openFT V11.0 for Windows Systems
Contents
1. You must observe correct notation uppercase and lowercase and remember that blanks and X 00 must be specified correctly for selectors 388 openFT Windows Administration Appendix Remote TS application for openFT FTAM 9 2 4 1 Sample entries for FTAM partners Values in italics may be changed e FTAM partner address entry for openFT as of V11 0 for Windows systems for transfer via TCP IP RFC1006 Global Name ftamwin P selektor EMPTY FORMAT S selektor EMPTY FORMAT T selektor TRANSDATA FTAM Port number 4800 Proxy lt none gt System name transport system dependent e FTAM partner address entry for openFT lt V11 0 for Windows systems for transfer via TCP IP RFC1006 Global Name ftamwina P selektor EMPTY FORMAT S selektor EMPTY FORMAT T selektor ASCII SNI FTAM Port number 4800 Proxy lt none gt System name transport system dependent e FTAM partner address entry for openFT for Unix systems for transfer via TCP IP RFC1006 if CMX or PCMX as of V4 0 is used on the Unix system Global Name ftamunix P selektor EMPTY FORMAT S selektor EMPTY FORMAT T selektor TRANSDATA F TAM Port number 4800 Proxy lt none gt System name transport system dependent Or 102 if CMX as of V5 0 is used in the partner system e Partner address entry for openFT FTAM for BS2000 for transfer via TCP IP RFC1006 Global Name ftambs2 P selektor EMPTY FORMAT S2. 5 2 2 Configuring ADM traps in the openFT instance 5 2 3 vVewng ADM Tabs r saan biber ee ee Ee eR eS 5 3 Example of an XML configuration fille 6 openFT commands for the administrator 6 1 Overview of the commands 0 885 6 2 Notational conventions 0 022 0852 ae 6 3 Outputin CSV format 2 846 kee we ee ee 6 4 ftaddptn Enter a partner in the partner list 6 5 ftadm Execute remote administration command 6 5 1 Remote administration commands 6 6 ftcanr Cancel asynchronous requests openFT Windows Administration Contents 6 7 6 8 6 9 6 10 6 11 6 12 6 13 6 14 6 15 6 16 6 17 6 18 6 19 6 20 6 21 6 22 6 23 6 24 6 25 6 26 6 27 6 28 6 29 6 28 6 29 6 29 6 30 6 31 h kh eae ftcrei Create or activate an instance 164 ftcrek Create key pair set 220005 166 ftcrep Create an FT profile 2 05 167 ftdeli Deactivate an instance 2 2 183 ftdelk Delete key pair set 0220205 184 ftdell Delete log record 62222 eee 185 ftdelp Delete FT profiles 020005 187 ftexpc Export the configuration of the remote administration server 2 2 eee eee es 189 ftexpe Export FT profiles and admission sets 190 fthelp Display information on the log record reason codes 192 ftimpce Import the configura
3. SNA network Data communication system that implements the Systems Network Archi tecture SNA of IBM openFT Windows Administration 435 Glossary SNMP Simple Network Management Protocol Protocol for TCP IP networks defined by the Internet Engineering Task Force IETF for the transfer of management information special characters gt see shell metacharacters standard admission set This standard admission set applies by default to all users for whom there is no dedicated admission set These default settings may be restricted further by the user for his or her own admission set standard error output stderr By default standard error output is to the screen standard input stdin By default standard input is from the keyboard standard output stdout By default standard output is to the screen storage group File attribute in the virtual filestore encompasses the storage attributes of a file string Character string string significance Describes the format of strings in files to be transferred using FTAM protocols synchronous request The user that submitted the FT request waits for transfer to terminate The user cannot continue working see also asynchronous request system gt see FT system 436 openFT Windows Administration Glossary system local gt see local system system remote gt See remote system TCP IP Transmission Control Proto
4. T Run this resource in a separate Resource Monitor Resource type Generic Service Group Disk Group 3 State Online Node P870_DDM Cancel Apply Configure openFT in a cluster Generic Service General Service open ft Properties 21 x General Dependencies Advanced Parameters Registry Replication a Service open ft Specify which resources the Cluster Service must bring online before this resource can be brought online Resource dependencies iC ee Physical Disk to IP Adresse openFT IP Address to Netwerkname openFT Network Name Modify Froperties Cancel Apply Configure openFT in a cluster Generic Service Dependencies 402 openFT Windows Administration Appendix openFT in a Windows cluster Service open ft Properties 21 x General Dependencies Advanced Parameters Registry Replication Service open ft C Donot restart IV Affect the group Threshold g Period 1900 seconds r Looks Alive poll interval m Is Alive poll interval C Use value from resource type C Use value from resource type Specify value Specify value 5000 milliseconds 60000 milliseconds Pending timeout 180 seconds Cancel cooly Configure openFT in a cluster Generic Service Advanced Service open ft Properties 21 x General Dependencies Advanced Parameters Resistyy Replication Service open ft Servi
5. 13 Changes since the last version 2 55 14 Notational conventions 020 0200 ee 18 README files cece cee eee eee eee Re 18 Current information on the Internet 18 License provisions 2 2 262 e eee es 19 Tasks of the administrator 52 8000 as 23 Setting the operating parameters 26 Administering code tables 008 28 Starting and stopping openFT 2 2e 45 32 Setting operating modes 2280058 33 Running the service under system rights 33 Running the service under userrights 34 File access rights for newly created files 36 Switching the language interface 37 Administering requests 025200 08s 38 Administering partners 0252 0008s 39 Specifying partner addresses 2 40 FTAC security levels for partner entries 44 Monitoring with openFT 2 0 0002s eee 45 Conigunng FANS ee ak a aa a eek kw ee a E a 45 Displaying monitoring data s s rs serra raia ite ta 46 openFT Windows Administration Contents 2 10 2 10 1 2 10 2 2 10 3 2 10 4 2 10 5 2 11 2 12 2 12 1 2 12 2 2 12 3 2 13 2 14 2 15 N i i i i i b d d NOJAA ON 4 1 4 2 4 3 4 3 1 4 3 2 4 3 3 4 3 4 4 3 5 Authentication 0 000002 ee ena 49 Instance Identifications 0 0 0 00 000084 49 Creating and administ
6. ftshw ftshwa ftshwatp ftshwc ftshwe ftshwl fshwm ftshwo ftshwp ftshwptn ftshwr Output in CSV format is also possible for the openFT Script commands ftshwact and ftshws see openFT Script Interface manual Many programs such as spreadsheets databases etc can import data in CSV format This means that you can use the processing and presentation features of such programs on the data output by the above commands The output fields are described in the appendix starting on page 357 Every record is output as a line and each record contains information on an object If data is present the first line always contains the header with the field names of each of the columns Only the field names are guaranteed not the order of fields in a record In other words the order of fields is determined by the order of the field names in the header line Fields within an output line are separated by semicolons The following data types are differentiated in the output Number String Since the semicolon character has a special meaning in the CSV output as a field separator a text containing a is enclosed within double quotes This also applies to the other special characters such as 146 openFT Windows Administration openFT commands Output in CSV format the newline character Keywords are never enclosed within double quotes and always begin with the character ast
7. 422 openFT Windows Administration Glossary follow up processing FT function that initiates execution of user specified commands or state ments in the local and or the remote system after an FT request has been completed The user may define different follow up processing depending on the success or failure of FT request processing See also preprocessing and postprocessing follow up processing request Statements contained within an FT request for follow up processing to be performed after file transfer FT administrator Person who administers the openFT product installed on a computer FT request Request to an FT system to transfer a file from a sending system to a receive system and optionally start follow up processing requests FT system System for transferring files that consists of a computer and the software required for file transfer FT trace Diagnostic function that logs FT operation FTAC File Transfer Access Control Extended access control for file transfer and file management In the case of BS2000 and z OS this is implemented by means of the product openFT AC for other operating systems it is a component of the openFT product e g in openFT for Unix systems or openFT for Windows systems FTAC administrator Administrator of the FTAC functions should be identical to the person responsible for data security in the system FTAC logging function Function which FTAC uses to log each acces
8. Check the settings for the operating parameters Identification and Processor on the local system the message Remote system xy unknown is output This may be because you must change the partner list entry the TNS entry or the entry in the hosts file for the partner system a TNS entry is being used even though the use of TNS has been deactivated dynamic partners have been deactivated and the partner is not entered in the partner list the BS2000 system cannot be accessed If your local system in BS2000 is unknown enter the command add ft partner in BS2000 If you receive the message Remote system not available check whether one of the following reasons is the cause Resource bottleneck in the remote system Remote FT system is not started BCIN is missing no network connection for a TCP IP connection check the connection with the command ping for example Name server entry is missing or is incorrect the name of the partner is missing in the log records Enter the partner in the partner list in the TNS in the DNS or hosts file 342 openFT Windows Administration What if the logging function cannot be called i e the logging file is no longer readable or is inconsistent Possible reasons are 1 System crash while the logging file syslog is opened 2 File system full while accessing the logging file The only remedy here is to termina
9. You can also view saved admission sets and admission profiles via the openFT Explorer by dragging the export file into the Exported Admissions directory and then dropping it there Importing saved admission sets and FT profiles You can re import saved admission sets and FT profiles with the ftimpe command Here you must make a distinction between sets profiles and login names i e you must not accept the entire backup contents Please note that the values which refer to the standard admission set are always assigned the values of the currently valid admission set If you have FT administrator rights as the FTAC administrator the admission profiles that you import will be immediately available with the status that was set on exporting the profile If you do not have FT administrator rights imported profiles will initially remain locked for all user IDs You can also import admission sets and admission profiles via the openFT Explorer using the Import FTAC Environment command in the Administration menu You will find a detailed description of each of the functions in the online help 60 openFT Windows Administration Tasks of the administrator Using openFT in a cluster 2 13 Using openFT in a cluster With openFT you can run several openFT instances at the same time ona single host These instances allow you to switch to a different computer already running openFT so that you can continue to use the openFT functionality wh
10. openFT Windows Administration 151 ftaddptn openFT commands am n am y You can use this option to force partner authentication n default value tr n tr f Authentication is not forced i e this partner is not restricted with regard to authentication Authentication is forced i e requests are only processed if the local system is successfully able to authenticate the partner see page 49 tr You can use this option to modify the operating parameter settings for the partner selection for the openFT trace function on a partner specific basis n on f off The trace function is active for this partner However a trace is only written if the openFT trace function has been activated via the operating parameters In this case this setting for ftaddptn takes priority over the partner selection for the trace function in the operating parameters See page 204ff ftmodo tr option The trace function is deactivated for this partner neither n nor f specified default value tr without parameters means that the global setting for partner selection in the openFT trace function applies see ftmodo command on page 204 152 openFT Windows Administration openFT commands ftadm 6 5 ftadm Execute remote administration command The ftadm command allows you to act as a remote administrator and administer an openFT instance via a remote administration server The remote admin
11. openFT Windows Administration 235 ftmodp openFT commands command2 not specified lsp cancels the entry in the FT profile for a follow up processing prefix after successful file transfer lsp not specified leaves the prefix entries in the FT profiles for follow up processing in the event that file transfer is successful unchanged Iss command3 lss defines a suffix for follow up processing in the local system in the event that file transfer is successful FTAC then appends the character string command3 to the follow up processing specified in the FT request and attempts to execute the resulting command For example if this option is specified as ss _file name and the request specifies print as follow up processing FTAC executes print file name as follow up processing Prefix suffix and follow up processing commands must together not be longer than 1000 characters Please also bear in mind the information provided on the s option If a suffix was defined with ss the character set available for specifying follow up processing in the FT request is restricted to alphanumeric characters letters and digits the special characters _ a period between alphanumeric characters command3 not specified lss cancels the entry in the FT profile for a follow up processing suffix after successful file transfer lss not specified leaves the suffix entry in the FT profile for f
12. read directory The FT profile can be used for the file transfer functions Display directories and Display file attributes administration The admission profile is allowed to be used for the remote administration function This means that it authorizes a remote administration server to access the local openFT instance To do this the associated transfer admission must be configured in the remote administration server ff a may only be specified by the FT administrator or FTAC administrator logging The admission profile is allowed to be used for the ADM traps function This allows another openFT instance to send its ADM traps to the remote administration server via this profile This specification only makes sense if the local openFT instance is flagged as a remote administration server ftmodo admcs y command ff l may only be specified by the FT administrator 174 openFT Windows Administration openFT commands ftcrep c client access The admission profile is allowed to be used for the access to remote administration server function ADM profile This allows a remote administrator on a remote computer to use this profile to access the local remote administration server and issue remote administration requests The local openFT instance must be flagged as a remote administration server ftmodo admcs y command The value c must not be combined with any other value ff c may only be specified
13. u must not be specified with a standard admission profile u not specified The previous setting remains unchainched priv n priv y is used by the FTAC administrator to grant privileged status to FT profiles n default value The FT profile is not privileged initially y The FT profile is privileged iml y iml n iml ignore max level is used to specify whether the FT profile is to be restricted by the values in the admission set You can override your own the entries the MAX USER LEVELS for requests using this FT profile If the FT profile is also privileged by the FTAC administrator the values of the FTAC administrator the MAX ADM LEVELS can also be ignored This FT profile would then allow inbound basic functions which are disabled in the admission set to be used Possible values are y allows the values in the admission set to be ignored n default value restricts the functionality of the profile to the values in the admission set openFT Windows Administration 171 ftcrep openFT commands iis y iis n iis ignore inbound send allows the value for the basic function inbound send in the admission set to be ignored for details see imi y allows the basic function inbound send to be used even if it is disabled in the admission set At the same time the component display file attributes of the basic function inbound file management can also be used Specifying this option i
14. 0 0 0 0 0 0 00 000 90 Control of diagnostics s se ape eee ee Re ee 91 Public key for encrypt lt sax ss a a ek a 92 openFT Windows Administration Contents 5 Central administration 0 00822 e ee 5 1 Remote administration 028008s 5 1 1 The remote administration concept 5 1 2 Configuring the remote administration server 5 1 2 1 Defining the ADM administrator 5 1 2 2 Declaring an openFT instance as a remote administration ee 6 Bandage OS 4 ee ee EEEE E E Slas Setting up admission profiles for accessing the remote administration S6IVEF o s ss ke i 5 1 2 4 Entering the openFT instances to be administered in the PANET ISE ocr oe ee A a e a e E d 5 125 Creating a configuration file 5 1 2 6 Importing the configuration 5 1 2 7 Exporting and modifying aconfiguration 5 1 3 Configuring an openFT instance to be administered 5 1 3 1 Configuring an admission profile for an openFT instance SOVI 2 re edn ood e aS e EEA 5 1 3 2 Configuring an admission profile for an openFT instance SFIO aaka mauna ne aT ERa E ROS 5 1 4 Issuing remote administration requests 5 1 4 1 Remote administration using the command interface 5 1 4 2 Remote administration using the openFT Explorer a Logging remote administration 5 2 ADM WAPS 665k 66 SS SG eee SR Re ee SS 5 2 1 Configuring the ADM trap server
15. Administering code tables Tasks of the administrator Name of the CCS Meaning CP1253 for the Greek Windows character set defined by Microsoft CP1254 for the Turkish Windows character set defined by Microsoft CP1255 for the Hebrew Windows character set defined by Microsoft CP1256 for the Arabic Windows character set defined by Microsoft CP1257 for the Baltic Windows character set defined by Microsoft CP1258 for the Vietnamese Windows character set defined by Microsoft Creating a user defined CCS If you are an openFT administrator you can create your own CCS Coded Character Set To do this you must create a text file which is stored in the sysccs subfolder of the openFT instance The CCS name corresponds to the name of this file The text file must have the following structure e The first line starts with a The second character is an blank The remainder of the line contains a comment which characterizes the code contained e The second line contains an alphabetic character which can at present only have the value S S stands for single byte code i e a character is always 1 byte in length e The third line contains three numbers The first number is a 4 digit hexadecimal number This defines the substi tution character to be used if a Unicode character cannot be mapped to the code The second number is currently always 0 The third number is a decimal number which
