XI3.0 Secure FTP in both directions
Hi!
We have an XI 3.0 system running behind the firewall of the DMZ. Our XI scenarios require to automatically:
- pull files from FTP servers standing in the internet
- push files to FTP servers standing in the internet
in a way that is as secure as possible, because the data to be transferred are critical and confidential.
And all that should happen completely automated without any human intervention (except for the case of problems).
As far as I know XI 3.0 does not support SFTP and additionally we do not want to open any direct channel between the XI and the "rest of the world".
Therefore I think we need some kind of software running in the DMZ that automatically handles the file transfers between our XI and the world outside - ideally it should also be possible that the XI FTP Adapter can be used to trigger automated data transfers.
Has anybody some kind of experience concerning our challenge. If you reply to this posting please take in mind that I am NOT a security expert but only a stupid XI consultant.
Thanx for any hints!
Regards,
Volker
Hi,
in one of our projects we did something like this:
XI - SFTP
but we had to program it in java
(java proxy with www for configuration)
there's no standard way unless you'd find
a solution which could be started by
an operation system command from FTP adapter
and do what you want - SFTP transfer
you cna always try some of the third party
xi adapters:
http://www.iwaysoftware.com/products/sap/SAP_XI.html
my few cents
Regards,
michal
Similar Messages
-
Secure ftp of files stored in a directory on the operating system
Is it possible to secure ftp files directly from the server without first storing them in the flows database? (Apex 3.2; Oracle 10g 10.2.0.4; Oracle Unbreakable Linux 4). If so, are there security issues?
Hi ,
Use EPS_GET_DIRECTORY_LISTING
Refer the below code I have used in one of my assignment.
DATA: l_check_msg(50) TYPE c,
l_filemask LIKE epsf-epsfilnam.
CONCATENATE p_sysid '*' INTO l_filemask.
CALL FUNCTION 'EPS_GET_DIRECTORY_LISTING'
EXPORTING
dir_name = wa_ztsifregi-pathname
file_mask = l_filemask
TABLES
dir_list = i_files
EXCEPTIONS
invalid_eps_subdir = 1
sapgparam_failed = 2
build_directory_failed = 3
no_authorization = 4
read_directory_failed = 5
too_many_read_errors = 6
empty_directory_list = 7
OTHERS = 8.
IF sy-subrc NE 0.
CASE sy-subrc.
WHEN 1.
l_check_msg = 'Invalid subdirectory'(005).
WHEN 2.
l_check_msg = 'EPS_GET_DIRECTORY_LISTING failed'(006).
WHEN 3.
l_check_msg = 'Build directory failed'(007).
WHEN 4.
l_check_msg = 'No authorization'(008).
WHEN 5.
l_check_msg = 'Read directory failed'(009).
WHEN 6.
l_check_msg = 'Too many read error'(010).
* WHEN 7.
* l_check_msg = 'Empty directory'(011).
WHEN OTHERS.
l_check_msg = 'Unexpected error from function module'(012).
ENDCASE.
Hope this solves your query.
Regards
Abhii
Regards
Abhii -
Can we do a Secure FTP for an XML file from ABAP when firewall is enabled?
Hi all,
I have a requirement to send an XML file to an External FTP Server which is out of our corporate network and our firewall is enabled.
I have to send an XML file with Purchase Order details. I completed that with the help of this blog https://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/2657. [original link is broken] [original link is broken] [original link is broken]
Now I need to FTP the XML file that is generated. How should I be doing this? Can some of help me with this?
I need to do a Secure FTP to the external non SAP server which is out of our corporate network and our firewall is enabled. Can some one tell me if SFTP is possible in ABAP.
This is not a web service. I am working on dropping an XML file in an external FTP serveru2026 I have searched the forums but still in a confusion if weather Secure FTP is possible in ABAP or not when our company firewall is enabledu2026
If some one encountered this situation earlier please help,,,..any help will be highly appreciated.
