Progress MOVEit File Transfer (DMZ)

Overview:

What if you could take the guesswork out of the file transfer process? What if you had complete visibility and control over how files were sent, stored, and received? MOVEit™File Transfer makes it possible. Used by thousands of IT departments in some of the most data-sensitive industries, MOVEit File Transfer server lets you manage how sensitive information is sent between partners, customers, employees, and systems.

MOVEit File Transfer is the part of the MOVEit Managed File Transfer System that allows you to:

• Reliably transfer files 24/7
• Connect with any system, server or client with a broad set of protocols
• Protect files in transit and at rest
• Gain visibility and control over file transfer activity
• Confidently meet SLAs and compliance requirements
• Use on-premise or in the cloud

Key features & benefits:

• Transfer business files reliably and securely
• Automate file-based tasks and business workflows
• Confidently meet SLAs and compliance requirements
• Gain visibility and control over file transfer activity
• Business continuity for file transfers
• Automate Performance, SLA and Compliance Management Reporting and Monitoring

MOVEit File Transfer enables organizations of any size to:

• Gain greater visibility and control: Track the movement and status of every file – at any time – from a central server with MOVEit File Transfer. Gain better visibility and control over file activity within minutes of adoption and never have to guess about the location of a file again.
• Leverage Existing Security Infrastructure: Relieve security stress and centrally manage user authentication via integration to existing security infrastructure. MOVEit File Transfer (DMZ) provides standards-based ICAP integration to DLP and antivirus systems, SAML 2.0 integration to IdP systems, and native integration to AD/LDAP services.
• Ensure File Transfers Continue During Failures: Many organizations require mission-critical solutions be available 24/7. MOVEit File Transfer (DMZ) has a flexible architecture that delivers scalability, high availability and turnkey disaster recovery.
• Drive user Adoption via Simple, Familiar Client Access: MOVEit File Transfer (DMZ) provides single sign-on across all clients and supports a broad range of clients including: mobile devices, web browsers, and Outlook client. Users have a consistent, intuitive user experience across phone, tablet, and desktop browsers.
• Protect Files at all Times: Secure sensitive data in transit and at rest with proven encryption (FIPS 140-2 validated AES), receiver authentication, and delivery confirmation. MOVEit File Transfer (DMZ) also lets you enforce user, system, and file security policies. Control the movement of sensitive files via integration with DLP systems.
• Meet SLAs and Compliance Requirements: With reports of data in its tamper-evident database, MOVEit File Transfer (DMZ) makes it easy to comply with regulations such as HIPAA, PCI, and Sarbanes-Oxley.

Flexible Selection of MOVEit Clients:

MOVEit EZ - Windows Desktop Automated Secure File Transfer Client

MOVEit EZ is a unique secure transfer client that moves files on a scheduled, automated, firewall-friendly basis between Microsoft Windows 8, 7 and XP desktops and MOVEit File Transfer (DMZ) secure transfer server, with minimal user involvement.

One of the things that make MOVEit EZ unique is its use of the HTTPS (HTTP over SSL) protocol. This enables MOVEit EZ to communicate through a single firewall port (443). This is the same port that Web browsers use for secure connections, so it is almost always open. In comparison, clients that use the FTP over SSL protocol require use of a large number of firewall ports, none of which are typically open. Getting and keeping them open can be an ongoing operational challenge, especially when the firewalls belong to business partners and customers.

MOVEit EZ is easy-to-install, easy-to-use, and easy-to-support.