16. Administration openFT commands fishwm 6 34 ftshwm Display monitoring values of openFT operation The ftshwm command allows you to output the current monitoring values from openFT operation In order to do this the FT administrator must have activated monitoring ftmodo mon n command and the asynchronous openFT server must be running Format ftshwm h ty raw po lt polling interval 1 600 gt pnr lt polling number 1 3600 gt csv lt name 1 12 gt lt name 100 1 12 gt I a Description h Displays the command syntax on the screen Entries after the h are ignored ty The types and scaling factors are to be output in place of the monitoring values and metadata The metadata type can be TIME timestamp or STRING text output of the chosen selection A monitoring value can have one of the following types INT BOOL or PERCENT integer on off value or percentage In the case of integer values the scaling factor may be specified in brackets INT lt scaling factor gt The scaling factor of a monitoring value is only significant for output in CSV format In this case it is the number by which the value shown must be divided in order to obtain the real value raw Must not be specified at the same time raw Monitoring values are to be output as unedited raw data This option is intended to be used in conjunction with external programs for further processing The op
17. If request IDs were specified and the other selection criteria specified are not satisfied by the requests the request is not cancelled and the following new error message is issued ftcanr Request requestID not found request ID is the identification of the last unsuitable request Examples 1 The asynchronous request with request identification 65546 should be deleted ftcanr 65546 2 All local requests to the partner ux which relate to the file file should be deleted ftcanr pn uxl fn filel ini 1 a openFT Windows Administration 163 ftcrei openFT commands 6 7 ftcrei Create or activate an instance The ftcrei command allows you to create a new instance or re activate a deacti vated instance If the specified instance file tree does not yet exist it is created When the instance file tree is created the operating parameters and shutdown files are initialized in the same way as for a new installation If the instance file tree already exists ftcrei checks the version If the instance file tree was created using an older version of openFT it must first be updated using the ftupdi command before it can be reactivated Important notes for when using multiple instances Use of several openFT instances is only possible using the TCP IP transport system If you would like to use several instances and are working with TNS ftmodo tns y you must delete all openFT specific TNS e
18. If the raw option is specified the duration values are not output Duxxx see footnote The default values are marked with x in the Std column These are output if ftshwm csv is specified without a and without names being specified explicitly For a detailed description of the monitoring values refer to the section Description of the monitoring values on page 297 Name Type Value Std CurrTime yyyy mm dd hh mm ss current time x MonOn yyyy mm dd hh mm ss start time of measurement date x recording or last change of configuration a modification of PartnerSel ReqSel has the same effect as a new start PartnerSel String ALL NONE OPENFT x FTAM FTP ReqSel String ALL ONLY SYNC x ONLY ASYNC ONLY LOCAL ONLY REMOTE Data String FORM RAW x ThNetbTtl Number Value x ThNetbSnd Number Value X ThNetbRcv Number Value xX ThNetbTxt Number Value ThNetbBin Number Value ThDiskTtl Number Value x ThDiskSnd Number Value ThDiskRev Number Value x ThDiskTxt Number Value ThDiskBin Number Value 364 openFT Windows Administration Appendix Structure of CSV Outputs Name Type Value Std ThRqto Number Value xX ThRaft Number Value ThRafm Number Value ThSuct Number Value x ThAbrt Number Value x Thintr Number Value x ThUsrf Num
19. Modifying file management requests and rejected FTAC access checks REJECTED Only rejected FTAC access checks ftmodo lc FT LOG Scope of FT logging ALL All requests FAIL Only errored FT requests NONE FT Logging deactivated ftmodo lt ADM LOG Scope of ADM logging ALL All requests FAIL Only errored ADM requests MODIFY only modifying ADM requests NONE ADM Logging deactivated ftmodo la openFT Windows Administration 307 fishwo openFT commands Field name Meaning and values Command option USE TNS Specifies whether the TNS is to be used fimodo tns YES or not NO OPENFT APPL Port number of the local openFT server ftmodo openft possibly extended by the transport selector STD means that the default value is used i e 1100 and FJAM in Transdata format EBCDIC 8 characters long padded with blanks Line 2 ACTIVE openFT protocol activated ftmodo acta DISABLED openFT protocol inbound deactivated INACT openFT protocol inbound not available FTAM APPL Port number of the local FTAM server possibly ftmodo ftam extended by the transport selector the session selector and the presentation selector STD means that the default value is used i e 4800 and FTAM in Transdata format EBCDIC 8 characters long padded with blanks Line 2 ACTIVE FTAM protocol activated ftmodo acta DISABLED FTAM protocol inbound deactivated INA
20. Output of general information and miscellaneous commands ftinfo Output information about the openFT system ftedit Load local or remote files in the openFT editor ftmsg Output message box on a graphical display gt Command is only described in the User Guide As the administrator you may execute the commands listed below with the additional options to perform the corresponding action system wide This means that You can use ftcanr to delete any desired file transfer requests You can use ficrep to create FT profiles for any login names You can use ftdelp to delete any FT profiles You can use ftmoda to modify and privilege any of the admission sets You can use ftmodp to modify any of the FT profiles You can use fimodr to change the order of all requests in the request queue independent of the login name You can use ftshwa to display any of the admission sets You can use ftshwi to display any of the log records You can use ftshwp to display any of the FT profiles You can use ftshwr to obtain information about all the requests for all user IDs 142 openFT Windows Administration openFT commands Notational Conventions 6 2 Notational conventions The command syntax essentially corresponds to the output that you get when you specify the command with h option The following conventions have been used for syntax diagrams lt gt angle brackets are used for parameters which you may replace with current v
21. SDF SNA SNMP SNPA SSL TCP IP TID TLS TNSX TPI TS WAN Request for Comments 1006 Sequential Access Method System Dialog Facility Systems Network Architecture Simple Network Management Protocol Subnetwork Point of Attachment Secure Socket Layer Transmission Control Protocol Internet Protocol Transport Identification Transport Layer Security Transport Name Service in Unix systems Transport Protocol Identifier Transport System Wide Area Network openFT Windows Administration 443 Abbreviations 444 openFT Windows Administration Related publications The manuals are available as online manuals see Attp manuals ts fujitsu com openFT for Unix Systems Installation and Administration System Administrator Guide openFT for Unix Systems Managed File Transfer in the Open World User Guide openFT for Windows Systems Managed File Transfer in the Open World User Guide openFT for Unix Systems and Windows Systems Program Interface Programming Manual openFT for Unix Systems and Windows Systems openFT Script Interface Programming Manual openFT for BS2000 OSD Managed File Transfer in the Open World User Guide openFT for BS2000 OSD Installation and Administration System Administrator Guide openFT for BS2000 OSD Program Interface Programming Manual openFT for z OS Managed File Transfer in the Open World User Guide openFT for z OS Installation and Adminis
22. The log file is deleted During this the following configuration data are used Operating parameters Instance identification partner list entries in case of update installation from V10 0 Admission sets and profiles Key pair sets The FTP server is activated if a port a number other than 0 was set for the FTP server previously li In the case of an update installation from openFT V10 0 under Win dows Vista Windows Server 2008 Windows 7 and Windows Server 2008 R2 the instance specific files are located in the directory ProgramData Fujitsu Siemens openF Twar instance This is the default path set up by openFT V10 0 If the update installation is performed without rebooting the system you are informed immediately of the result of instance updating If a system reboot is needed the instances are updated after the reboot If errors occur a instance log file with corresponding error messages is created for each instance in the openFT installation directory After each update installation with reboot you should check whether there are instance log files If so the instances must be updated manually using the ftupdi directory command The associated instance log file can be deleted after a manual update openFT Windows Administration 73 Installation of a patch Installation and configuration 3 1 3 Installation of a patch Installation of a patch means that openFT V11 0 is already installed
23. Using the XML template and XML schema The directory samples ftadm under the openFT installation directory contains the file config xml which contains a simple sample configuration that can be used as a template and adapted appropriately The schema on which the XML file is based is defined in the file config xsd which is located in the include directory of openFT after installation If you are using an XML editor you can use the file config xml as the basis for your work The instal lation path of the schema file config xsd is entered in this file This means that 104 openFT Windows Administration Central administration Remote administration the XML editor uses this schema in order to immediately verify your entries If config xsd has been copied elsewhere or renamed you must adjust the instal lation path of config xsd in config xml Defining the configuration The configuration file contains precisely one configuration for a remote admin istration server It is structured hierarchically i e the properties of a parent element are inherited by the child elements A configuration starts with the XML tag lt Configuration gt and comprises the following attributes e Mandatory attribute Version The value of the attribute Version is a string that specifies the version of the configuration data The maximum length of the string is 4 bytes In openFT V11 0 1100 must be specified for the version Optional attribu
24. a request to display the directories FROM Transfer direction to the local system This transfer direction is specified for a receive request a request to modify the file attributes a request to delete files PROFILE Name of profile used TRANS ID Request number TRANSFER Number of bytes transferred openFT Windows Administration 283 ftshwl output openFT commands SEC OPTS Security options used during transfer ENCR Encryption of the request description DICHK Data integrity check of the request description DENCR Encryption of the transferred file content DDICHK Data integrity check of the transferred file content LAUTH Authentication of the local system in the remote system RAUTH Authentication of the remote system in the local system RSA nnn Length of the RSA key used for the encryption AES 128 AES 256 DES The encryption algorithm used INITIATOR Request initiator If initiated in the local system login name If initiated in the remote system REMOTE USER ADM Login name to which the requests in the local system refer PARTNER Identifies the partner system in question The name in the partner list or the address of the partner system possibly truncated to 8 characters or the name under which the partner system is entered in the TNS is output In the case of requests issued from a remote computer it is also possible for strange to be output followed by a part of the address of the
25. ftmoda openFT commands 1 to 99 All basic functions are released only for partner systems whose security level is equal to or lower than the specified value 100 All basic functions are released for all partner systems For outbound file management functions no check is made ml not specified leaves the settings in the admission set unchanged if none of the following entries are made os s os 0 100 sets the value for the basic function outbound send see page 201 for possible values outbound send means that requests initiated in your local system send data to a remote system or s or 0 100 sets the value for the basic function outbound receive see page 201 for possible values outbound receive means that requests initiated in your local system fetch data from a remote system is s is 0 100 sets the value for the basic function inbound send see page 201 for possible values inbound send means that a remote partner system fetches data from your local system ir s ir 0 100 sets the value for the basic function inbound receive see page 201 for possible values inbound send means that a remote partner system sends data to your local system ip s ip 0 100 sets the value for the basic function inbound follow up processing prepro cessing postprocessing see page 201 for possible values This deter mines whether or not a remote system may request follow up pre or postprocessing on your local syst
26. lt AccessList gt Be lt AccessEntry AdministratorID Jack Al lowFunction FT FTAC gt lt AccessEntry AdministratorID Mike Al lowFunction FTOP gt lt AccessList gt lt Instance Name HHWSRV99 4 Description Mainframe system BS2000 0SD Address ftadm HHWSRV99 hhw mycompany net Admission hhwsrv99remote gt lt Group gt lt Group gt lt Configuration gt Explanation 1 User ID that has the specified administrator permissions on the remote administration server This allows remote administration to be performed directly on the remote administration server If no user ID is specified here remote administration is only possible using the FTAC transfer admission see 2 Name of the admission profile for accessing the remote administration server The profile must include the function ACCESS TO ADMINIS TRATION corresponds to ficrep ff c If remote administration is performed from a remote computer the remote administrator must specify the associated FTAC transfer admission Defines the admissions for the entire group An lt AccessEntry gt tag is specified for each authorized remote administrator This permission can be expanded or restricted in an instance see 5 openFT Windows Administration 137 Example of an XML configuration file Central administration 4 Defines an instance The complete address as in the example or the name from the partner list can be specifie
27. lt transfer admission 8 67 gt d atp a atp n atp fts rqs rqc raf pts ptu tpc a tpc n tpc sss fts rqs rqc rqf I pts ptu ccs lt CCS name 1 8 gt acta a acta openft ftam ftp adm ftp lt port number 1 65535 gt ftp s ftp openft lt port number 1 65535 gt lt T Sel 1 8 gt openft s ftam lt port number 1 65535 gt lt T Sel gt lt S Sel gt lt P Sel gt ftam s adm lt port number 1 65535 gt adm s ftstd lt port number 1 65535 gt ftstd s tns y tns n ae y ae n dp n dp f openFT Windows Administration 205 ftmodo openFT commands Description h Displays the command syntax on the screen Entries after the h are ignored kl 0 kl 768 kl 1024 kl 2048 The kl parameter can be used to change the length of the RSA key used in encryption The value of the kl parameter specifies the new RSA key length in bits The RSA key is only used for the encryption of the AES key agreed between the partners or for encrypting the DES key in versions up to openFT V7 0 openFT uses the AES key for encrypting request description data and any file content present The ftmodo kl command can be specified in current openFT operation kl 0 explicitly deactivates encryption If this is set during operation then any requests
28. on page 266 The ADM traps are identified by trap IDs The trap IDs are assigned in ascending sequence For technical reasons the numbering sequence is not always unbroken If no other specifications are made openFT always outputs the most recent ADM trap When requested openFT outputs all the ADM traps up to the number specified in the command The ADM traps are stored in the ADM trap log file The maximum number of stored ADM traps depends on the maximum possible size of the ADM trap log file If the maximum number of ADM traps is exceeded the records with the lowest trap ID are overwritten by the current records For further details see page 130 You can choose between three output formats short output format detailed output format and CSV output format Comma Separated Value The ADM traps are output to standard output 258 openFT Windows Administration openFT commands ftshwatp Format ftshwatp h rg l lyyyylmm dd hhmm 1 999999999999999999 Ilyyyy mm dd hhmm 1 999999999999999999 src lt partner 1 200 gt tt fts pts L J ptull Iracll iraf L Iirqs nb 1 9999999 nb a I csv Description h Displays the command syntax on the screen Entries after the h are ignored rg yyyy mm dd hhmm lyyyy mm dd hhmm With rg you can optionally specify the start or end of a time period lyyyy Imm dd hhmm If you specify a time as 4 digits
29. openFT commands ftaddptn pri l pri n pri h pri allows you to specify the priority of a partner in respect of processing requests that have the same request priority This means that the partner priority only applies in the case of requests that have the same request priority but that are issued to partners with a different partner priority I low The partner is assigned a low priority n normal default The partner is assigned a normal priority h high The partner is assigned a high priority st a st d st ad This option allows you to control how locally submitted asynchronous file transfer requests to the specified partner system are processed a active default value Locally submitted asynchronous file transfer requests to this partner system are processed if the asynchronous openFT server is started d deactivated Locally submitted asynchronous file transfer requests to this partner system are initially not processed but are stored in the request queue ad automatic deactivation Multiple consecutive unsuccessful attempts to establish a connection to this partner system result in its deactivation The maximum number of unsuccessful attempts is 5 If you want to perform file transfer again with this system you must explicitly activate it with ftmodptn st a The maximum number of such unsuccessful attempts is 5 After a connection has been established successfully the counter is reset to 0
30. remote administrator Role configured on the remote administration server and which grants permission to execute certain administration functions on certain openFT instances 432 openFT Windows Administration Glossary remote system gt SCC partner system request Here FT request request queue File containing asynchronous requests and their processing statuses request identification request ID number that identifies an FT request request management FT function responsible for managing FT requests it ensures request processing from the submission of a request until its complete processing or termination request number gt see request identification request storage FT function responsible for storing FT requests until they have been fully processed or terminated resources Hardware and software components needed by the FT system to execute an FT request processes connections lines These resources are controlled by the operating parameters responder Here FT system addressed by the initiator restart Automatic continuation of an FT request following an interruption restart point Point up to which the data of the send file has been stored in the receive file when a file transfer is interrupted and at which the transfer of data is resumed following a restart openFT Windows Administration 433 Glossary result list List with information on a completed file tra