Regards,
Jessica SamThanks a lot for your valuable suggestions Richu2026
I agree with you Rich that web services would be a better option. But I need to send this file to an external third party and they dont have web services.
They are telling us that either we can send them an XML file or a CSV file in the format that they want. We decided to go with XML file format.
I am done with formatting the Purchase Order details in the format that they want. Now the challenge is that I need to send this FTP file to them and it should be a Secure FTP when our fire wall is enabled,
When you say
1) Run an ABAP program to generate the XML file and put it on the local PC
2) Log into the FTP site via some FTP client, could simply be windows as well.
3) Manually cut/paste the file from the PC to the FTP site.
For Step 1 running ABAP Program can I schedule a batch job?
For Step 2 and Step 3 can I automate it in any other way..if not in ABAP?
Can I advice my company to follow any alternate method in which they can automate this step 2 and step 3u2026if not in ABAP can it be possible in any other way as the third party does not have web services I now have no other alternative.
Please Helpu2026
Regards,
Jessica Sam -
How do you send by secure ftp from SAP R/3 4.6C on iseries
We have been using the SAP Standard program, RSFTP002, to ftp files to remote servers for many years. We have now had a requirement to send via secure ftp. We are using R/3 4.6C. Unfortunatley this is not a straight forward change and it seems we may need to install some client software to enable this.
I have searched for any SAP notes and in several user groups but have not been too sucessful.
Has anyone ever set this up before? What client software did you use?
Any pointers / advice on this would be much appreciated.
Many thanks,
StevenFurther to my initial post, I have now discovered that there are additional options on the ftp command on iseries, so I am hoping if I can perform this manaully, then a CL called from SAP would allow me to resolve this challenge.
I am trying to use the command below but this will use the port 990.
FTP RMTSYS(INTNETADR) INTNETADR('*.*.*.*') PORT(SECURE) SECCNN(*SSL)
The vendor is requesting that we use port 443 for secure ftp with SSL and even specifying this in the command as below still does not work. It seems to me there may be an issue at the receiving end. Port 443 is normally used for https so not sure whether specifying this port could cause issues. The resultant error is below.
FTP RMTSYS(INTNETADR) INTNETADR('*.*.*.*') PORT(443) SECCNN(SSL)
Connecting to remote host 62.39.53.181 using port 443.
No response from remote host; all connections closed.
Any other comments would be welcomed.
Many thanks,
Steven -
How can I find out the server port for a secured FTP site and creating a FTP Connection Manager
I have to create a FTP Task to go out and get the files that our 3rd party vendor will be dropping on a secured FTP site. I have all the credentials to access that Secured FTP Site and have successfully done so through FileZilla.
Now I need to set-up a FTP Task to go out and get their files and in so doing create a FTP Connection Manager. Is there any way I can determine the
Server Port number from the Secured FTP site? I let it default to 21 and tried the Test Connect and it failed.
Thanks for your review and am hopeful for a reply.Hi ITBobbyP,
SSIS has a built in FTP task, while this only works for the FTP protocol, it doesn’t support SFTP. But there are some free clients like WinSCP and
SSIS SFTP Task Control Flow Component
available in the CodePlex which can invoked from SSIS.
References:
SSIS SFTP Task Control Flow Component approach
WinSCP approach
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
The synchronisation of iphone 4S to windows 7/64 bit does no longer work; kalender, individual ringtones and contacts get not sychronized in both directions. I tried reset on working configuration, deinstallation of itunes - nothing worked - what can be done to solve?
Couple of things to check:
You are using Outlook 2003, 2007 or 2010
You have selected to sync Calendars and Contacts with Outlook on the Info tab of your iTunes sync settings
You have selected your Outlook calendar as the default claendar on your iPhone (in Settings>Mail,Contacts,Calendars>Default Calendar)
If all that is correct and iTunes still won't sync correctly, you might have to try reinstalling Outlook. Another option is to enable iCloud syncing with Outlook (see http://www.apple.com/icloud/setup/). This requires Outlook 2007 or 2010. If you decide to sync using iCloud but sure to disable contacts and calendar syncing in iTunes on the Info tab of your sync settings. Do not try to sync with both Outlook and iCloud or you will end up with duplicates in your contacts and calendar.