• Easy-to-Install MOVEit EZ is a relatively small program. It downloads quickly even over a dial-up connection. Unlike command-line secure file transfer clients that can be made to do scheduled, automated transfers, MOVEit EZ does not use scripts or batch files. MOVEit EZ has a set of default parameters that fit most end-user situations. This often enables end-users to simply click “OK” to quickly start files transferring on a scheduled, automated basis. For even less end-user involvement, certain communication parameters can be pre-configured before MOVEit EZ is made available to end-users.
• Easy-to-Use Transfers take place on a scheduled basis (example: every five minutes). End-users can also transfer files 'on demand' by clicking on the “Run Task Now” option. End-users “Copy,” “Send To” or “Save” files to a designated upload folder on their PC and MOVEit EZ then automatically moves them to a corresponding folder on a specific MOVEit File Transfer (DMZ) server. If files are waiting for the end-user in a designated download folder on that server, then MOVEit EZ will also automatically transfer them to a corresponding folder on their PC, and then automatically alert the end-user.
• Easy-to-Support From MOVEit EZ’s use of firewall-friendly HTTPS, to its default and pre-configured communication parameters and its scheduled and automated transfer capabilities, to the fact that it runs as a service and does not use scripts or batch files, MOVEit EZ saves valuable end-user and IT staff time compared to secure FTP clients.

While MOVEit EZ is easy for end-users and support staff, it is at heart a very secure file transfer client that features all of the following capabilities.

• Encryption MOVEit EZ uses industry-standard 128-bit key SSL transport encryption. There is no end-user involvement in the encryption/decryption process. There is no need to use PGP/OpenPGP or other third-party encryption programs (though MOVEit EZ will transfer such files without any problems). Files sent by MOVEit EZ will automatically be stored by the receiving MOVEit File Transfer (DMZ) server using its built-in US and Canadian government FIPS 140-2 certified 256-bit key AES encryption (again, with no end-user involvement).
• Logging MOVEit EZ automatically creates and maintains two log files: a daily, end-user oriented log that records all transfers, successful and not; and a support staff oriented technical “debug” log that records each step of each transfer.
• Non-Repudiation MOVEit EZ automatically does a SHA1 file integrity check of each file it sends and receives. The results are then logged and sent to the MOVEit File Transfer server, which checks them against its own integrity check for that file, and logs the results. This integrity data, combined with authentication information maintained by MOVEit File Transfer, provide complete file non-repudiation (i.e., the ability to prove who sent and who received a file, and that the file received is exactly the same as the file sent).
• Guaranteed Delivery MOVEit EZ will automatically retry file transfers that fail to start, and will automatically resume interrupted file transfers. These capabilities, together with its support for Non-Repudiation, enable MOVEit EZ to support Guaranteed Delivery of the files it uploads to and downloads from a MOVEit File Transfer server.

MOVEit Freely - Safely Exchange Files using SSL Encryption

MOVEit Freely is a free command line FTP/secure FTP SSL (FTPS) client for Windows 8, 7 and XP systems. MOVEit Freely can safely exchange files with secure FTP servers that support 128-bit key SSL (Secure Socket Layer) encrypted transfers, the highest level of protection currently available for Internet communications. MOVEit Freely was one of the first clients to support all three FTP over SSL modes (TLS-P, TLS-C, and IMPLICIT).

MOVEit Freely also includes support for firewall-friendly Passive FTP as well as encrypted FTP transfers to and from networks using NAT (networks address translation). MOVEit Freely can also transfer files to non-secure servers.

With MOVEit Freely you can quickly convert each existing batch-driven, non-secure file transfer into a secure file transfer - with just a few simple changes to your script. And Freely provides the following capabilities when exchanging files via the secure FTP over SSL interface of a MOVEit File Transfer (DMZ) secure data transfer and storage server:

• 50% faster file transfers (on average) resulting from its built-in, automatic GZIP data compression.
• Complete Non-Repudiation via MOVEit's file integrity checking and MOVEit File Transfer's authentication capabilities, so you can prove who sent a file, who received it, and that it was not changed or corrupted between when the file was sent and received.
• Client Certificate Support for strong authentication.

Freely installation packages are available in two formats.

• Traditional (*.exe) installs the software on your local hard drive and adds MOVEit Freely to your PATH.
• Portable (*.zip) allows you to install the software on your favorite USB drive or other portable device.

MOVEit Freely is provided without charge in hopes of encouraging interest in our commercial MOVEit products.

Purchase Options:

MOVEit Mobile: Productivity and Protection for Your Organization

Give your IT department complete visibility over the file transfer process, while giving your employees the ability to conduct business from anywhere, on any device.

