Once you have found the ideal file transfer or data security product for your enterprise, you want to give it the ideal conditions in which to work. Effective integration with your existing systems, your architecture and your business policies helps to guarantee long-term success.
To date, we have delivered more than 400 enterprise file transfer and data security installations worldwide. No two installations are identical – but every installation has been a success.
Through our relationships with leading vendors, we have insight into the leading file transfer and data security solutions, as well as access to additional support and advice direct from the manufacturers.
Read on to find out more about the prerequisites to a successful installation, or contact us now for more help.
At the point of implementation, there will be a variable amount of prerequisites to consider. We’ve put together this helpful checklist to give you an idea of the most common prerequisites.
Of course, we can help you answer these questions as part of our File Transfer and Data Security Installation services.
Some managed file transfer (MFT) solutions reside in the DMZ of your network, while others stream files across the DMZ with a reverse proxy. Some solutions split the automation engine from your secure file transfer server, while others use a single application.
In short, file transfer solutions vary – many offer multiple options for configuration.
You will need to decide:
How many machines are required to host the complete solution?
Where will these machines live in relation to the DMZ and your internal network?
With this information in place, you’ll need to consider your availability requirements. You may need a High Availability option with automatic failure, or to cover all single points of failure in your design.
The route to High Availability is usually hosting the database that powers your MFT solution individually, equipped for failover. But how will you replicate your data?
When it comes to availability, you will need to decide:
For secure file transfer server failover, are you deploying a shared or replicated database?
For gateway server failover, are you using a load balancer or cluster configuration?
For automation engine failover, will you use a shared or replicated database?
Generally, a data security solution requires fewer changes on an architectural level. As part of our data classification, data loss prevention (DLP) and website security portfolio, we will consider your architecture as necessary.
For file transfer, the hardware that you require in terms of storage, CPU and RAM will vary depending on the solution that you select. However, many of the most important decisions when it comes to hardware will depend on your enterprise.
In terms of overall requirements, it is a good idea to deploy hardware that exceeds minimum hardware requirements. This leaves you with room to scale your file transfer solution over time.
Disk space is determined by how you will use your file transfer solution. Installations tend to be lightweight, but if you plan to use your file transfer solution for storage (as opposed to transit), you will need a larger hard disk. Generally, multiplying your monthly file transfer volume by three is enough for a data-in-transit MFT server.
Gateway servers do not store data, so you will easily meet requirements with a 10GB hard drive.
Although Automation Engines do not store data, they need to cache large amounts. 10GB is enough for installation, but caching may require up to double your peak transfer volume.
Database requirements vary by vendor. One approach is to implement the database storage recommended by your vendor, plus 5-10MB per 1,000 file transfers.
We can advise you on the ideal amount of storage for each element of your file transfer solution and also help to implement a regime of monitoring and pruning to keep overall storage low.
The hardware requirements of data classification, data loss prevention (DLP) and website security products are determined by the solution that you choose. However, most installations have small hardware footprints and, with the availability of hosted and cloud-based solutions, robust data security is available to all.
An important step in establishing a successful file transfer solution is preparing your firewall to permit network access. This is best done in advance of installation, allowing you to begin transferring files without waiting for network changes to propagate.
Here are some general guidelines for network firewall configuration:
Internet Firewall – Open ports for the various Secure File Transfer Protocols that you will be using. These are: HTTPS (443), FTPS (21, 990 and a Passive Port Range), SFTP (22). Of course, you can change these ports for security.
DMZ to Internal Network – No ports should be opened. If your MFT solution requires this, change your MFT software.
Internal Network to DMZ – Two-Tier solutions will require an outbound connection from your Secure File Transfer Server to your Gateway. The ports vary by vendor.
Automation – Automation engines require outbound connectivity to the Internet across HTTPS, FTPS, SFTP and – where the secure file transfer server resides in the DMZ – you will need connectivity from the internal network to the DMZ.
Inside your network, your chosen file transfer solution may also need to see various other hosts, depending on the services that you will be using. These may include:
Access on port 25 to SMTP for notifications
Access on port 1433 to your database (if it is remote)
Access on port 389 to LDAP (if you are using LDAP authentication)
Access on port 514 to your SYSLOG server
LAN access and a service account with sufficient privilege if you plan to store files away from the installation
The network configuration for a data security solution will depend on the nature of the solution that you choose. Many solutions do not require any connectivity.
.
Following the above steps ensures that your infrastructure is ready for a successful file transfer installation.
On the day of installation, you will need:
Access to the file transfer installation software
A valid serial number or license file from your vendor
Sufficient account privileges on the host system to install software
If your solution requires online activation, access to the Internet
You may also want to consider:
A testing check list
Customisation (logos, style sheets for web pages, wording for notifications)
If you are using workflow automation, a list of file transfer processes that you plan to automate
Projects don’t always run to schedule, but preparation is the secret to success.
.
We offer a full range of data classification, data loss prevention (DLP) and website security software installation services. We also offer exhaustive testing as standard to ensure that your installation is successful.
.