31. y Flags the local openFT instance as a remote administration server This means that this instance can also be an ADM trap server n The local openFT instance is not no longer flagged as a remote administration server This means that it is not no longer possible to receive ADM traps This is the default after a new installation lil If you specify admcs but do not specify admcl admcl is set to the following default value 64 if admcs y 8 if admcs n rql maximum number of requests You use rql to specify the maximum number of entries in the request queue You can choose a value between 2 and 32000 The default value is 2000 rqt request lifetime rqt You use rgt to specify the maximum lifetime of requests in the request queue The value applies to both inbound and outbound requests and is specified in days Values between 1 and 400 are permitted Once the specified period has expired requests are deleted from the request queue The default value is 30 days openFT Windows Administration 207 ftmodo openFT commands request lifetime not specified If you specify rgt without parameters then the maximum lifetime is unlimited id identification Specifying the instance identification of your instance Partner systems using openFT Version 8 1 and later address your system via this string In return openFT uses the instance ID as the sender address when addressing the partners The instance ID
32. 52 Administration request rejected by remote administration server Meaning The administration request was rejected by the remote administration server because it clashes with the settings in the configuration file of the remote administration server The ADM administrator can determine the precise reason for rejection from the associated ADM log record on the remote administration server Possible reason codes 7001 7002 7003 7101 7201 The administrator ID is invalid It was not possible to determine a valid administrator ID from the user ID or the profile name in the configuration data of the remote administration server The routing information is invalid The specified openFT instance specified in the routing information could not be found in the configuration data of the remote administration server The specified remote administration command is invalid The remote administration server rejects the specified command because it is not a supported remote administration command Infringement against the access rights list On checking the access rights the system identified that the administrator ID has not been assigned the necessary rights in the configuration data of the remote administration server to be able to execute the valid remote administration command on the specified openFT instance Infringement against the maximum command length In particular in the case of BS2000 commands the remote administra
33. 8 1 Trace files You can switch trace mode on or off for the purposes of error diagnosis 8 1 1 Activating deactivating trace functions You can activate and deactivate the trace function as follows the ftmodo tr n f command the openFT Explorer Administration Operating Parameters Trace When trace mode is switched on diagnostic data is written to trace files which are located in subdirectory traces of the respective openFT instance see Instance directory on page 68 When you have finished diagnosis you should deactivate the trace mode for reasons of performance The trace files can become infinitely large since they are not cyclically overwritten However you can also close trace files with the ftmodo tr c command and open new trace files This function is also available in the openFT Explorer Change File button on the Trace tab Activating partner specific trace If you only wish to record traces for a specific partner proceed as follows 1 Activate the trace function for the required partner for instance using ftmodptn partner tr n 2 Deactivate the trace for the partner types for instance using ftmodo trp 3 Deactivate the general trace function for instance using ftmodo tr n openFT Windows Administration 349 Trace files Diagnosis Activating deactivating interface trace You can additionally activate the interface trace using the openFT Explorer To do this proceed as fo
34. OFF ConsTrapsTransSucc String ON OFF ConsTrapsTransFail String ON OFF FtLog String ALL FAIL NONE FtacLog String ALL FAIL NONE Trace String ON OFF TraceSelp String ALL NONE OPENFT FTP FTAM ADM 2 TraceSelr String ALL ONLY SYNC ONLY ASYNC ONLY LOCAL ONLY REMOTE 2 TraceOpt String NONE BULK DATA KeyLen Number Value CcsName String Value enclosed in double quotes AppEntTitle String YES NO StatName String Value SysName String Value FtStarted String YES NO openftAppl String STD Value ftamAppl String STD Value FtpPort Number Value ftpDPort Number Value empty internal function ftstdPort String Value STD DynPartner String ON OFF ConTimeout Number Value internal function ChkpTime Number Value internal function openFT Windows Administration 369 Structure of CSV Outputs Appendix Column Type Values Monitoring String ON OFF MonSelp String ALL OPENFT FTP FTAM empty 7 MonSelr String ALL ONLY SYNC ONLY ASYNC ONLY LOCAL ONLY REMOTE 2 AdmTrapServer String Value NONE AdmtTrapsFtState String ON OFF AdmtTrapsPartnerState String ON OFF AdmtTrapsPartnerUnreach String ON OFF AdmTrapsReqQueueState String ON OFF AdmTrapsTransSucc String ON OFF AdmtTrapsTransFail String ON OFF AdminConnLim Stri
35. cs partner Specifies the name of the remote administration server in the partner list or the address of the remote administration server The remote administration server must be addressed as an ADM partner For details see the section section Specifying partner addresses on page 40 cs not specified If you do not specify cs it is assumed that the local system i e the system at which you logged on is the remote administration server This means that you can only omit cs if you enter ftadm directly on the remote administration server ri routing info Specifies the pathname of the openFT instance that you want to administer The pathname is configured by the ADM administrator on the remote administration server and is required in order to forward the remote administration request to the openFT instance You can get the pathname by running the command ftshwc on the remote administration server See the section Remote administration commands on page 160 ri not specified If you do not specify ri the command specified under command is executed on the remote administration server e g ftshwc or ftshwatp See section Remote administration commands on page 160 command The remote administration command to be executed The maximum command length supported is 8192 characters dash for command The dash stands for the standard input stdin i e you enter the command at the keyboard Terminate your input by pressin
36. 180 openFT Windows Administration openFT commands ftcrep c y c n Using c you can determine whether data encryption is required or forbidden If the setting in the profile does not correspond to the setting in the request the request is denied The setting is not valid for file management requests since there is no encryption for these requests y Only requests with data encryption may be processed using this profile n Only requests without data encryption may be processed using this profile c not specified Data encryption is neither required nor forbidden txt text enables you to store a comment in the FT profile up to 100 characters txt not specified the FT profile is stored without a comment CAUTION If you use the options ff p fn fnp ls lsp lss If lfp or Ifs you must remember that a file name restriction can be bypassed by renaming the file unless follow up processing is also restricted that follow up processing must always be restricted for both successful and unsuccessful file transfer and if necessary equivalent restrictions must exist for any permitted preprocessing that prefixes for the file name and follow up processing must be matched to one another that no symbolic links should occur in the part of your file tree that is refer enced by the file name prefix that restrictions applied to preprocessing postprocessing or follow up processing can be circum
37. 225 Information output canceled Meaning A show command was interrupted for example Measure Repeat the command 226 Monitor file contents inconsistent Meaning The command cannot be accepted because the contents of the specified monitor file are inconsistent Possible reason The monitor file was accessed by the user in a mode other than read mode while it was monitoring an FT request The contents of the monitor file can no longer be used 227 Monitor file not in use by openFT Measure Correct the name of the job variable and repeat the command 228 Monitor file not found Measure Correct the name of the job variable and repeat the command openFT Windows Administration 405 Messages for administration commands Appendix 236 Current instance lt instance gt no longer found Meaning The command was rejected The instance lt instance gt could not be found 250 An internal error occurred during command processing 251 Command aborted with core dump Measure In the Application section of the Event Viewer there is an error event for openFT that specifies the file name and directory under which the dump has been saved Where necessary contact Customer Service and send the dump for further analysis 253 Current openFT instance is invalid Meaning During command processing a defined instance was found to be invalid 254 Command client error Meaning An error occurred while connecting a command to the
38. 420 openFT Windows Administration Glossary data encoding Way in which an FT system represents characters internally Data Encryption Standard DES International data encryption standard for improved security The DES procedure is used in the FT products to encrypt the request description data and possibly the request data if connections are established to older versions of openFT that do not support AES data protection Inthe narrow sense as laid down by law the task of protecting personal data against misuse during processing in order to prevent the disclosure or misappropriation of personal information Inthe wider sense the task of protecting data throughout the various stages of processing in order to prevent the disclosure or misappropri ation of information relating to oneself or third parties data security Technical and organizational task responsible for guaranteeing the security of data stores and data processing sequences intended in particular to ensure that only authorized personnel can access the data no undesired or unauthorized processing of the data is performed the data is not tampered with during processing the data is reproducible DHCP Service in TCP IP networks that automatically assigns IP addresses and TCP IP parameters to clients on request directory Directories are folders in the hierarchical file system of a Unix system including POSIX or a Windows system that
39. Create New Key Pair Set Update Key Pair Sets Edit File syspkf comment Delete Key Pair Set n 2 10 3 Distributing the keys to partner systems Distribution of public key files to your partner systems should take place using reliable means for example by e distributing them via cryptographically secure by e mail e distributing them on a CD by courier or by registered mail e distributing them via a central openFT file server whose public key is in the partners possession You must ensure that your public key files these files are re coded e g by trans ferring them as text files via openFT e if you transfer them to a partner with BS2000 OSD or z OS e if you transfer them from a Windows system to a Unix system The public key file of your local openFT instance is stored in the partner system in the following location e For partners using openFT for BS2000 as type D PLAM elements in the library SYSKEY on the configuration user ID of the partner instance The partner name allocated to your openFT instance in the remote partner list SYSPTF must be selected as the element name e For partners using openFT for Unix systems in the directory syskey of the instance file tree see In the case of the standard instance the path name is var openFT std syskey The instance ID of your local openFT instance must be selected as the file name The file name must not contain any uppercase characters If the instance ID cont
40. FTCREKEY FT FTCREPRF FTAC FTDELKEY FT FTDELLOG FT FTAC FTDELPRF FTAC FTHELP FT FTOP FTAC FTMODADS FTAC FTMODOPT FT FTMODPRF FTAC FTMODPTN FT FTMODREQ FT FTREMPTN FT FTSHWADS FTAC FTSHWD FT FTOP FTAC FTSHWINS FT FTOP FTSHWLOG FT FTOP FTAC FTSHWMON FT FTOP FTSHWNET FT FTOP FTSHWOPT FT FTOP FTSHWPRF FTAC FTSHWPTN FT FTOP FTSHWREQ NSTATUS NSTAT FT FTOP FTSTOP FT FTTRACE FT FTOP FTUPDKEY FT 1 As of V11 0 158 openFT Windows Administration openFT commands ftadm Commands for openFT partners in Unix and Windows systems Command Comment Permission fta up to V10 0 FT ftaddptn FT ftc up to V10 0 FT ftcanr FT ftcans openFT Script command FT ftcrek FT ftcrep FTAC ftdelk FT ftdell FT FTAC ftdelp FTAC ftdels openFT Script command FT fthelp FT FTOP FTAC fti up to V10 0 FT FTOP ftinfo FT FTOP FTAC ftmoda FTAC ftmodo FT ftmodp FTAC ftmodptn FT ftmodr FT ftremptn FT ftrs up to V10 0 FT ftsetpwd Windows systems only FT FTOP ftshwa FTAC ftshwact openFT Script command FT FTOP ftshwd FT FTOP FTAC ftshwi FT FTOP ftshwl FT FTOP FTAC ftshwm as of V11 0 FT FTOP ftshwo FT FTOP ftshwp FTAC openFT Windows Administration 159 ftadm openFT commands Command Comment Permission ftshwptn FT F
41. Windows Administration 385 Remote TS application for openFT Appendix e Partner address entry for transfer via X 25 Global Name ftiso Application type openFT P selektor lt none gt S selektor lt none gt T selektor TRANSDATA FJAM Transport protocol nformation lt empty gt 1100 Subnetwork X 121 Transport protocol class class2 0 is possible X 25 DTE address transport system dependent 386 openFT Windows Administration Appendix Remote TS application for openFT FTAM 9 2 4 Definition of remote TS applications for openFT FTAM li In the case of FTAM partners TNS entries are only necessary if these partners are not connected via TCP IP In order to use the Transport Name Service you must set this explicitly via the operating parameters e g Administration menu Operating Parameters command Addresses tab Use TNS option In the case of all partner systems that can be accessed via TCP IP no TNS entries are required any longer as of openFT V10 since you can specify the partner address directly or enter it in the partner list The presentation session and transport selector entries can be made in ASCII A EBCDIC E TRANSDATA format T or hexadecimal X Presentation and session selectors may only be between 0 and 16 bytes long If the presentation or session selector is missing the entries then it is essential to specify Empty format If a partner has diff
42. bytes accumu Number of bytes transferred when per second lated transferring binary files ThDiskTtl Throughput in disk bytes Number of Bytes Number of bytes read from files or bytes accumu written to files with transfer per second lated requests ThDiskSnd _ Throughput in disk bytes send Number of Bytes requests bytes accumu Number of bytes read from files per second lated with send requests ThDiskRev Throughput in disk bytes receive Number of Bytes requests bytes accumu Number of bytes written to files per second lated with receive requests ThDiskTxt Throughput in disk bytes text x Number of Bytes files bytes accumu Number of bytes read from text per second lated files or written to text files with transfer requests ThDiskBin Throughput in disk bytes binary x Number of Bytes files bytes accumu Number of bytes read from binary per second lated files or written to binary files with transfer requests 298 openFT Windows Administration openFT commands ftshwm Monitoring values Name Meaning Output Output unit with a Formatted Raw only ThRato openFT requests Number per Number Number of openFT requests second accumu received lated ThRaft File transfer requests x Number per Number Number of file transfer requests second accumu received lated ThRafm File management requests x Number per Number Number of fil
43. iif options in the FT profile both the user s entries MAX USER LEVELS and the administrator s entries MAX ADM LEVELS are ignored n withdraws the privileged status if it had been granted from the FT profile priv not specified does not modify the privileged status of the FT profile iml y iml n iml ignore max level is used to specify whether the FT profile is to be restricted by the values in the admission set The user can override the entries he she made himself or herself the MAX USER LEVELS for requests using this FT profile If the FT profile is also privileged by the FTAC administrator the entries made by the FTAC administrator the MAX ADM LEVELS can also be ignored This FT profile would then allow inbound basic functions to be used which are disabled in the admission set y allows the values in the admission set to be ignored n restricts the functionality of the profile to the values in the admission set iml not specified causes the values specified in the profile for the basic functions to apply unchanged openFT Windows Administration 227 ftmodp openFT commands iis y iis n iis ignore inbound send allows the value for the basic function inbound send in the admission set to be ignored for details see imi y allows the basic function inbound send to be used even if it is disabled in the admission set At the same time component display file attributes of the basi
44. low The partner is assigned a low priority n normal The partner is assigned a normal priority h high The partner is assigned a high priority pri not specified The priority setting remains unchanged St a st d st ad This option allows you to control how locally submitted asynchronous file transfer requests to the specified partner system or systems are processed a active Locally submitted asynchronous file transfer requests are processed if the asynchronous openFT server is started 244 openFT Windows Administration openFT commands ftmodptn d deactivated Locally submitted asynchronous file transfer requests are initially not processed but are stored in the request queue ad automatic deactivation Multiple consecutive unsuccessful attempts to establish a connection to this partner system result in its deactivation If you want to perform file transfer again with this system you must explicitly activate it with ftmodptn st a The maximum number of such unsuccessful attempts is 5 After a connection has been established successfully the counter is reset to 0 st not specified The processing mode is unchanged am n am y You can use am authentication mode to force partner authentication n Authentication is not forced i e this partner is not restricted with regard to authentication y Authentication is forced i e requests are only processed if the local system is successful