Organizations of all sizes now leverage MOVEit Mobile to:

• Gain Greater Visibility and Control: With MOVEit Mobile, a central administrator can oversee virtually all aspects of the file transfer process, even those that involve mobile devices. Manage automated tasks and processes, control user access and get complete audit reports on all file transfer activity.
• Increase Productivity: Enable users to participate in critical business processes on-the-go. With MOVEit Mobile, employees can access and transfer files, send and receive packages, conduct person-to-person transfers and participate in automated workflows.
• Conduct Business on Any Device: MOVEit Mobile works with any iOS or Android device (smartphone and tablet) and is integrated with several popular native applications – giving your workforce the ability to conduct file-transfer business from anywhere.

         

MOVEit API Interface Option for MOVEit File Transfer (DMZ) and MOVEit Cloud

The MOVEit API interface offers third-party programs (including Web applications) programmatic access to a wide variety of MOVEit File Transfer (DMZ) and MOVEit Cloud services and administrative capabilities – giving you the ability to:

• Create, transfer and delete files, messages and Web form postings
• Create, manage and delete users, folders and permissions
• Securely store files, messages and Web form postings
• Run pre-defined reports and create and run custom reports
• Utilize the built-in MOVEit user database
• Retrieve detailed status and report data about the above

Third-party control of MOVEit services and administrative functions requires use of a locally installed copy of the MOVEit File Transfer (DMZ) API Java class or the MOVEit File Transfer API Windows COM component. The API Java class is typically used by Java programs and requires Sun Java v.1.4.2 or higher (v.1.5 preferred). The class comes with a precompiled, standard FTP-like command-line client interface for use by mainframe JCL, Unix/ Linux shell scripts, and local operating system schedulers like Cron.

The API COM component can be used by ASP.NET, ASP, Access, C++, .NET, SQL Server DTS, Office, C#, VB, VBScript and others on Windows Vista Business Edition/XP/2000/2003/2008. The API COM component comes with a precompiled, standard FTP-like command-line client interface that can be used by FTP/FTPS scripts and batch files, as well as by the Windows’ Event Scheduler.

Access to MOVEit File Transfer (DMZ) or MOVEit Cloud via its API interface requires prior authorization and authentication with a valid username and one or more factors (a password, HTTPS client certificate and/or IP address). All communications between the API interface and its API clients are protected by the 256-bit SSL encrypted, firewall-friendly HTTPS protocol, which uses only a single firewall port (443).

All file transfers between the API interface and its API clients receive automatic SHA1 integrity checks and automatic transfer retry and resume for file Non-Repudiation and Guaranteed Delivery.

The MOVEit API also enables management of SSH keys and SSL certificates. Programmers can use the COM or Java API for programmatic SSH key and SSL certificate management. SSH keys and SSL certificates can be automatically imported, added, removed, and listed to user accounts.

The MOVEit API interface is a separately priced and licensed option that permits unlimited use of the interface and the MOVEit API Java class, the COM component and their commandline interfaces. The API interface is activated by a special license key provided by Progress.

The API interface is available as an option for MOVEit File Transfer (DMZ) and built into the Cloud deployment with MOVEit Cloud - File Transfer.

MOVEit File Transfer (DMZ) High Availability and Scalability

A growing number of organizations are requiring that all mission-critical enterprise-level solutions be deployed on multiple, tiered systems in order to help guarantee continuous 24/7 availability. This document provides an overview of MOVEit File Transfer (DMZ), how its high-availability capabilities work, and what resources are required to implement them.

Tiered Architecture & Web Farm Support

MOVEit File Transfer has a flexible architecture designed for high availability systems. It can be deployed on two or more systems and in various configurations depending on your business, technology, and security requirements. Below is a table identifying various configurations supported by MOVEit File Transfer and the business requirement that might determine each configuration.

Configuration	Business Requirement	MOVEit File Transfer	Details
Tiered Architecture Deployment	Security and IT Policy	1 Active	Can deploy MOVEit File Transfer, le system, and database on three different servers as part of a segmented network
Web Farm	Performance and Scalability	2 or more Active	Use load balancer or application nodes to distribute load across multiple MOVEit instances

Tiered Architecture

Tiered architecture enables the deployment of MOVEit File Transfer in a distributed configuration, with the application, database, and file system running on different machines. This configuration is flexible and can expand to provide increased file transfer performance and availability.

