases and
supported scenarios of secure SAP NetWeaver PI deployments.
SAP Connect Link: https://sap.emea.pgiconnect.com/I016095
(no passcode needed)
Dial in:
For dial in details please register here http://www.surveymonkey.com/s.aspx?sm=EFeuZl9PxrwKOW5i5W556g_3d_3d
Kind regards,
Sarma Sishta
SAP Intelligence Platform & NetWeaver RIG APJ

hi,
I'm making this a sticky thread till August 18 so it will have better visibility
Regards,
Michal Krawczyk

Secure ftp of files stored in a directory on the operating system

Is it possible to secure ftp files directly from the server without first storing them in the flows database? (Apex 3.2; Oracle 10g 10.2.0.4; Oracle Unbreakable Linux 4). If so, are there security issues?

Hi ,
Use EPS_GET_DIRECTORY_LISTING
Refer the below code I have used in one of my assignment.
DATA:   l_check_msg(50) TYPE c,
          l_filemask       LIKE epsf-epsfilnam.
CONCATENATE p_sysid '*' INTO l_filemask.
CALL FUNCTION 'EPS_GET_DIRECTORY_LISTING'
       EXPORTING
            dir_name               = wa_ztsifregi-pathname
            file_mask              = l_filemask
       TABLES
            dir_list               = i_files
       EXCEPTIONS
            invalid_eps_subdir     = 1
            sapgparam_failed       = 2
            build_directory_failed = 3
            no_authorization       = 4
            read_directory_failed = 5
            too_many_read_errors   = 6
            empty_directory_list   = 7
            OTHERS                 = 8.
IF sy-subrc NE 0.
    CASE sy-subrc.
      WHEN 1.
        l_check_msg = 'Invalid subdirectory'(005).
      WHEN 2.
        l_check_msg = 'EPS_GET_DIRECTORY_LISTING failed'(006).
      WHEN 3.
        l_check_msg = 'Build directory failed'(007).
      WHEN 4.
        l_check_msg = 'No authorization'(008).
      WHEN 5.
        l_check_msg = 'Read directory failed'(009).
      WHEN 6.
        l_check_msg = 'Too many read error'(010).
*      WHEN 7.
*        l_check_msg = 'Empty directory'(011).
      WHEN OTHERS.
        l_check_msg = 'Unexpected error from function module'(012).
    ENDCASE.
Hope this solves your query.
Regards
Abhii
Regards
Abhii

SSIS and Secured FTP Commands to GET a Remote File using wildcards

So my biggest caveat here is dealing with wildcards! For the life of me I cannot find any good examples of SSIS and scripting that uses FTP wildcards to GET certain Files. In a nutshell, here's what I need to do...
Query a SQL Server Database which has a parsed File Name, the first 50 characters of the file name.
The Query "Result Set" is put into an Object Variable User::SQLServerFileList
I then utilize a "Foreach Loop Container" which reads the User::SQLServerFileList and puts it into Variable User::SQLServerFileNm...which is again the first 50 characters of the File Name
Within the "Foreach Loop Container", I then utilize an "Expression Task" which builds a variable User::RemoteFileLookup which is a concatenation of the User::RemoteFolderPath + User::SQLServerFileNm + the wildcard *(Variable
User::RemoteWildCard)
I then try and utilize a "FTP Task" to use that concatenated Variable to go and GET the Filename but every time I try, it does not like what I'm sending via the "FTP Task"
Error: 0x0 at TF Secure FTP Task, ExecuteTask Failed:: Illegal characters in path.
I realize I might have to do something like this via C#.
My biggest challenge is providing the GET Command via the Remote FTP Site with a parsed Filename and utilizing a wildcard.
mc7i1231_20140227_050114_27_05_02_09*.999
And the Filename that exists on the FTP Server is...
mc7i1231_20140227_050114_27_05_02_09_x12_a43419452ca844a9b8a00f61e655dca3.x12-20140303180032.999
Can any gurus out there PLEASE help me out???
Thanks in advance for your review and am hopeful for a reply.
PSULionRP

Hi PSULionRP,
According to the document
FTP Task, we can read that:
The FTP task supports the ? and * wildcard characters in paths. This lets the task access multiple files. However, you can use wildcard characters only in the part of the path that specifies the file name. For example, C:\MyDirectory\*.txt is a valid
path, but C:\*\MyText.txt is not.
So, when you use expression tobuild the variable RemoteFolderPath, make sure the evaluated value of the expression conforms to the above rule.
Regards,
Mike Yin
TechNet Community Support

Using Secure FTP to extract a file

Dear all
we want to create a mapping to read data from a set of tables and after some transformation to export the data into a flat file over a secure FTP protocol to a remote location.
I am wondering :
a) if that is feasible and if yes, then
b) what are the parameters we have to use to achieve that.
many thanks in advance

A quick search at google reveals there are plenty of FTP libraries available for the various mainstream programming languages (Java, C, C++ etc).
However, FTP has a very basic command set. (MKDIR, GET, PUT, DEL etc).
So you are not going to be able to perform more advanced document management tasks (such as lock a document, check-in, check-out, modify metadata, modify security, search, sort etc) through standard FTP commands.
In terms of setting metadata through FTP, you could potentially store the various processing instructions required in some type of XML file (or equivalent) and upload this XML file to the repository. A custom event handler could be created that listens for DOCUMENT_CREATED events, and then attempts to process the XML files and perform the various instructions contained within by calling the appropriate in-process Content DB FDK API.
It's ugly, but possible.
cheers
Matt.

FTP to SAP using ABAP Proxy

Hi SDN,
I am new to XI can any one provide me clear documentation or link on "FTP to SAP using ABAP Proxy" on this senario. I mean the steps to create ABAP Proxy etc..
Thanks in Advance
Regards
Basha

Hi Shaik
Please go through the information provided in the blogs below which explains clearly the Scenario you want to try.
<a href="/people/ravikumar.allampallam/blog/2005/03/14/abap-proxies-in-xiclient-proxy Proxies in XI</a>
<a href="/people/siva.maranani/blog/2005/04/03/abap-server-proxies Server Proxies</a>
<a href="/people/prateek.shah/blog/2005/06/14/file-to-r3-via-abap-proxy to R/3 via ABAP Proxy</a>
Please do let me know if you want any more help regarding the same.
Regards,
Abhy

FTP in SAP

Hi,
Can any one help me how to do an FTP in SAP ECC. Step by step will be useful.
Regards
D.Mukundan

Usually you are using the ftp client of the underlying operating system to transport files from the SAP ECC system to an other machine.
So define your external ftp command in the SM69 and use the FM SXPG_COMMAND_EXECUTE to execute it in your own program.

Secure FTP in SAP XI

Similar Messages

Maybe you are looking for