45. off the openFT subagent causes diagnostics management tracing to be started or stopped respectively Read access provides information on the current status of diagnostics management activated or deactivated openFT Windows Administration 91 SNMP management SNMP 4 3 5 Public key for encryption MIB definition Object name object identifier Access Meaning ftEncryptKey 1 3 6 1 4 1 231 2 18 3 1 0 write only Public key Input Syntax Integer Meaning create new key 1 A new public key is created A detailed description on creating and managing public and private key can be found in section Creating and administering RSA key pairs on page 51 92 openFT Windows Administration 5 Central administration Central administration in openFT covers the functions remote administration and ADM traps openFT for Windows systems provides full support for both functions Compared with openFT V10 0 these functions offer considerable advantages that are of particular benefit if you want to administer and monitor a large number of openFT instances These benefits include e Simple configuration The configuration data is maintained centrally on the remote adminis tration server which means that it only exists once The creation of roles in the form of remote administrators and the grouping of several instances make it possible to implement e
46. on page 68 DIERR A data integrity error has been detected on the connection to the partner system This can be the result of attempts at manipulation on the data transfer path or of an error in the transport system The connection has been interrupted but the affected request is still live if it has the capability of being restarted NOKEY The partner does not accept unencrypted connections but no key is available in the local system A new key must be generated IDREJ The partner or an intermediate instance has not accepted the instance ID sent by the local system Check whether the local instance ID matches the entry for the partner in the partner list SHORT A resource bottleneck has occurred on the partner SECLEV Security level assigned to the partner system 1 100 A fixed security level is assigned to the partner system 1 is the lowest security level partner is extremely trusted and 100 is the highest security level partner is not trusted STD The global setting for the security level applies openFT Windows Administration 321 ftshwptn openFT commands B P ATTR The security level is assigned to the partner on the basis of the partner s attributes i e Security level 10 if the partner has been authenticated Security level 90 if the partner is known in the transport system and is identified by the name it is known by in the transport system Security level 100 otherwise i e
47. s n no follow up processing is then permitted in the FT profile in the event that file transfer is successful command not specified ls allows you to cancel a follow up processing entry The FT profile then no longer restricts success follow up processing in the local system This is also a way to cancel a prefix for the follow up processing defined with sp ls not specified leaves the entries in the FT profile for follow up processing in the event that file transfer is successful unchanged Isp command2 Isp defines a prefix for follow up processing in the local system in the event that file transfer is successful FTAC then adds the character string commana to the follow up processing specified in the FT request and attempts to execute the resulting command For example if this option is specified as sp print and the request specifies file name as follow up processing FTAC executes print file name as follow up processing Prefix suffix and follow up processing commands must together not be longer than 1000 characters Please also bear in mind the information provided on the s option If a prefix was defined with sp the character set available for specifying follow up processing in the FT request is restricted to alphanumeric characters letters and digits the special characters _ a period between alphanumeric characters You can cancel an existing prefix by specifying s
48. this is interpreted as hours and minutes 6 digits are interpreted as day date and time in hours and minutes 8 digits as month day and time in hours and minutes and 12 digits as year month day and time in hours and minutes The largest possible value that can be entered for the date is 20380119 19th January 2038 openFT then outputs the ADM traps that lie between the specified limits rg yyyy mm ddjhhmm The ADM traps that occurred at the specified time are output rg l yyyy mm dd hhmm yyyy mm dd hhmm The time period begins with the start time and ends with the second time specified If a number is specified with nb that is smaller than the number of ADM traps in the period the required number of ADM traps up to the end time is output rg yyyy mm dd hhmm The time period begins at the start time and ends with the most recent ADM trap entry openFT Windows Administration 259 ftshwatp openFT commands If a number is specified with nb that is smaller than the number of ADM traps in the period the most recent ADM traps are output rg yyyy mm dd hhmm The time period ends at the specified time If a number is specified with nb that is smaller than the number of ADM traps in the period the required number of ADM traps up to the end time is output rg 1 999999999999999999 1 999999999999999999 With rg you can optionally specify the start or end of a trap ID range 1 9999999999
49. transfer admission specifies the transfer admission of the FT profile to be modified You must specify a binary transfer admission in the form x or Xes a for transfer admission modifies either the FT profile specified with profile name see above or if no profile name was specified all the profiles that come into question n for transfer admission selects all FT profiles without transfer admission transfer admission not specified causes to query the transfer admission on the screen after the command is entered Your entry is not displayed to prevent unauthorized persons from seeing the transfer admission To exclude the possibility of typing errors the program prompts you to enter the transfer admission a second time If you just press lt ENTERP gt this has the same effect as specifying a user ID As the FTAC administrator you can specify any login name here a for user ID If you specify a as the FTAC administrator you can modify the FT profiles for any login names adm for user ID If you specify adm as the FTAC or ADM administrator you can modify ADM profiles corresponding to f c However you can neither change this property f c nor the user ID ua option user ID not specified modifies only profiles belonging to the user s own login name regardless of who issues the command openFT Windows Administration 223 ftmodp openFT commands s not specified if a is specified for
50. 1 200 gt lt partner 50 1 200 gt pnr lt partner 1 200 gt lt partner 50 1 200 gt fn lt file name 1 512 gt fn fnp lt file name prefix 1 511 gt ls ls n ls lt command1 1 1000 gt lsp lso lt command2 1 999 gt Iss lss command3 1 999 gt If If n lf lt command4 1 1000 gt lfp lfp lt command5d 1 999 gt lfs Ifs lt command6 1 999 gt wm o wm n wm e wm one c c y c n txt lt text 1 100 gt txt Description h Displays the command syntax on the screen Entries after the h are ignored profile name specifies the name of the FT profile you wish to modify To see the profile names you have already assigned you can issue the ftshwp command without options s for profile name s allows you to change the properties of the standard admission profile of the user ID The options v d and u are ignored with a standard admission profile 222 openFT Windows Administration openFT commands ftmodp a for profile name modifies all FT profiles that come into question at once unless you select a specific profile with the option s il If you specify ftmodp profile name without any other parameters you force the timestamp of the profile to be updated s transfer admission n al user ID a adm is used to specify selection criteria for the FT profile to be modified
51. 3 lt AccessEntry AdministratorID John Al lowFunction FT gt lt AccessEntry AdministratorID Fred AllowFunction FT FTAC gt lt AccessList gt lt Instance Name MCHSRVOL 4 Description Remote administration server Address ftadm MCHSRVO1 mch mycompany net Admission mchsrvOlremote gt lt Instance Name OPENFTOL 4 Description Windows XP Address ftadm OPENFTO1 mch mycompany net Admission openftO0lremote gt lt Instance 134 openFT Windows Administration Central administration Example of an XML configuration file Name OPENFTO2 4 Description Windows XP Address ftadm OPENFTO2 mch mycompany net Admission openft02remote gt lt Instance Name OPENFTO3 4 Description Windows XP Address ftadm OPENFTO3 mch mycompany net Admission openft03remote gt lt AccessList gt lt AccessEntry AdministratorID John DenyFunction FTMOD gt lt AccessList gt lt Instance gt lt Instance Name MCHSRVO2 4 Description SUSE Linux 8 1 source management Address ftadm MCHSRVO2 mch mycompany net Admission mchsrvO2remote gt lt AccessList 5 InheritFromParent No gt lt AccessEntry AdministratorID Jack AllowFunction FT FTAC gt lt AccessList gt lt Instance gt lt Group gt lt Group Name MCH2 Description Computer Center Muenchen Freimann gt lt AccessList 5 lt AccessEntry Administrato
52. 3 1 7 Activities after installation Following the installation of openFT you may need to perform additional steps depending on what you require of your system These may include the following e installing openFT CR if encryption of user data is required e distributing public keys and obtaining public keys for partner systems needing to be authenticated e identifying instances and specifying the name of the local system for openFT activating disabling automatic startup of openFT e automatic saving of log records in files followed by deletion e setting up the partner list If you wish to use a partner list and you were not using a partner list in the predecessor version you must create the list See the section Setting up and administering the partner list on page 82 e configuring the remote administration server If you want to use your system as a remote administration server you must configure the server See the section Configuring the remote administration server on page 100 configuring the ADM trap server If you want to use your system as an ADM trap server you must configure the server See the section Configuring the ADM trap server on page 129 If you use the TNS you may need to create the TNS entries see the section Entering transport system applications in the TNS on page 379 Please note that cluster configurations are only supported for TCP IP You will therefore need to check all op
53. 3 letters of the name indicate the types of requests from which the monitoring value originates e g Ttl FT Total Snd FT Send requests Rcv FT Receive requests Txt Transfer of text files Bin Transfer of binary files Out FT Outbound Inb FT Inbound If monitoring is deactivated for all partners ftmodo monp only the following values are populated Status StCLim StCAct StRqLim StRqAct StOftr StFtmr StFtpr StTrcr All the other values are set to 0 Name Meaning Output Output unit with a Formatted Raw only ThNetbTtl Throughput in net bytes Number of Bytes Number of bytes transferred bytes accumu per second lated openFT Windows Administration 297 ftshwm Monitoring values openFT commands Name Meaning Output Output unit with a Formatted Raw only ThNetbSnd Throughput in net bytes send Number of Bytes requests bytes accumu Number of bytes transferred with per second lated send requests ThNetbRev Throughput in net bytes receive Number of Bytes requests bytes accumu Number of bytes transferred with per second lated receive requests ThNetbTxt Throughput in net bytes text x Number of Bytes files bytes accumu Number of bytes transferred when per second lated transferring text files ThNetbBin Throughput in net bytes binary x Number of Bytes files
54. 439 What 68 what if 341 Wide Area Network WAN 439 Windows procedure partner properties 319 openFT Windows Administration 459 Index 460 openFT Windows Administration
55. 70 ofapatch 74 unattended 75 update 67 installation directory of openFT 68 instance 61 426 428 creating 61 164 deactivate 183 deactivating 62 deleting 183 modifying 61 202 query information on 62 setup 62 instance concept commands 141 instance directory 68 instance ID 49 426 partners with openFT up to V8 0 50 instances entering in the configuration fille 111 integrity 426 interface trace deactivating 350 Internet information 18 Internet host name addressing options 41 Internet Protocol IP 437 interoperability 426 intrusion attempts prevent 57 IPv4 address 41 IPv6 address 41 ISO reference model 426 ISO OSI reference model 426 J Java Runtime System 68 job 427 transfer 427 K kernel group 424 427 key pair set creating 166 delete 184 L LAN Local Area Network 427 LAUTH 284 291 Legacy attribute 112 length block 206 library 427 lipxml2 license provisions 19 openFT Windows Administration 453 Index license provisions libxml2 19 Local Area Network LAN 427 localsystem 427 specify name 80 local TS application definition FTAM 383 log FTAC 209 log file corrupted 343 log function commands 141 log IDs 279 log records 427 CSV output format 361 delete 81 185 output 279 partner name missing 342 reason codes 192 short output format 279 with postprocessing 279 with preprocessing 279 logging default setting 209 scope administration 210 selection 209 loggin
56. Administration iS ce cog2 test eng Local ADM Traps London AdminHome Servus Test_system Local administration server In this example the group London is shown with the three instances that you are permitted to administer openFT Windows Administration 125 Remote administration Central administration Performing remote administration from a remote computer If the remote administration server is on a different computer you must first set it up in the openFT Explorer In addition the FT administrator should also enter it in the partner list The following steps are required e Entering the remote administration server in the partner list The FT administrator enters the remote administration server in the partner list using the following format ftadm hostL port number port number only needs to be specified if the default ADM port 11000 is not used on the remote administration server host The same applies if you as the remote administrator specify the address directly in a remote adminis tration request e Entering a remote administration server in the openFT Explorer 1 Choose New Remote Administration Server from the context menu of the Remote Administration object directory in the object tree 2 Enter the following details in the Remote Administration Server dialog box The partner where possible the name from the partner list The FTAC transfer admission for a
57. Administration Server function must be activated on the ADM trap server To do this enter the command ftmodo admcs y Alternatively In the openFT Explorer choose Administration Operating Parameters to open the Addresses tab and activate the option Remote Admin istration Server It is not necessary for an ADM trap server to be simultaneously used as a remote administration server but this does have the advantage that every remote administrator can view their ADM traps using the remote adminis tration facility See page 132 e Inthe ADM trap server set up an admission profile that can be used for the administration function Receive ADM traps To do this use the ftcrep with the ff option Alternatively In the openFT Explorer open the Options tab in the Admission Profile dialog box and activate the Receive ADM traps option The transfer admission for this profile must be entered in the operating parameters of the openFT instances that are to send the traps to the ADM trap server See Configuring ADM traps in the openFT instance openFT Windows Administration 129 ADM traps Central administration The ADM traps are stored in the file sysatpf which is located in the log directory of the relevant openFT instance In the case of the default instance the pathname is openFT installation directory var std log sysatpf The file sysatpf is written cyclically This means that the oldest ADM trap entry is overwritten wh
58. EM4 Solaris 9 INSTANCE NO NO YES 360 openFT Windows Administration Appendix Structure of CSV Outputs 9 1 4 ftshwl The following table indicates the CSV output format of a log record A format template in Microsoft Excel format is present in the following file as an example of a possible evaluation procedure openFT installation directory samples msexcelftaccnt xlt Column Type Values Logld Number Value ReasonCode String Value enclosed in double quotes to prevent interpre tation as a number FTAC Reason Codes are output as hexadecimal strings LogTime yyyy mm dd hh mm ss Value InitUserld String Value enclosed in double quotes REM InitTsn String Value enclosed in double quotes NONE PartnerName String Value enclosed in double quotes TransDir String TO FROM NSPEC RecType String FT FTAC ADM Func String TRANS FILE READ FILE ATTR DEL FILE CRE FILE MOD FILE ATTR READ DIR MOVE FILE CRE FILE DIR DEL FILE DIR LOGIN MOD FILE DIR REM ADMIN REM ADMIN ROUT UserAdmisld String Value enclosed in double quotes FileName String Value enclosed in double quotes openFT Windows Administration 361 Structure of CSV Outputs Appen
59. Explorer serves for a simpler presen tation Here you can enter the partner systems you want to work with as if they were network drives i e View directories and file attributes by clicking the mouse Issue file transfer requests using drag amp drop When you make such entries you enter either the name of the partner from the partner list or the partner s address together with the transfer admission data You can also enter a directory that is different from the home directory You can start the openFT Monitor directly for all the partners entered in Partner using the context menu command Start Monitor and thus display the monitoring data for these partners See also page 45 To do this monitoring must be activated on the partner 2 8 1 Specifying partner addresses A partner address has the following structure protocol host port tsel ssel psel host computer name see page 41 This specification is mandatory all other specifications are optional In many cases the other specifications are covered by the default values so that the host name suffices as the partner address see Examples on page 43 Final or can be omitted The individual components of the address have the following meanings protocol Protocol stack via which the partner is addressed Possible values for protocol uppercase and lowercase are not distinguished openft openFT partner i e communication takes place over
60. FILE Transfer file START TIME Indicates the start time of the request if this is was specified explicitly by the initiator on the remote system otherwise this field is empty openFT Windows Administration 285 ftshwl output openFT commands STORETIME If the request was submitted in the remote system then the time of the entry in the request queue is displayed here REQUESTED When initiative in the local system the time of issue of the request is shown here CCS NAME Name of the character set used to code the local file 286 openFT Windows Administration openFT commands ftshwl output 6 33 1 5 Long output format of an FTAC log record Example ftshwl a rg 947 1 LOGGING ID 947 RC 0000 TIME 2009 04 20 10 42 45 TRANS T0 REC TYPE FTAC FUNCTION TRANSFER FILE PROFILE PRIV INITIATOR DOMAIN1 thomasw USER ADM DOMAIN1 thomasw PARTNER servus FILENAME test2 txt Explanation LOGGING ID Log record number up to twelve characters in length TRANS Transfer direction TO FROM BOTH PROFILE Transfer direction to partner system This transfer direction is specified for asend request a request to display the file attributes a request to display the directories Transfer direction to local system This transfer direction is specified for a receive request a request to modify the file attributes a request to delete files The request direction