A deployment with a single application node (one MOVEit File Transfer application) provides increased security by segmenting the database and file system components on different servers. Files and permissions/configuration data are moved off the public DMZ. A multi-tier deployment can also leverage infrastructure by integrating MOVEit File Transfer with existing database servers and SAN/NAS storage servers.

Web Farms

A deployment with multiple MOVEit File Transfer (DMZ)  nodes (a Web Farm) increases performance and availability by distributing the file transfer load. The Web Farm deployment is described in the following sections.

Configuring a Web Farm requires planning and preparation for installation. Progress File Transfer offers the necessary training and provides the option of sending a senior MOVEit technical support person onsite to do  this work.

While you can have a single node multi-tier configuration, a Web Farm configuration requires a minimum of two identical MOVEit File Transfer production licenses, each with the same number of organizations and options (including API Interface and Ad Hoc packages).

Acquisition of two or more MOVEit File Transfer licenses permits the licensee to use the required “MOVEit File Transfer Web Farm” application without charge. A MOVEit File Transfer Web Farm can be implemented  using any combination of physical or virtual systems (Microsoft Hyper-V and VMware ESX are both supported for this purpose).

Web Farm Data Storage

The MOVEit File Transfer (DMZ) Web Farm software allows multiple application nodes (MOVEit File Transfer DMZ applications) to use shared data storage locations, possibly located on a LAN segment separate from your File Transfer zone. User, file and folder metadata, and the audit log are stored in MOVEit File Transfer (DMZ)’s SQL server database, which can be on one host. Encrypted files and debug files are stored in the FileSystem, which can be on another system. Heavily accessed global settings are stored in the registry on the DMZ nodes and replicated across nodes through the database.

High Availability and Performance

The distributed deployment of MOVEit File Transfer components provides a means to scale availability and increase performance by adding application nodes to the Web Farm. High availability can be gained by eliminating single points of failure through clustering multiple database nodes and multiple filesystem nodes. The MOVEit File Transfer Web Farm operates as a single MOVEit File Transfer (DMZ) system that handles all client requests, and coordinates data across the nodes.

Load Balancer (LB) Requirements

High Availability utilizes a separate third-party LB hardware device. When deploying a separate LB hardware device, the following criteria should be considered: If FTP and SFTP are required, then the LB must be able to direct each connection’s traffic to the same MOVEit File Transfer (DMZ) node for the entire communication. This is sometimes called “sticky” connections. Additional criteria to consider when selecting an LB is its ability to handle certain types of traffic from the MOVEit nodes, including SMTP notifications, LDAP and RADIUS queries, as well as packets from any third-party monitoring tools that are being used.

Network Address Storage (NAS) Requirements

High Availability requires use of a third-party NAS device to store the files uploaded to it. The NAS is used to store the files that are uploaded to each of the MOVEit File Transfer (DMZ) nodes. (Before being stored, each file is protected by MOVEit File Transfer (DMZ) using its built-in FIPS 140-2 validated 256-bit AES encryption, with each file having its own key, which is itself encrypted. If an existing internal NAS will be used as part of the MOVEit File Transfer (DMZ) setup, then it will be necessary to determine the minimum number of firewall rules required to let the MOVEit File Transfer (DMZ) nodes communicate with the internal NAS from inside the firewall’s DMZ segment.

Storage Area Network (SAN) Option

High Availability can support using a SAN to store the MOVEit File Transfer (DMZ) AES-encrypted files. Doing so does not involve paying a separate MOVEit license or maintenance fee. Using a SAN requires using an intermediate machine configured to act as a NAS interface. For example, if a configuration calls for two MOVEit File Transfer (DMZ) nodes, and a fiber SAN attachment is available, then a third box should be set up to connect to the SAN (via fibre) and to share the SAN drive with MOVEit File Transfer (DMZ) Primary and Secondary nodes. This enables the SAN to be used as if it were a NAS device.