For syncing Ringtones confirm that:
The file is really a ringtone (right-click the file in iTunes, select Get Info, on the Summary tab it should say "Kind: Ringtone".
You have checked each of the ringtones you want to sync
You have checked "Sync only checked songs and videos" on the Summary tab of your iTunes sync settings
You have checked Sync Tones on the Tones tab of your iTunes sync settings -
Why can't I get Back To My Mac to work in both directions between my 2011 Mac Book Air and my 2012 Mac Mini? The network uses a Time Capsule. Everything works when connecting from the Mini to the Air, but the reverse is not the case, none of the Mini's drives are visible, and the screen sharing option is not available. I've tried the measures already suggested in online articles, everything seems to be configured correctly using my iCloud account. I'm at a loss, any suggestions would be appreciated.
I've now managed to get the service running in both directions, but not in the way I had anticipated. I had to create a second account on the Mac Book Air, this also has administrator privilages, everything works fine when connecting from this acccount. However, this is not the way I would expect to work, none of my documents, applications and settings would be available, unless I laboriously duplicated them to the new account.
Also, I've yet to get the service running from outside my home network. -
SSIS and Secured FTP Commands to GET a Remote File using wildcards
So my biggest caveat here is dealing with wildcards! For the life of me I cannot find any good examples of SSIS and scripting that uses FTP wildcards to GET certain Files. In a nutshell, here's what I need to do...
Query a SQL Server Database which has a parsed File Name, the first 50 characters of the file name.
The Query "Result Set" is put into an Object Variable User::SQLServerFileList
I then utilize a "Foreach Loop Container" which reads the User::SQLServerFileList and puts it into Variable User::SQLServerFileNm...which is again the first 50 characters of the File Name
Within the "Foreach Loop Container", I then utilize an "Expression Task" which builds a variable User::RemoteFileLookup which is a concatenation of the User::RemoteFolderPath + User::SQLServerFileNm + the wildcard *(Variable
User::RemoteWildCard)
I then try and utilize a "FTP Task" to use that concatenated Variable to go and GET the Filename but every time I try, it does not like what I'm sending via the "FTP Task"
Error: 0x0 at TF Secure FTP Task, ExecuteTask Failed:: Illegal characters in path.
I realize I might have to do something like this via C#.
My biggest challenge is providing the GET Command via the Remote FTP Site with a parsed Filename and utilizing a wildcard.
mc7i1231_20140227_050114_27_05_02_09*.999
And the Filename that exists on the FTP Server is...
mc7i1231_20140227_050114_27_05_02_09_x12_a43419452ca844a9b8a00f61e655dca3.x12-20140303180032.999
Can any gurus out there PLEASE help me out???
Thanks in advance for your review and am hopeful for a reply.
PSULionRPHi PSULionRP,
According to the document
FTP Task, we can read that:
The FTP task supports the ? and * wildcard characters in paths. This lets the task access multiple files. However, you can use wildcard characters only in the part of the path that specifies the file name. For example, C:\MyDirectory\*.txt is a valid
path, but C:\*\MyText.txt is not.
So, when you use expression tobuild the variable RemoteFolderPath, make sure the evaluated value of the expression conforms to the above rule.
Regards,
Mike Yin
TechNet Community Support -
Hello,
I have seen that there is an FTP adapter in SAP XI. We currently have guidelines to use Secure FTP (SFTP) for FTP communication over an 'unsecure' network.
We would like at least 128bit encryption, preferably 1024bit key.
Can SAP XI also support this (and how)? Or is there a possibility with third party adapters?
Best regardsWhile the File/FTP adapter does not support secure FTP, there are a couple of options for protecting FTP communications.