61. FTADM eN protoco protocol ftexec openFT V11 0 openFT V11 0 openFT V10 0 openFT V8 0 All platforms All platforms Administered openFT instances Remote administration components openFT Windows Administration 95 Remote administration Central administration Remote administration comprises the following components Remote administration server Central remote administration component This runs on a Unix or Windows system with openFT as of V11 0 and contains all configuration data for remote administration Multiple remote administration servers can be defined in a complete configu ration See page 97 ADM administrator Person who administers the remote administration server This person creates the configuration data for remote administration in which for instance the remote administrators and the administered openFT instances are defined The ADM administrator is the only person permitted to change the configuration data Remote administrator Role configured on the remote administration server and which grants permission to execute certain administration functions on certain openFT instances A remote administrator can Log indirectly at the remote administration server single sign on login to a different openFT instance as of V11 0 and access the remote administration server using an FTAC transfer admission The openFT instance can be running either on a mainframe BS
62. FTAM partners it is possible to specify an Appli cation Entity Title in the form n1 n2 n3 n4 mmm as the identification n1 n2 etc are positive integer values which describe the Application Process Title n1 can only have the values 0 1 or 2 n2 is restricted to values between 0 and 39 if n1 does not have the value 2 The optional Application Entity Qualifier mmm must be separated from the values of the Application Process Title by two periods For details see the openFT User Guide identification not specified Specifiying id with no other specification sets the identification to host host name for partner entries with openFT and FTADM protocol For FTAM partners the identification is deleted if id is entered id not specified The setting for identification is unchanged ri routing info ri i ri If the partner system can only be accessed via an intermediate instance then you specify the address information to be used for routing by the intermediate instance in routing info i for routing info The instance identification specified in id is used as the routing information neither i nor routing info specified The specification of ri without parameters means that the partner system can be accessed directly i e without an interme diate instance ri not specified The setting for the routing information is unchanged ptc i ptc a ptc You can use ptc to modify the operating parameter setting for
63. Glossary asynchronous request Once the FT request has been submitted it is processed independently of the user The user can continue working once the system has confirmed accep tance of the request see also synchronous request authentication Process used by openFT to check the unique identity of the request partner basic functions Most important file transfer functions Several basic functions are defined in the admission set which can be used by a login name The six basic functions are inbound receive inbound send inbound follow up processing inbound file management outbound receive outbound send central administration Central administration in openFT incorporates the remote administration and ADM traps functions and requires the use of a remote administration server character repertoire Character set of a file in the virtual filestore In the case of files transferred with FTAM partners it is possible to choose between GeneralString GraphicString A5String and VisibleString client Term derived from client server architectures the partner that makes use of the services provided by a server Logical instance which submits requests to a server cluster A number of computers connected over a fast network and which in many cases can be seen as a single computer externally The objective of clustering is generally to increase the computing capacity or availability in co
64. ID1 the current standard admission set is displayed u not specified all FT profiles and admission sets are displayed pr profile namei profile name2 profile name3 pr n specifies the FT profiles to be displayed up to 100 n for profile name no FT profiles are displayed 270 openFT Windows Administration openFT commands ftshwe pr not specified all FT profiles belonging to the user IDs specified in the u parameter are displayed as y as n specifies whether or not admission sets are to be displayed y default value all admission sets belonging to the login names specified in the u parameter are displayed n no admission sets are displayed l specifies that you wish to see the contents of the selected FT profiles l not specified displays only the names of the FT profiles Markings also indicate whether or not an FT profile is privileged and whether or not it is disabled csv csv specifies that the FT profiles and admission sets are to be output in CSV format The values are output separated by semicolons When csv is specified the output is always detailed analogous to l regardless of whether or not l is specified at the same time For details see section ftshwp on page 371 and section ftshwa on page 357 csv not specified The FT profiles and admission sets are output in the standard format openFT Windows Administration 271 fishwl openFT co
65. INSTANCE ACCESS FT FTOP FTAC AME Liverpool L2 admin DESC SUSE Linux 8 1 Explanation TYPE Specifies whether the item is a group or an openFT instance GROUP Group INSTANCE openFT instance ACCESS Only contains a value if TYPE INSTANCE and specifies what remote administration privileges the remote administrator has on this instance FTOP Read FT access only FT operator FT Read and modify FT access Corresponds to the permissions of an FT administrator FTAC Read and modify FTAC access Corresponds to the permissions of an FTAC administrator openFT Windows Administration 267 ftshwc openFT commands NAME Pathname of the group or of the openFT instance In remote administration requests you must always specify the name of the openFT instance as it is displayed here i e as a complete pathname DESC Description of the group or openFT instance 268 openFT Windows Administration openFT commands ftshwd 6 31 ftshwd Display diagnostic information With the ftshwd command you can display diagnostic information The diagnostic documents are used by the Maintenance and Diagnostic Service for error diagnosis Format ftshwd Description The command has a number of options but these are only significant for the Customer Service team The following example shows the output for this command and explains the meanings of the fields ftshwd DATE TIME SSID COMPONENT LOCATION ID I
66. IP address 192 168 90 30 must be addressed e g ftshw OPENFT FromOPENFT d e Inthe case of transfers directly to the host P870_DDM not failsafe the host name P870_DDM or the IP address 192 168 90 10 must be addressed e g ncopy LocFile P870_DDM RemFile SendToP870_DDM e Inthe case of transfers directly to the host PN70_DDM not failsafe the host name PN70_DDM or the IP address 192 168 90 20 must be addressed e g ncopy PN7O_DDM RemFile LocFile GetFromPN70_DDM openFT Windows Administration 395 openFT in a Windows cluster Appendix 9 3 2 Configuring resource specific openFT properties Use Program Administrative Tools Cluster Configuration in the Cluster Admin istrator Tool to configure openFT in one of the two nodes of the Cluster amp Cluster Administrator CLUSTER_DDM CLUSTER_DDM 2 File View Window Help lejx S AA xs nl a g CLUSTER_DDM B Groups Description J Disk S Online P870_DDM Physical Disk Cluster Group w IP Adresse openFT Online P870_DDM IP Address Disk Group 2 w Netwerkname openFT Online P870_DDM Network Name Disk Group 3 Nai Service open ft Online P870_DDM Genetic Service ci Disk Group 4 Disk Group 5 Resources E Resource Types Networks Interconnect 2 Public E Network Interfaces B ad P870_DDM Active Groups E Active Resources E Network Interfaces J PN70_DDM Active Groups Active Resources Network
67. In the case of all other system languages you are asked whether German or English is to be preset as the default language for openFT for details see the section Switching the language interface on page 37 If you want to encrypt file contents you must also install openFT CR for Windows systems This software is offered without a license at a fixed price If an openFT CR version lt V8 0 is already installed then you must first uninstall this version before installing openFT You may only install openFT CR V11 0 after openFT V11 0 has been installed If you want to use the openFT Script interface or the Java API then the J2SE Runtime Environment 5 0 JRE 5 0 or higher must be installed on your system Installation of the SNMP topic requires an installed Microsoft SNMP Server see section Installation of the SNMP subagent on page 77 Installation directory The path under which openFT is installed depends on a number of factors and is generally referred to below as the openFT installation directory The following points apply The path depends on your operating system By default openFT is installed in the directory ProgramFiles openFT Inthe case of interactive installation you can freely specify the installation directory You must not however specify a network drive as the installation path It is recommended that you use the suggested path Instance directory The instance directory is set up d
68. InheritFromParent The value of the attribute InheritFromParent can accept the string No If No is specified inheritance of access lists from parent groups is deacti vated Because access lists are inherited from parent groups by default it is only necessary to specify the attribute InheritFromParent if inheritance is to be explicitly deactivated An access list can contain the following element one or more access entries with the XML tag lt AccessEntry gt Any number of access entries is permitted An access entry allows you to explicitly define the access permissions for each remote administrator This means that you can specify which remote administration functions are granted or denied to this remote administrator Note that parent access permissions are inherited unless you have deacti vated this by specifying InheritFromParent No Defining an access entry An access entry is an element of an access list and starts with the XML tag lt AccessEntry gt There is no limit to the maximum number of access entries in the configuration file An access entry is made up of the following attributes e Mandatory attribute AdministratorID The value of the attribute AdministratorID is a string that specifies the name of the remote adminis trator This remote administrator must be defined at the start of the configu ration file using the tag lt AdministratorID gt See page 107 A remote admin istrator may only be specified in one
69. S CLUSTER inst1 is to be deactivated on computer CLUSTER1 since it has been switched over to CLUSTER2 The directory S CLUSTER inst is retained ftdeli instl 2 Instance inst2 with the directory S CLUSTER inst2 is to be deleted along with the instance file tree ftdeli inst2 rmdir S S CLUSTER inst2 3 Using ftseti it was changed to instance inst3 There an attempt is being made to deactivate the instance inst3 ftdeli inst3 ftdeli openFT Instance inst3 can not be removed openFT Windows Administration 183 fidelk openFT commands 6 11 ftdelk Delete key pair set You use this command to delete the key pair sets for a reference Your system can then no longer be authenticated by partner systems which still use the associated public key For more information on administering keys see section Authentication on page 49 A key pair set should always be present in your openFT instance as otherwise all requests are run unencrypted i e neither the request description data nor the file contents are encrypted Format ftdelk h lt key reference 1 9999999 gt Description h Displays the command syntax on the screen Entries after the h are ignored key reference Used to select the key pair set that is to be deleted You can find the reference in the name of the public key file see section Creating and administering RSA key pairs on page 51 184 openFT Windows Administration o
70. Windows cluster OPENFT with the IP address 192 168 90 30 consisting of the two nodes P870_DDM address 192 168 90 10 and PN70_DDM address 192 168 90 20 the following applies e Each node contains a std instance e There is one cluster instance for both cluster nodes and this instance is assigned to one node at any one time because it is located on a switchable cluster drive This means that there are three addressable openFTs on the two nodes of the cluster The failure concept lies in the fail safe cluster instance hostname OPENFT that is online from the viewpoint of the cluster either P870_DDM or PN70_DDM If the std instance on the separate nodes is used it must be noted that these are not failsafe Configure the Windows cluster in such a way that one disk is always available which is managed by the cluster Physical Disk e g S openFT openFT Windows Administration 391 openFT in a Windows cluster Appendix 9 3 1 1 Installation of openFT Installation on the first node Install openFT V11 for Windows locally plus the supplementary product openFT CR if required e Always select a local disk for all paths e g C Only activate the FTAM FTP functionality if you possess the necessary license e Restart the computer Enter the user password for openFT ftsetpwd or openFT Explorer e Check if the identification is set properly ftshwo or openFT Explorer and correct it if necessary ftmodo id or o
71. access entry in an access list AllowFunction and DenyFunction attributes These attributes specify which remote administration functions are granted AllowFunction and denied DenyFunction The AllowFunction and DenyFunction attributes are in principle optional but you must specify at least one of the two attributes in every access entry openFT Windows Administration 115 Remote administration Central administration If both attributes are specified note that entries for the attribute DenyFunction which deny a function to the remote administrator take priority over entries for the attribute AllowFunction which grant this function to the remote administrator The following points apply The value of the attribute Al owFunction specifies what remote adminis tration functions are remote administrator is permitted to carry out The string can have the following values remote administration permissions ETOP ie NACE SRT FTAG o RING EPs ETAC IE LORS FTOP FTAC Specifying FTOP FT operator only permits read FT access Specifying FT permits FT access for reading and modification Specifying FTAC permits FTAC access for reading and modifi cation Combinations mean that the remote administrator has been granted both permissions The value of the attribute DenyFunction determines which remote admin istration functions have been denied to the remote administrator The string ca
72. all the FT profiles belonging to the login name under which the ftdelp command is issued are deleted Otherwise the FT profile with the specified name is deleted 188 openFT Windows Administration openFT commands ftexpc 6 14 ftexpc Export the configuration of the remote administration server ftexpc stands for export configuration If you are the administrator of the remote administration server ADM administrator ftexpc allows you to export the configuration data of the remote administration server into an XML file The content of the XML file with the exported configuration is encoded using UTF 8 You can use ftexpc if you wish to change an existing configuration To do this export the existing configuration into an XML file with frexpc adapt the file see the section Creating a configuration file on page 104 and then import the changed file again with ftimpc Format ftexpc h lt file name 1 256 gt Description h Displays the command syntax on the screen Entries after the h are ignored file name specifies the name of the XML file in which the exported configuration data is to be saved The file is created by the ftexpc command and must not exist beforehand Messages of the ftexpc command If ftexpc could not be executed properly a self explaining message is output The exit code is not equal zero in this case openFT Windows Administration 189 ftexpe openFT commands 6 15 ft
73. also be sent to an ADM trap server if certain events occur during openFT operation A Unix or Windows system configured as a remote administration server can act as the ADM trap server The FT administrator of the ADM trap server can read the ADM traps If remote administrators are defined on the ADM trap server for the openFT instance sending the trap these remote administrators can also view the associated ADM traps To this end the following commands have been introduced or enhanced e New command ftshwatp for viewing the ADM traps e The ftcrep and ftmodp commands have been expanded to allow the admission profiles for receiving traps on the ADM trap server to be defined e The ftmodo command has been expanded to allow the destination and scope of the ADM traps to be sent to be defined The openFT Explorer also makes these functions available and has been expanded accordingly Monitoring of openFT operation Important monitoring data for openFT operation can be collected and output This includes various values relating to throughput or processing time and current state indicators The administrator configures activates and deactivates monitoring using the ftmodo command with the mon monp and monr options or using the openFT Explorer The monitoring data can be output either with the new command ftshwm or using the openFT Monitor The openFT Monitor can be started by entering the command ftmonitor or via the openFT Explore
74. are modified You must specify the file name that was used when the request was created This file name is also output by the ftshwr command without the fn option Wildcards may not be used in the file name pr n pr l indicates the new priority The following values are possible n normal the request has the priority normal I low the request has the priority low qp f qp indicates the position of the request within the same priority The following values are possible f first the request is placed at the top of the list of requests with the same priority I last the request is placed at the bottom of the list of requests with the same priority request ID request ID is used to specify the identification of a specific request that is to be modified The request ID is output on the screen when reception of the request is confirmed It can also be displayed using the ftshwr command If you have specified a request ID but the other specified selection criteria do not match the request then the request is not modified and the following error message is output ftmodr Request request ID not found 248 openFT Windows Administration openFT commands ftmonitor 6 25 ftmonitor Call the openFT Monitor for displaying measurement data The ftmonitor command calls the openFT Monitor in which the monitoring data collected during openFT operation is displayed openFT can be running on the local
75. be able to restore openFT operation with as little delay as possible using the original runtime environment after a computer has failed or been replaced for instance You should always store the partner list the FTAC environment and the operating parameter settings in backup files To do this you can proceed as follows the file names used are only examples e Back up the partner list using the following command ftshwptn pw gt partner_save bat The file partner_save bat contains ftmodptn commands To restore the partner list simply run the file e Back up the FTAC environment admission sets and profiles using the following command ftexpe ftac_save To restore the FTAC environment import the file using the command ft impe ftac_save e Back up the operating parameter settings using the following command ftshwo pw gt option_save bat The file option_save bat contains an ftmodo command To restore the operating parameter settings simply run the file openFT Windows Administration 65 Save restore configuration data Tasks of the administrator 66 openFT Windows Administration 3 Installation and configuration This chapter describes the installation and configuration of openFT lil openFT is shipped with a communications manager PCMX 32 3 1 Installation of openFT The installation of openFT is performed under a user id with Windows admin istrator rights openFT V11 0 is installed using