Database Options

Microsoft SQL Server. See MOVEit File Transfer (DMZ) supported databases for supported versions and editions of Microsoft SQL Server. Microsoft SQL Server Cluster is recommended for High Availability configurations.

System Requirements:

• Supported Operating Systems for MOVEit File Transfer (DMZ) and Modules: Windows Server 2012 R1 and R2, Windows Server 2008 R2 (64-bit English); Windows Server 2008 (32-bit and 64-bit English and 32-bit German)
• Supported Operating Systems for API and Wizard (end user computers): Windows 8, Windows 7 (32-bit and 64-bit English); Windows Vista (32-bit and 64-bit English); Windows Server 2012, Windows Server 2008R2, Windows Server 2008 (32-bit and 64-bit English); Ubuntu 11.0.4; MacOS 10.7 and 10.8; Java 7
• Supported Virtualization Environments: Support for virtual servers running on VMware ESX (32-bit and 64-bit guest servers) and Microsoft Hyper-V (32-bit and 64-bit guest servers)
• Supported Browsers (end user computers): Internet Explorer 9, 10 and 11 (Windows only); Mozilla Firefox (Windows, Mac and RedHat Linux); Chrome (Windows only); Safari (Mac only)
• Supported Devices for MOVEit Mobile:
  • Apple - Phones: iPhone 5S, iPhone 5, iPhone 4S, iPhone 4G – iOS 6+, iPod Touch
  • Apple - Tablets: iPad 3/4, iPad 2, iPad Mini
  • Android - Phones: Galaxy III/IV, Note II, Nexus 4, HTC One X+, HTC Droid DNA, Motorola Droid Razr Maxx HD, Motrola Moto X
  • Android - Tablets: Galaxy Tab 2/3 7”, Galaxy Tab 2/3 10”, Nexus 5, Google Nexus 7”, Google Nexus 10”, Samsung Galaxy Note 8
    • Operating Systems:
      • iOS 6+, iOS 7+, iOS 8+
      • Android 4.0+, 4.1+, 4.2+, 4.3+, 4.4+
• Support for Ad Hoc Transfer module Outlook plug-in (end user computers)
  • Outlook: Outlook 2013 (English, German, French and Spanish), Outlook 2010 (32-bit and 64-bit English, German, French and Spanish) and Outlook 2007 (32-bit English, German, French and Spanish)
  • Mail or Exchange Server: Outlook plug-in is compatible with a variety of mail servers, such as Exchange Server 2013, Exchange Server 2010 (32-bit and 64-bit English and German), Exchange Server 2007 (32-bit English and German) or Progress IMail 11 (using SMTP). When Outlook & Exchange used together, Cached Exchange Mode will be supported but is not required
  • Operating System: Microsoft Windows 8, Windows 7 (32-bit and 64-bit English and German) and Windows Vista (32-bit English, German, French and Spanish)
• Microsoft Runtime Environment and Libraries: Microsoft ASP.NET (via IIS) and .NET 3.0 for MOVEit File Transfer (DMZ). Sun Java J2SE 6.0 and 7.0 for MOVEit Wizard for Java
• Supported Database: MySQL 5.5, Microsoft SQL Server 2012, Microsoft SQL Server 2008 R2, Microsoft SQL Server 2008
• Hardware: 2GB RAM, 40GB HD, dual-core or faster processor. Production systems will benefit from additional resources, including faster, additional and multicore processors (single or dual quad-core processors are common), more RAM (4GB is common), hard drive capacity and speed (1TB SAS is common) and SSL accelerator hardware

Documentation:

Download the Progress MOVEit File Transfer (DMZ) Datasheet (PDF)

Download the How to Make Sense of Your File Transfer Needs: A 10-Step Self-Assessment Guide (PDF).

Download the The Definitive Guide to Managed File Transfer (PDF).

Download the Evolution from FTP to Secure File Transfer White Paper (PDF).

Download the Security Throughout the File Transfer Life-Cycle Technical Brief (PDF).