1. Develop a custom FTPS adapter. There are some good commercially-available Java libraries that implement FTPS; I've found the Secure FTP Bean from Glub Tech (www.glub.com) to be reliable and compatible with many common FTPS servers. It's called a bean, but it really is just a basic Java API library. (It's shareware -- free to download for prototyping, $500 for internal use.)
You do need to understand the various options in the FTPS specification to get this to work. Reading IETF RFC 2228 will help.
2. Use the FTP adapter, and encrypt/decrypt the file contents through a user exit in the adapter. Something on the FTP server side will have to do the same.
--Dan King
Capgemini -
Using Secure FTP to extract a file
Dear all
we want to create a mapping to read data from a set of tables and after some transformation to export the data into a flat file over a secure FTP protocol to a remote location.
I am wondering :
a) if that is feasible and if yes, then
b) what are the parameters we have to use to achieve that.
many thanks in advanceA quick search at google reveals there are plenty of FTP libraries available for the various mainstream programming languages (Java, C, C++ etc).
However, FTP has a very basic command set. (MKDIR, GET, PUT, DEL etc).
So you are not going to be able to perform more advanced document management tasks (such as lock a document, check-in, check-out, modify metadata, modify security, search, sort etc) through standard FTP commands.
In terms of setting metadata through FTP, you could potentially store the various processing instructions required in some type of XML file (or equivalent) and upload this XML file to the repository. A custom event handler could be created that listens for DOCUMENT_CREATED events, and then attempts to process the XML files and perform the various instructions contained within by calling the appropriate in-process Content DB FDK API.
It's ugly, but possible.
cheers
Matt. -
Hi,
How do you handle secure FTP from SAP without using scripting ?
Is it possible to set up your RFC destination using the SSL option under the Logon/Security Tab ?
Or is there another method ?
Cheers
Colin.Check out - Call RSFTP020
Here is an example of
how to FTP a file from the Application server to a remote server using standard SAP functions.
REPORT ZKBTST32 LINE-SIZE 132.
Test SAP FTP functions
DATA: BEGIN OF MTAB_DATA OCCURS 0,
LINE(132) TYPE C,
END OF MTAB_DATA.
DATA: MC_PASSWORD(20) TYPE C,
MI_KEY TYPE I VALUE 26101957,
MI_PWD_LEN TYPE I,
MI_HANDLE TYPE I.
START-OF-SELECTION.
MC_PASSWORD = 'password'.
DESCRIBE FIELD MC_PASSWORD LENGTH MI_PWD_LEN.
*-- FTP_CONNECT requires an encrypted password to work
CALL 'AB_RFC_X_SCRAMBLE_STRING'
ID 'SOURCE' FIELD MC_PASSWORD ID 'KEY' FIELD MI_KEY
ID 'SCR' FIELD 'X' ID 'DESTINATION' FIELD MC_PASSWORD
ID 'DSTLEN' FIELD MI_PWD_LEN.
CALL FUNCTION 'FTP_CONNECT'
EXPORTING
USER = 'userid'
PASSWORD = MC_PASSWORD
HOST = 'servername'
RFC_DESTINATION = 'SAPFTP'
IMPORTING
HANDLE = MI_HANDLE
EXCEPTIONS
NOT_CONNECTED = 1
OTHERS = 2.
CHECK SY-SUBRC = 0.
CALL FUNCTION 'FTP_COMMAND'
EXPORTING
HANDLE = MI_HANDLE
COMMAND = 'dir'
TABLES
DATA = MTAB_DATA
EXCEPTIONS
TCPIP_ERROR = 1
COMMAND_ERROR = 2
DATA_ERROR = 3
OTHERS = 4.
IF SY-SUBRC = 0.
LOOP AT MTAB_DATA.
WRITE: / MTAB_DATA.
ENDLOOP.
ELSE.
do some error checking.
ENDIF.
CALL FUNCTION 'FTP_DISCONNECT'
EXPORTING
HANDLE = MI_HANDLE
EXCEPTIONS
OTHERS = 1.
Hope this helps you,
CHeers,
THomas -
Hi,
I am developing a secure FTP client.