76. be unique within openFT partner name not specified Specifies that the partner is a dynamic partner pa partner address You use pa to enter the address of the partner system in the following form protocol host port tsel ssel psel host computer name is mandatory all other specifications are optional For details concerning address specifications see section Specifying partner addresses on page 40 148 openFT Windows Administration openFT commands ftaddptn id identification id Identification unique in the network of the openFT instance in the partner system In the case of FTAM partners it is possible to specify an Appli cation Entity Title in the form n1 n2 n3 n4 mmm as the identification n1 n2 etc are positive integer values which describe the Application Process Title n1 can only have the values 0 1 or 2 n2 is restricted to values between 0 and 39 if n1 does not have the value 2 The optional Application Entity Qualifier mmm must be separated from the values of the Application Process Title by two periods For details see the openFT User Guide Identification not specified The specification of id means that the host host name is used for identification for the the openFT and FTADM protocol Default value host host name for the openFT and FTADM protocol otherwise blank ri routing info ri i ri If the partner system can only be accessed via an intermedi
77. can contain files and or further directories document type Value of the file attribute contents type attribute of the kernel group Describes the type of file contents in the virtual filestore document type for text files FTAM 1 document type for binary files FTAM 3 openFT Windows Administration 421 Glossary EBCDIC Standardized code for message exchange as used in BS2000 OSD The acronym stands for Extended Binary Coded Decimal Interchange Code emulation Components that mimic the properties of another device entity gt see instance Explorer A program from Microsoft that is supplied with Windows operating systems to facilitate navigation within the file system file attributes A file s properties for example the size of the file access rights to the file or the file s record structure file management Possibility of managing files in the remote system The following actions are possible Create directories Display and modify directories Delete directories Display and modify file attributes Rename files Delete files file transfer request gt see FT request firewall processor Processor which connects two networks The possible access can be controlled precisely and also logged fixed length record A record in a file all of whose records possess the same agreed length It is not necessary to indicate this length within the file
78. cause a jump to another place in the file tree unique or UNIQUE cannot be used for a file name prefix In the case of a file transfer request the user can use a file name ending with UNIQUE or UNIQUE suffix or Yunique or Yunique suffix to generate a unique file name with the prefix specified here A file name prefix which starts with the pipe character indicates that the FTAC profile can only be used for file transfer with preprocessing and postprocessing since the file name created using the prefix and the name specified for the ncopy or ft command also starts with the character In this case no follow up commands may be specified unless the filename prefix starts with cmd c or amp cmd c 176 openFT Windows Administration openFT commands ftcrep The following strings may not be specified two dots dot backslash This makes it impossible to navigate to higher level directories filename prefix can be up to 511 characters in length Special cases e You must specify a file name or file name prefix which starts with the string Iftexecsv for FTAC profiles which are to be used exclusively for the ftexec command If a command prefix is also to be defined you must specify it as follows fnp Iftexecsv_ p command prefix e g Ffnp ftexecsv p ftshwri The same restrictions apply to the command string of the ftexec call as to the filename prefix during preproces
79. details openFT Windows Administration 249 ftmonitor openFT commands lay not specified If you do not specify ay the default Monitor window is opened This contains a chart showing the monitoring value Networkb sec of all Requests corresponds to the parameter ThNetbTtl in the command ftshwm po polling interval Polling interval in seconds Possible values 1 through 600 Default value 1 partner Name or address of the partner system for which monitoring data is to be shown The partner must be an openFT partner i e communication via the openFT protocol and must support the collection of monitoring data i e the openFT version of the partner must be at least V11 In addition the partner s asynchronous openFT server must be started and monitoring must be activated in its operating parameters partner not specified If you do not specify a partner the monitoring data of the openFT instance on the local computer is output transfer admission user ID account password Transfer admission for the partner system File transfer and preprocessing postprocessing must be permitted under the specified transfer admission You can specify this transfer admission asanFTAC transfer admission if FTAC is used in the remote system or destination instance For this purpose a special admission profile with the filename prefix FTMONITOR can be set up on the partner system that only permits monitoring data to be
80. details see the section ftshwc Show openFT instances that can be remotely administered on page 266 Exporting the configuration If the ADM administrator wishes to export the configuration he she must enter the following command on the remote administration server ftexpc xml file Alternatively in the openFT Explorer Administration menu Remote Administration Export Configuration command The configuration data is stored in XML format in the file xml file The notation is the same as is used when creating the configuration file See page 104 ff The file can be exported during live operation Changing the configuration The following steps are necessary if the ADM administrator wishes to change a configuration for instance in order to add instances or change addresses 1 Export the configuration into a file as described above e g using ftexpc xml file 2 Make the changes in the file For details see the section Creating a config uration file on page 104 3 Import the changed file e g using ftimpc xml file See also page 117 The configuration can be imported during live operation If however the changes to the configuration are particularly extensive a message is issued prompting you to stop the asynchronous openFT server before performing 118 openFT Windows Administration Central administration Remote administration the import You can use the commands ftstop and ftstart or
81. displayed to prevent unauthorized persons from seeing the transfer admission To exclude the possibility of typing errors the program expects you to enter the transfer admission a second time as an entry check The transfer admission is not queried when a standard admission profile is changed The following message is issued Transfer admission of standard profile must be n tad not specified does not modify the transfer admission of the FT profile openFT Windows Administration 225 ftmodp openFT commands v y v n v defines the status of the transfer admission y the transfer admission is not disabled it is valid n transfer admission is disabled it is not valid v is ignored if the modified profile is a standard admission profile v not specified the transfer admission status remains unchanged d yyyymmdd d specifies the period during which the transfer admission can be used The FT profile is disabled when this period has expired You can specify an eight digit date e g 20170602 for June 2 2017 The transfer admission can no longer be used after 0 00 hours on the specified day The largest possible value that can be specified for the date is 20380119 January 19 2038 yyyymmdd not specified when d is specified the previous setting is cancelled i e the time restriction is removed from the transfer admission d is ignored if the modified profile is a standard admission profile d not
82. e Mandatory attribute Address The value of the attribute Address is a string with a maximum length of 200 bytes that specifies the address of the openFT instance to be administered You can specify the name from the partner list or enter the address directly openFT Windows Administration 111 Remote administration Central administration The address format of the administered openFT instance depends on its version openFT as of V11 0 The address must have the protocol prefix ftadm i e it must be entered with this prefix in the partner list or the prefix must be specified here If this is not done the openFT instance will be administered as an openFT instance lt V11 0 using ftexec openFT lt V11 0 The address must have the standard format i e it must be entered without a prefix in the partner list or the prefix must not be specified here You must also set the Mode attribute to the value Legacy See below e Mandatory attribute Admission The value of the attribute Admission is a string containing the FTAC transfer admission The maximum length of the string is 36 bytes 67 bytes if specified in hexadecimal format An admission profile with this transfer admission must be defined in the openFT instance to be administered Depending on the version of the instance to be adminis tered this profile must permit the following function s See the section Configuring an openFT instance to be administered o
83. events ADM traps can be generated if certain events occur on openFT instances These are sent to the central ADM trap server and stored permanently there This allows remote administrators to evaluate important events at a later time and for specific instances Compatible integration of earlier openFT versions Instances running versions of openFT as of V8 0 can simply be added to the configuration and administered in the same way as instances as of V11 0 All the administration functions offered by the corresponding openFT version can be used 94 openFT Windows Administration Central administration Remote administration 5 1 Remote administration openFT allows you to set up a remote administration server via which you can administer your openFT instances on the various platforms You can choose to use any openFT instance as an administration workstation 5 1 1 The remote administration concept The figure below shows the remote administration components and the most important configuration options on the basis of a deployment scenario Logon Login openFT V11 0 openFT V11 0 Mainframe Open platform Mike Jane Remote administrators Transfer Ear Login admission 9 Yy y Remote administration server openFT as of V11 0 open platform ADM Configuration data Ea administrator
84. for BS2000 OSD the asynchronous openFT server has not started on the partner system a firewall in the partner system is blocking connections the local system cannot be reached from the partner systems The following potential error sources should be examined Were the asynchronous openFT server started Does the local address match the default settings ftmodo openft s or has it been changed If you use TNS Was an RFC1006 entry with TSEL FJAM made for the local address Was port number 1100 assigned to the local application FJAM Port number 102 should basically never be used since this could result in collisions with other application packets Was port number 1100 addressed in the partner system In other words was a BCMAP entry with port number 1100 made in BS2000 for example Is the openFT application released on the firewall openFT Windows Administration 341 What if the message Local system unknown in remote system is output This means that your partner system does not accept your local system as a partner In this case you should check the following on the partner system Are dynamic partners connected and is there no entry in the partner list for your local system Possible solutions Enter your local system in the partner list on the partner system or permit dynamic partners Does partner address checking fail for your local system
85. for which you want to output the ADM log records ri not specified The routing info is not a selection criterion Examples The following examples each output the log records for the user s own ID If you are an FT FTAC or ADM administrator and want to output the log records for all user IDs you must also specify a 1 All log records that are more than two days 48 hours old are output ftshwl rg 2 2 All log records that are more than 15 minutes old but less than 30 minutes old are output fFtshwl rg 15 30 3 All log records that are less than 30 minutes old are output Ftshwl rg 30 4 All log records that are more than 30 minutes old are output 30 ftshwl rg 5 The last 10 log records where FTAC checks failed reason code not equal to 0 are output ftshwl rc f rt c nb 10 278 openFT Windows Administration openFT commands ftshwl output 6 33 1 Description of log record output Log records can be displayed using the openFT Explorer or by using the ftshwl command You can choose between a short overview detailed information or if further processing is to be performed with external programs output in the CSV format The log records are identified by log IDs The log IDs are assigned in ascending order but for technical reasons the numbering is not contiguous i e there may be gaps 6 33 1 1 Logging requests with preprocessing postprocessing For security
86. in safe hands To ensure this both instances check the identity of the reciprocating system For this to be possible both public keys must have been exchanged and stored Note on Secure FTP A Secure FTP server makes its key and the certificate available to the openFT instance for encryption purposes No mutual authentication is carried out openFT is able to exchange encrypted outbound file contents with a Secure FTP server if openFT CR is installed on the openFT side and the FTP server supports the TLS Transport Layer Security protocol AES Advanced Encryption Standard is used as the encryption method In the inbound direction openFT does not support encrypted file transfer over the FTP protocol If openFT requires encryption of the file content but the FTP server does not support the TLS protocol the request is rejected If openFT does not require encryption of the file content the request description data is only encrypted if the FTP server accepts the TLS protocol otherwise the request description data is transferred in unencrypted form 54 openFT Windows Administration Tasks of the administrator openFT logging 2 11 openFT logging As an openFT or FTAC administrator you may display and delete the log records of all users Displaying log records You can use the ftshwl command to view all log records in the system The output of a log record contains an RC column which indicates the cause of rejection o
87. issue the ftshwc command Ifyou enter ftshwc via a remote administration request using ftadm you must specify an FTAC transfer admission The openFT instances are determined on the basis of the admission profile that belongs to this transfer admission ftshwc searches the configuration data on the remote administration server for openFT instances that are allowed to be remotely administered with the user ID or using this admission profile and outputs them If you are not permitted to remotely administer any instances the following message is issued ftshwc No instances available Format ftshwe h rt i rt gi rt ig csv Description h Displays the command syntax on the screen Entries after the h are ignored rt i rt gi rt ig rt specifies what information is to be displayed You can specify the following i gi default ig i Only information on instances is shown gi ig Information on groups and instances is shown 266 openFT Windows Administration openFT commands ftshwc csv csv specifies that the data is to be output in CSV format csv not specified The data is output in default format Example of output in default format Ftshwec TYP GROUP ACCESS AME Liverpool DESC Locations in Liverpool TYPE GROUP ACCESS AME Liverpool Ll DESC Bondtreet 28 TYPE GROUP ACCESS AME Liverpool L2 DESC openFT center TYPE
88. lt AccessList gt lt AccessEntry gt lt AccessList gt lt Instance Name MCHSRVO1 gt lt Instance Name OPENFTOL1 gt lt Group gt lt Group Name MCH2 Description Computer Center Muenchen Freimann gt lt Group gt lt Group gt lt Configuration gt 110 openFT Windows Administration Central administration Remote administration Defining instances An openFT instance starts with the XML tag lt Instance gt You can define a maximum of 5000 instances in the XML file An instance can be assigned to a group or defined independently of a group You must observe the following assignment hierarchy e With group s Configuration Remote administrator s Optional access list Group s Optional access list Instance Optional instance specific access list e Without group Configuration Remote administrator s Optional access list Instance Optional instance specific access list You will find detailed information on the access list on page 114 An instance is made up of the following attributes e Mandatory attribute Name The value of the attribute Name is a string that specifies the name of the openFT instance The maximum length of the string is 24 bytes The name of the instance can be freely selected Optional attribute Description The value of the attribute Description is a string that describes the instance in more detail The maximum length of the string is 100 bytes
89. management openFT Windows Administration 229 ftmodp openFT commands The following table shows which subcomponents of the file management can be used under which conditions Inbound file management Values of the admission set function or extension in profile Display file attributes Inbound Send IBS enabled Modify file attributes Inbound Receive IBR and Inbound File Management IBF enabled Rename files Inbound Receive IBR and Inbound File Management IBF enabled Delete files Inbound Receive IBR enabled and Write mode overwrite in profile Display directories Inbound File Management IBF enabled Create rename and delete Inbound File Management IBF enabled directories and direction from partner in profile iif not specified causes the values specified in the profile for the basic function inbound file management to apply unchanged ff t m p r a l ff c ff defines the FT function for which the FT profile can be used With the exception of c these letters can be combined in any way tm mt mr c must not be combined with other values Please observe the note concerning the description of f c on page 231 t transfer The FT profile can be used for the file transfer functions Transfer files Display file attributes and Delete files m modify file attributes The FT profile can be used for the file transfer functions Display file a
90. means that the operating system parameters apply to sender verification sl 1 100 sl p sl You use this option to assign a security level to the partner system A low security level means that the need for protection vis a vis this partner is low for instance because the partner s identity has been authenticated using cryptographic methods which means that you can be certain that the partner is genuinely who they claim to be A high security level means that the need for protection vis a vis this partner is high because the identity of the partner has only been determined on the basis of their address for instance and that no authentication has been performed using cryptographic methods 1 100 Assigns a fixed security level to the partner 1 is the lowest and 100 the highest security level All integers 1 through 100 are permitted p Assigns a security level to the partner on the basis of the partner s attributes i e Security level 10 if the partner has been authenticated Security level 90 if the partner is known in the transport system and is identified by the name it is known by in the transport system Security level 100 if the partner has only been identified by its address Security level not specified default value sl without parameters means that the operating parameter setting for the security level applies see command fimodo on page 204 150 openFT Windows Administration
91. must together not be longer than 1000 characters Please also bear in mind the information provided on the f option If a suffix was defined with fs the character set available for specifying follow up processing in the FT request is restricted to alphanumeric characters letters and digits the special characters _ a period between alphanumeric characters Ifs not specified FTAC sets no suffix after the follow up processing specified in the request in the event of unsuccessful file transfer wm o wm n wme e wm one wm specifies which write modes may be used in the file transfer request and what they effect o overwrite In the FT request of openFT or FTAM partners only o or e may be entered for write mode The receive file is overwritten if it already exists and is created if it does not yet exist With FTP partners n may also be entered if the file does not yet exist n no overwrite In the FT request o n or e may be entered for write mode The receive file is created if it does not yet exist If the receive file already exists the request is not executed e extend In the FT request only e may be entered for write mode i e the receive file is extended by appending the transferred file to the end if the receive already exists The receive file is created if it does not yet exist one default value means that the FT profile does not restrict the write mode
92. number of parallel outbound connections and Max ISP maximum number of parallel inbound connections is no longer supported as of openFT V11 Both values correspond to the parameter cl connection limit of the ftmodo command according to the following formula Max OSP Max ISP connection limit 2 3 rounded to the nearest integer The explanation of the possible values in the description of the ftmodo command starting on page 204 openFT Windows Administration 89 SNMP management SNMP 4 3 3 Statistical information MIB definition Object name Access Meaning object identifier ftStatSuspend read only Requests in status SUSPEND 1 3 6 1 4 1 231 2 18 4 1 0 ftStatLocked read only Requests in status LOCKED 1 3 6 1 4 1 231 2 18 4 2 0 ftStatWait read only Requests in status WAIT 1 3 6 1 4 1 231 2 18 4 3 0 ftStatActive read only Requests in status ACTIVE 1 3 6 1 4 1 231 2 18 4 4 0 ftStatCancelled read only Requests in status CANCELLED 1 3 6 1 4 1 231 2 18 4 5 0 ftStatFinished read only Requests in status FINISHED 1 3 6 1 4 1 231 2 18 4 6 0 ftStatHold read only Requests in status HOLD 1 3 6 1 4 1 231 2 18 4 7 0 ftStatLocalReqs read only local requests 1 3 6 1 4 1 231 2 18 4 8 0 ftStatRemoteReqs read only remote requests 1 3 6 1 4 1 231 2 18 4 9 0 The individual states have the following meanings SUSPEND The request was interrupted LOCKED Th
93. of ftshwc on page 266 openFT Windows Administration 123 Remote administration Central administration Issuing a remote administration request You issue a remote administration request using the ftadm command The syntax used for the remote administration request depends on whether you enter the ftadm command directly on the remote administration server or ona different remote computer e Entering the ftadm command on the remote administration server Log in on the remote administration server under the user ID that the ADM administrator has configured as remote administrator in the configuration file See the UserID attribute in the section Defining remote administrators on page 107 Enter the ftadm command in the following form ftadm ri instance command e Entering the ftadm command on a remote computer Log in on the remote computer using any user ID and enter the ftadm command in the following format ftadm cs server ri instance command transfer admission Explanation server On the remote computer only Name of the remote administration server from the partner list or address of the remote administration server using the format ftadm host instance Routing name of the openFT instance on which the administration command is to be executed You must enter this name in exactly the form in which it appears with the ftshwc command See page 123 command Specifies the administration command
94. of existing TNS entries you must do this by setting the operational parameters e g using ftmodo tns y The TNS identifies a transport system application TS application by means of a symbolic name known as the GLOBAL NAME The symbolic name generally consists of up to five name parts These symbolic names are assigned address information The necessary specifications such as station name application name port number etc can be obtained from your network administrator Depending on the installation variant new installation update installation and the type of link certain entries are made or modified during the installation of openFT see also the section TNS entries created automatically on page 381 You create TNS entries using the graphical user interface TNS User Interface that can be called from the Start menu Start Programs PCMX 32 TNS User Interface It can also be useful to enter the remote TS applications of the partner systems which are to issue requests to the local system In openFT partner version 8 1 and later ensure that the name by which requests are processed with this partner correspond to the instance ID of the remote system If there is any doubt a TNS input is required In this case In the case of WAN partners the partner is easier to identify for requests issued in the remote system For example the name of the partner as entered in the TNS is recorded in the log records With FTAM partn
95. openFT Explorer see page 125 You can issue the requests on the remote administration server itself or on a remote computer e f you issue requests on the remote administration server you must log in under the user ID that the ADM administrator has entered in the configu ration data to authenticate yourself as a remote administrator If you log in on the remote administration server under a user ID that is not entered in the configuration data you can only address the remote adminis tration server using the FTADM protocol This is the same as if you issue the request on a remote computer See the next section e f you issue requests on a remote computer you require the following data that the ADM administrator must provide you with address of the remote administration server FTAC transfer admission for accessing the remote administration server The address of the remote administration server must always be specified with the protocol prefix ftadm e g ftadm server01 t is therefore always best to let the FT administrator enter the remote administration server in the partner list You are however always able to determine the names of the openFT instances that you are permitted to administer yourself See the section Determining the names of the openFT instances 122 openFT Windows Administration Central administration Remote administration 5 1 4 1 Remote administration using the command interfac
96. or more FT partners delimited by commas and enclosed in double quotes NRES FileName String Value enclosed in double quotes NRES Library String YES NO NRES Value enclosed in double quotes FileNamePrefix String YES NO ElemName String Value enclosed in double quotes NRES NONE openFT Windows Administration 371 Structure of CSV Outputs Appendix Column Type Values ElemPrefix String YES NO ElemVersion String Value enclosed in double quotes STD NONE NRES ElemType String Value enclosed in double quotes NRES NONE FilePass String YES NRES NONE Write String NEW EXT REPL NRES UserAdmld String Value enclosed in double quotes UserAdmAcc String Value enclosed in double quotes NSPEC NRES UserAdmPass String OWN NSPEC NONE YES ProcAdmld String Value enclosed in double quotes NRES SAME ProcAdmAcc String Value enclosed in double quotes NRES SAME ProcAdmPass String NONE YES NRES SAME SuccProc String Value enclosed in double quotes NONE NRES EXPANSION SuccPrefix String Value enclosed in double quotes NONE SuccSuffix String Value enclosed in double quotes NONE FailProc String Value enclosed in double quotes NONE NRES EXPANSION FailPrefix String Value enclosed in double quotes NONE FailSuffix String Value enclosed in double quote
97. preprocessing facility in openFT can be used to send a receive request in which the outputs of a remote command or program are transferred instead of a file This makes it possible to query a database on a remote system for example Preprocessing also may be issued locally presentation Entity that implements the presentation layer layer 6 of the ISO OSI Reference Model in an FT system that uses e g FTAM protocols presentation selector Subaddress used to address a presentation application private key Secret decryption key used by the recipient to decrypt a message that was encrypted using a public key Used by a variety of encryption procedures including the RSA procedure privileged admission profile Admission profile that allows the user to exceed the FTAC administrator s presettings in the admission set This must be approved by the FTAC adminis trator who is the only person able to privilege admission profiles privileged admission set Admission set belonging to the FTAC administrator profile In OSI a profile is a standard which defines which protocols may be used for any given purpose and specifies the required values of parameters and options Here a set of commands assigned to a user ID The permissibility of these commands is ensured by means of syntax files See also admission profile privileged admission profile prompting in procedures Function used to prompt the user at the terminal to enter data re
98. profile name all the FT profiles belonging to the login name under which the ftmodp command is issued are modified Otherwise the FT profile with the specified name is modified ua user ID password n With ua the FTAC administrator can assign any desired FT profile of a login name to another login name user ID As the FTAC administrator you can specify any login name here password specifies the password for a login name A binary password must be specified in the form x or X The FT profile for the login name is valid only so long as the password password is valid for the login name When the password is changed the profile can no longer be used not locked n for password In this case the FTAC administrator cannot specify any transfer admission for the FT profile if you do not have FT administrator privileges An existing transfer admission will be automatically deleted in this case comma only no password specified causes FTAC to query the password on the screen after the command is entered Your entry is not displayed to prevent unauthorized persons from seeing the transfer admission user ID only without comma and password specified means that the profile is valid again for all passwords of the specified login name user ID ua not specified the login name of this FT profile remains unchanged nn profile name s nn can be used to assigns a new name to one of your FT profiles
99. rights the service is executing can be used as the transfer admission Alternatively a combination of user id password of the user with whose rights the service is running will also be accepted as the transfer admission Transfer admissions or user ids of other users will not be accepted e Itis no longer necessary to store the password using the openFT Explorer Administration User password in order to allow FTAC profiles to be used NTFS files to be accessed for asynchronous outbound requests and local outbound or remote inbound follow up processing to be performed This menu item is still available at the openFT Explorer so that you can change to a different operating mode service executes with system rights at any time e The home directory specified for the corresponding user in the User Manager is used as the home directory If no such directory is specified openFT creates the directory the directory For Windows XP for example this directory is located in userID hostname or userID domain under the directory Documents and Settings openFT Windows Administration 35 Protection bit setting Tasks of the administrator 2 5 File access rights for newly created files You define the file access rights for newly created files via the openFT Explorer Choose the file Access Rights command in the Administration menu and specify in the File Access Rights dialog box whether the received file is to be created with th
100. selektor EMPTY FORMAT T selektor TRANSDATA F TAM Port number 102 Proxy lt none gt System name transport system dependent openFT Windows Administration 389 Remote TS application for openFT FTAM Appendix e Partner address entry for transfer via TranSON Global Name ftamtranson P selektor EMPTY FORMAT S selektor EMPTY FORMAT T selektor RANSDATA FTAM Port number 102 Proxy TranSON System name transport system dependent The global application TransON with the proxy address is registered during the installation of PCMX 32 e Example of interconnection with DEX system The partner requires the selectors in ASCII format but itself sends empty selectors in its sender address if it has the initiative Global Name dex Part 5 P selektor ASCII TS S selektor ASCII TS SSAP T selektor ASCII TS TSAPEAF System name transport system dependent The following entry is required if the initiative comes from the DEX system Its sole purpose is to identify an initiator Global Name dex 01 Part 5 P selektor lt none gt S selektor lt none gt T selektor ASCII TS TSAPEAF System name transport system dependent 390 openFT Windows Administration Appendix openFT in a Windows cluster 9 3 TheopenFT instance concept ina Windows cluster Software Requirements openFT V11 0 for Windows the same openFT version must be installed on all nodes of the cluster 9 3 1 Sample This is a
101. system or on a remote system The openFT Monitor can only be called if monitoring has been explicitly activated by the administrator on the relevant system e g using the ftmodo mon n command and the asynchronous openFT has been started Format ftmonitor h lay lt monitor layout file name 1 512 gt po lt polling intervall 1 600 gt lt partner 1 200 gt lt transfer admission 8 67 gt lt user ID 1 67 gt lt account 1 64 gt lt password 1 64 gt Description h Outputs the command syntax in a separate message box Any specifications after h are ignored lay monitor layout file name Name of the Monitor layout file This file describes what monitoring data is output and how it is presented The name of the layout file must be specified with the suffix frmc This suffix is automatically assigned by the monitor when the file is saved if it was not explicitly specified there The content of the layout file is also generated by the Monitor You must not change the content of the layout file After the default Monitor window has been opened for the first time without specifying ay you can create and save your own layout file To do this choose a different layout from the View menu of the Monitor window for instance or set a different value using the selection icon on the top right and store the setting under a name of your choice Refer to the online Help system of the Monitor window for
102. the instance ID of the partner With the aid of the instance IDs of the partner systems openFT administers operational resources like for example request waiting queues and crypto graphic keys 50 openFT Windows Administration Tasks of the administrator Authentication 2 10 2 Creating and administering RSA key pairs A suitable public key for the given instance must be made available to the partner system so that your own openFT instance can be authenticated in the partner system Using ftcrek or by via the openFT Explorer create RSA key pairs for the local openFT instance that currently consist of a private key and a public key A key pair set in the Windows system currently consists of a key pair with a length of 768 1024 and 2048 bits Private keys are internally adminis tered by openFT public keys are stored in the config directory of the instance file tree of the openFT instance see Instance directory on page 68 under the name syspkf r lt key reference gt lt key length gt The key reference is a numerical designator for the version of the key pair The public key files are text files that are created using the character code of the respective operating system i e by default BS2000 OSD Value of the system parameter HOSTCODE z OS IBM1047 Unix systems ISO8859 1 Windows systems CP1252 In the syspkf comment file in the config directory of the instance file tree you can store com
103. the openFT protocol ftam FTAM partner i e communication takes place over the FTAM protocol ftp FTP partner i e communication takes place over the FTP protocol ftadm ADM partner i e communication takes place over the FTADM protocol for remote administration and ADM traps 40 openFT Windows Administration Tasks of the administrator Administering partners Default value openft Exception if a global name from the TNS is used for host and a presentation selector is assigned to this name in the TNS then ftam is the default value host Computer name via which the partner is addressed Possible entries Internet host name e g DNS name length 1 to 80 characters Global name from the Transport Name Service TNS up to 78 characters long with full support for the 5 name parts In this event the following applies TNS mustbe activated ftmodo tns y to allow a global name from the TNS to be used in requests In this case the TNS name takes precedence over the Internet host name The partner address must end with host and must not contain any other address components such as port tsel etc ftp is not permitted for protocol as openFT FTP does not support TNS operation Ifthe TNS entry contains a presentation selector for this global name only fram is permitted for protocol Ifthe TNS entry does not contain a presentation selector ftam is not permitted for protocol If you
104. the system is designated as private it is immediately disabled It must be assigned a new transfer admission using the ftmodp command before it is used The imported FT profiles are automatically locked and must be unlocked before use with the command ftmodp and the parameter v y if the FTAC administrator does not have FT administrator privileges Privileged FT profiles lose their privi leged status when imported The FTAC administrator can control this behavior with the sec option provided that he has FT administrator privileges The standard admission set is not saved when it is exported Therefore the standard admission set on the computer at the time of importing remains valid Variable values in the imported admission sets that refer to the standard admission set and are therefore marked with an asterisk are assigned the value of the standard admission set that is currently valid Format ftimpe h lt file name 1 256 gt u lt user ID 1 36 gt lt user ID 100 1 36 gt pr lt profile name 1 8 gt lt profile name 100 1 8 gt pr n as y as n sec s sec h adm y adm n openFT Windows Administration 195 ftimpe openFT commands Description h Displays the command syntax on the screen Entries after the h are ignored file name file name specifies the file from which the FT profiles and admission sets are to be imported u user ID1 user ID2 user