Is there any free API available in the market which I can be reuseable in my application?
If not please provide me some link so that I can develope such API using JSSE API.
FYI-I am following the Internet Draft, �Securing FTP with TLS� by Ford-Hutchinson,a specification for realizing RFC2228, �FTP Security Extension� using TLS.
Thanks.hi friend,
i'm also looking for free secure ftp api's for Java...
if u know any, do let me know.... -
Hello,
Can we do a secure FTP using ABAP code ??
Thanks
JohnHi John,
Sorry, I think the SAP function modules FTP_CONNECT, FTP_COMMAND und FTP_DISCONNECT are implemented according to RFC859 which is far behind secure connections. As SAP ftp goes throug SAP RFC destinations, this may be the spot where something has to be done to enable a secure connection.
Regards,
Clemens -
Secure FTP using FTPS (SSL/TLS) - need help!
I am trying to use an FTP Sender Channel using Secure FTP. I am currently getting a "java.net.ConnectException: Connection timed out: connect" error.
I am on XI 3.0 with SP13.
Settings are FTPS (FTP Using SSL/TLS for Control and Data)
Command Order Auth TLS, USER, PASS, PBSZ, PROT.
I am able to connect from my pc using WSFTP Pro which looks to be using the same command order. I made sure WSFTP Pro was set for passive connections as XI only supports this until SP15.
I have asked our Basis support to make sure the proper ports are open that are used for the connection and file transfer. They have deployed the Java Cryptographic Toolkit on XID, and changed the startup mode for SSL runtime from 'manual' to 'always'. The site I will connect to uses a certificate from Equifax which was added to the TrustedCAs keystore view. After still not being able to get a file, I also added the certificate of the site, which I was able to export from WSFTP Pro and import onto XI with STRUST.
I have increased the J2EE trace for com.sap.aii.adapter.file to Debug, but I haven't been able to get much out of the log. I see entries, such as some SSL activity and the timeout, but nothing that points me to an answer. Of course, I really don't know what to look for.
I have tried to connect to the remote server by name or ip with the same connection timeout.
I currently don't have it set to use X.509 certificate for Client Auth, but I did try a few of those options with no luck.
Any pointers would be appreciated.
Thanks,
Eric PetersonEric,
Did you ever solve the problem ? I am having the same issue.
Cheers
Jon -
Is it possible to have a secure FTP connection using private key authentication?
Is it possible to have a secure FTP connection using private key authentication to connect to a folder on Business Catalyst?
Hi,
Not available at this stage as the only options can be found in the SFTP set-up article.
- http://helpx.adobe.com/business-catalyst/partner/connecting-site-using-ftp-client.html
Kind regards,
-Sidney
Maybe you are looking for
-
Multiple iPhones to a single iTunes Account - doable?
Hi all, heres one - Is it possible to have 2 iphones authorised to 2 personal machines (windows) AND my mac which has all my centralised iTunes music? Currently, my music collection is dottted around various machines and drives. I am in the process o
-
No (NEW) Images in Aperture galleries
Anyone have ideas on how to fix the media sharing between Aperture and iWeb? Since installing the Aperture 3 trial, I cannot see any new images in the iweb media browser - only images that were imported prior to installing the trial. Now that I've go
-
Pallet+material tracking after goods issue? billing on destination qty?
hi experts we have done here pallet material pack let s say 1 pack for 10 materials while doing outbound delivery. after that i will create shipment document in vto1(transportation), after that i will do the goods issue vlo2n. now i can able to enter
-
A profile which appears in Windows/System32/Spool/drivers/color does not appear in the Printer Profile Window of the Print Window. A second profile does appear there but not in Windows/System32/Spool/drivers/color. This is after twice rebooting my
-
Where are the Oracle Data Binding Frameworks for Oracle Objects?
Oracle offers a few different options for data-binding frameworks to Oracle relational data. Amongst them they include TopLink and the Oracle Application Development Framework (ADF)in JDeveloper 10G. J2EE also offers the EJB standard framework. Both