105. update these instances after installation using the ftupdi command see page 339 Tasks required of the system administrator 1 Install openFT from the data medium 2 You need to answer questions during installation asking you if you have a valid openFT FTAM license and a valid openFT FTP license Only activate this option if you have a valid license for openFT FTAM or openFT FTP Depending on the answers openFT FTAM and or openFT FTP may or may not be installed After an update installation the asynchronous openFT server is not started automatically Therefore you have to start openFT manually e g with the ftstart command or via Administration menu Start Asynchronous Server command in the openFT Explorer If the asynchronous openFT server is always to be started automatically choose Start Asynchronous Server Automatically using openFT Explorer Administration Operating Parameters General tab 72 openFT Windows Administration Installation and configuration Update installation Steps performed automatically The following steps are performed automatically for an update installation e openFT Script requests are cancelled e The TNS entries from the previous version are modified The TNS use remains activated in case of update installation form V8 1 e The language setting from the previous version is used e The instance directories of currently existing instances including the standard instance are updated i e
106. written is taken rg 1 999999999999 If the minus sign is omitted the range is restricted to the specified log ID only rg 0 999 0 999 Here you specify with rg a relative time period as a multiple of 24 hours i e as a number of days Note that the relative time period is calculated with an accuracy of one second from the current time You have the following options d7 and d2 1 through 3 digits rg d1 d2 outputs all log records that are between d and d2 days old irrespective of whether d1 is larger or smaller than d2 rg d1 outputs all log records that are no more than d days old rg d2 outputs all log records that are at least d2 days old 274 openFT Windows Administration openFT commands fishwl rg 0 999 0 999 Here you specify with rg a relative time period in minutes You have the following options in this case m and m2 1 through 3 digits rg mI1 m2 outputs all log records that are between m and m2 minutes old irrespective of whether m is larger or smaller than m2 rg m1 or rg m1 outputs all log records that are no more than m1 minutes old rg m2 outputs all log records that are at least m2 minutes old rg not specified The range is not a selection criterion rt t c a Defines which type of log record is to be displayed You may specify t c a and any combination of these values t The FT log records are displayed c The FTA
107. you should note that the asynchronous openFT server only processes requests for the user under whose rights it was started This operating mode is reasonable e if only one user is working on the system and true multi user operation is therefore not required e or for automated procedures since these normally do not require multi user functionality As Windows administrator you set the user as follows Windows XP 1 Choose Control Panel Administrative Tools Services and select the service openFT 2 Click on the Log On tab In the window which has now been opened select Log On As This Account and specify the user name and the user password of the account under which the service is to be started If the service is to run under the system account again select Local System Account and activate Allow Service to Interact with Desktop Notes e The service is automatically started up when the operating system is started up unless this has been explicitly deactivated via the administration facilities e Access to the file system with the rights of the user under whom the service is executing i e the FT server can also only access files which the user is also able to access This enables access to files in the network via UNC names provided that the users themselves have access 34 openFT Windows Administration Tasks of the administrator Setting operating modes e All the FTAC profiles of the user with whose
108. 1 0 must be installed on your system if it is to be configured as a remote administration server The following table indicates e the steps required to create a configuration as shown on page 95 e and who performs these steps Step Who 1 Defining the ADM administrator FTAC administrator 2 Declaring an openFT instance as a remote adminis FT administrator tration server 3 Setting up admission profiles for accessing the ADM administrator remote administration server 4 Entering the openFT instances to be administered in FT administrator the partner list 5 Creating a configuration file ADM administrator 6 Importing the configuration ADM administrator The remote administration server is thus ready for operation The ADM admin istrator can export and modify the current configuration at any time See page 118 It now remains to configure openFT instances on the partner systems for remote administration See page 119 100 openFT Windows Administration Central administration Remote administration 5 1 2 1 Defining the ADM administrator The ADM administrator is the only person permitted to administer the remote administration server Because no ADM administrator is defined by default after openFT has been installed we urgently recommend that you define one first This property is bound to the admission set and must therefore be assigned by the FTAC administrator In your rol
109. 142 324 ftstart 337 ftStartandStop 88 ftStatActive 90 ftStatFinished 90 ftStatLocalReqs 90 ftStatLocked 90 ftStatRemoteReqs 90 ftStatWait 90 ftstop 338 ftSysparCode 89 ftSysparMaxInboundRequests 89 ftSysparMaxISP 89 ftSysparMaxLifeTime 89 ftSysparMaxOSP_ 89 ftSysparProcessorName 89 ftSysparStationName 89 ftSysparTransportUnitSize 89 ftSysparVersion 89 fttrace 352 ftupdi 339 ftupdk 340 functional standard 425 G gateway 425 gateway processor 425 general string 425 GeneralString 419 GLOBAL NAME 379 GraphicString 419 425 group defining in remote administration 109 H heterogeneous network 425 homogeneous network 425 HOSTS file 425 hosts file 41 l 329 IA5String 419 425 IBM1047 51 identification 425 importing admission sets ftimpe command 195 importing configuration of remote administration server 193 452 openFT Windows Administration Index importing FT profiles ftimpe command 195 importing the FTAC environment ftimpe command 195 inbound file management 426 follow up processing 426 receive 426 request 426 send 426 submission 426 INBOUND FILE MANAGEMENT 257 INBOUND PROCESSING 257 INBOUND RECEIVE 257 INBOUND SEND 257 information obtaining on standard admission profile 311 on the Internet 18 information on instances 62 information on reason codes output 192 initial installation 67 initiator 426 installation 67 correction version 74 initial 67 new 67
110. 19 A 2575 13 30 15 0000 gt ftadm REMOTE adminrem admin001 3 Output routing ADM log record on the remote administration server ftshwl rt a ff f TYP LOG ID TIME RC PARTNER INITIAT PROFILE USER ADM FILENAME 2009 06 19 AF 396 13 22 54 0000 gt Testrech REMOTE adminacc admin002 Explanation The following differences apply to ADM log records compared with FT or FTAC log records The value A is output for an ADM log record in the TYP column In the case of ADM log records with routing information on the remote administration server ftshwl ff f the value F is also shown in column 2 The FILENAME column is empty for ADM log records 282 openFT Windows Administration openFT commands ftshwl output 6 33 1 4 Long output format of an FT log record Examples ftshwl a rg 3304 1 LOGGING ID 3304 RC 0000 TIME 2009 11 27 15 38 06 TRANS FROM REC TYPE FT FUNCTION TRANSFER FILE PROFILE PCMD NONE STARTTIME 2009 11 27 15 38 06 TRANS ID 262178 WRITE REPLACE STORETIME 2009 11 27 15 38 06 TRANSFER 24 kB CCS NAME SEC OPTS ENCR DICHK DDICHK RSA 768 AES 128 INITIATOR REMOTE USER ADM DOMAIN1 miller PARTNER pitti FILENAME readme txt Explanation LOGGING ID Log record number up to twelve characters in length TRANS Transfer direction TO Transfer direction to the partner system This transfer direction is specified for asend request a request to display the file attributes
111. 2000 OSD z OS or on a Unix or Windows system The FTADM protocol is used for communication Several remote administrators can be configured with different permissions Administered openFT instance openFT instance that is able to be administered by remote administrators during live operation Access is via an admission profile The following applies depending on the openFT version of the openFT instance Inthe case of openFT instances as of V11 0 the FTADM protocol is used and the full range of remote administration functions can be utilized 96 openFT Windows Administration Central administration Remote administration Inthe case of openFT instances from V8 0 through V10 0 administration is carried out using the openFT protocol and the command ftexec The range of functions available depends on the openFT version of the instance being administered Configuration with multiple remote administration servers Complex configurations can also be defined in which remote administrators access multiple remote administration servers The figure below shows an example of this Logn Logn openFT V11 0 openFT V11 0 John Curt Transfer Transfer admission pone admission Transfer admission Remote administration Remote administration server A server B ADM ADM Configur
112. 421 Data Encryption Standard DES 421 data protection 421 data security 24 421 DataEncryption attribute 112 date 144 DDICHK 284 291 deactivate aninstance 62 an instance ftdeli 183 asynchronous inbound server 216 FTP server 216 default security level 208 default value FTAM port number 217 ftp portnumber 216 openFT port number 217 openFT T selector 217 remote administration port number 218 define access list remote administration 114 define block length 206 define coding 215 define maximum number simultaneous asynchronous requests 207 define maximum value number of requests 207 request lifetime 207 definition of local TS application FTAM 383 remote TS application 384 remote TS application FTAM 387 openFT Windows Administration 449 Index delete asynchronous requests 161 FT profile 59 FT profiles 187 key pairset 184 log record 81 185 partners 252 standard admission profile 187 DENCR 284 291 DenyFunction denying administration permissions 116 DES Data Encryption Standard 421 DES RSA 80 diagnostic information display 269 diagnostics SNMP 87 control 91 DICHK 284 291 directories create delete 173 201 230 173 201 230 display 173 201 230 rename 173 201 230 directory 421 display admission set 255 diagnostic information ftshwd 269 FT profiles 311 FT profiles and admission sets ftshwe 270 log records 272 monitoring data 46 operating parameters 305 partners 317 d
113. 6 29 1 1 Short output format of an ADM trap Example ftshwatp nb 3 TRAP ID TYPE DATE TIME SOURCE 52 RQ LIM HIGH 2009 01 02 10 36 56 fileserv 51 TRANS FAIL 2009 01 02 10 36 48 FTSERVO1 50 PART UNREA 2009 01 02 10 32 01 FTSERVO1 Explanation TRAP ID Number of the ADM trap in the ADM trap log file up to 12 digits TYPE Trap type Possible values FT START Asynchronous openFT has started FT STOP Asynchronous openFT has stopped PART STATE Status change on a partner system PART UNREA Partner system possibly not reachable openFT Windows Administration 263 ftshwatp Output openFT commands RQ LIM HIGH Request queue has reached a filling level of at least 85 RQ LIM LOW Request queue has fallen below a filling level of 80 TRANS SUCC Successful file transfer TRANS FAIL Failed file transfer DATE Date on which the trap occurred TIME Time at which the trap occurred SOURCE Name of the partner on which the trap occurred 6 29 1 2 Long output format of an ADM trap Example ftshwatp rg 13 15 1 TRAP ID 15 TYPE TRANS SUCC TIME 2009 10 12 16 26 15 SOURCE Test0001 PARTNER flexthom PTN STATE TRANS ID 65594 RC 0 INITIATOR REM FILENAME ftexecsv ftinfo_O csv t a u ERROR MSG TRAP ID 13 TYPE TRANS FAIL TIME 2009 10 12 16 25 58 SOURCE Test0001 PARTNER flexthom PTN STATE TRANS ID 65592 RC 2196 INITIATOR REM FILENAME ftmoni
114. 99999999 Selection of a trap ID is indicated by the leading sign openFT outputs those ADM traps that lie within the specified range If the specified trap ID is not valid the next most recent ADM trap is used rg 1 999999999999999999 The ADM trap with exactly this trap ID is output If this ID does not exist gaps in the numbering are possible the ADM trap with the next lowest trap ID is output rg 1 999999999999999999 1 999999999999999999 The range starts with the ADM trap with the first specified trap ID and ends with the second specified trap ID If a number is specified with nb that is smaller than the number of ADM traps in the range the required number of records up to the end ID is output rg 1 999999999999999999 The range starts with the ADM trap for the specified trap ID and ends with the most recent ADM trap If a number is specified with nb that is smaller than the number of ADM traps in the period the most recent ADM traps are output rg 1 999999999999999999 The range ends with the ADM trap with the specified trap ID If a number is specified with nb that is smaller than the number of ADM traps in the range the required number of ADM traps up to the end ID is output 260 openFT Windows Administration openFT commands ftshwatp rg not specified The trap ID range or the time period is not used as a selection criterion in other words output starts with the current most recen
115. Average value of the monitoring interval time elapsed since the last time the monitoring values were queried or since the start of monitoring Format n mm where n is an integer and mm are to be interpreted as decimal places 3 If the reference value is reduced in live operation it is possible for the value output to lie above 100 temporarily openFT Windows Administration 303 ftshwm Monitoring values openFT commands Example ftshwm openFT std Monitoring formatted MonOn 2009 02 16 15 36 12 PartnerSel OPENFT RequestSel ONLY ASYNC ONLY LOCAL 2009 02 17 15 40 01 Name Value hNetbTtl 38728 ThNetbSnd 38728 ThNetbRev 0 hDiskTtl 16384 ThDiskSnd 16384 ThDiskRcev 0 ThRqto 1 ThSuct 0 ThAbrt 0 Thintr 0 ThUsrf 0 ThCofl 0 ThCobr 0 StRqas 0 00 StRqaa 8 66 StRqwt 1 66 StRqhd 0 00 StRqsp 0 00 StRqlk 0 00 StCLim 16 StCAct 37 StRqLim 1000 StRqgAct 1 StOftr ON StFtmr OFF StFtpr OFF Explanation The default output format begins with a header containing the following specifications Name of the openFT instance and selected data format raw or formatted Monitoring start time and partner and request selection Current timestamp This is followed by the list of default values see also page 297 304 openFT Windows Administration openFT commands ftshwo 6 35 ftshwo Display operating parameters The ftshwo command outputs the operatin
116. C log records are displayed a The ADM log records are displayed rt not specified The record type is not a selection criterion ff t m r d a C D M N f Defines the FT function for which log records are to be output Possible values are t m r d a C D M l f or any combination of these values The entries m r d a C D M and are only reasonable for FTAC log records The entry fis only reasonable for ADM log records t is reasonable for all log records t All log records for the function transfer files are output m All log records for the function modify file attributes are output All log records for the function read directories are output All log records for the function delete files are output All log records for the function read file attributes are output All log records for the function Create directory are output All log records for the function Delete directory are output z0 0w 2 All log records for the function Modify directory are output openFT Windows Administration 275 fishwl openFT commands l All log records for the function inbound FTP access are output These log records are written if incorrect admission data FTAC transfer admission or user ID password was specified for inbound FTP access f All ADM log records of the Routing function are output on the remote administration server Output can be further restricted with the adm and ri opti
117. CT FTAM protocol inbound not available NAVAIL FTAM not installed FTP PORT Port number used by local FTP server ftmodo ftp Default port 21 Line 2 ACTIVE FTP protocol activated ftmodo acta DISABLED FTP protocol inbound deactivated INACT FTP protocol inbound not available NAVAIL FTP not installed ADM PORT Port number used by remote administration ftmodo adm Default port 11000 308 openFT Windows Administration openFT commands ftshwo Field name Meaning and values Command option Line 2 ACTIVE remote administration activated ftmodo acta DISABLED remote administration inbound deactivated INACT remote administration inbound not available ADM CS Specifies whether the local openFT instance is ftmodo admcs flagged as a remote administration server YES or not NO HOST NAME Host name of the local computer NONE ftcrei addr means that no host name has been assigned ftmodi addr IDENTIFICATION Instance identification of the local openFT ftmodo id instance LOCAL Name of the local system ftmodo p l SYSTEM NAME ADM TRAP Name or address of the partner to which the ftmodo atpsv SERVER ADM traps are sent NONE means that the sending of ADM traps is deactivated TRAP The TRAP settings are output here The fimodo possible values are ON and OFF The row tpc CONS indicates the console traps and the row atp ADM t
118. D request ID specifies the identification of a specific request that is to be output The request ID is output on the screen on acknowledgment of receipt of the request It can also be viewed for example using the jtshwr l command If you have specified a request ID and the other specified criteria do not correspond to the request then the request is not displayed and the following error message is output ftshwr Request requestID not found 326 openFT Windows Administration openFT commands ftshwr 6 38 1 Output of the ftshwr command 6 38 1 1 Standard ftshwr output ftshwr TRANS ID INI STATE PARTNER DIR BYTE COUNT FILE NAME 65558 LOC WAIT PINGO TO 0 D september pdf 196610 LOC WAIT servus FROM 0 D memo02 txt 262146 LOC WAIT servus TO 0 E pic picturel0 gif Description of the output TRANS ID The TRANS ID column transfer identification contains the request numbers used by openFT to identify the file transfer requests The TRANS ID can be used to cancel requests with the ftcanr command INI The INI column indicates the initiator LOC The request was submitted in the local system REM The request was submitted in the remote system STATE The STATE column indicates the priority of the request The priority is displayed after the state identifier The only possible display is for low If the request has the priority normal then nothing is displayed The following states are possible ACT act
119. Description Possible owners P870_DDM Reo Mody T Bun this resource in a separate Resource Monitor Resource type Network Name Group Disk Group 3 State Online Node P870_DDM Configure openFT in a cluster Network Name General openFT Windows Administration 399 openFT in a Windows cluster Appendix Netwerkname openFT Properties Configure openFT in a cluster Network Name Advanced 400 openFT Windows Administration Appendix openFT in a Windows cluster Netwerkname openFT Properties HEI General Dependencies Advanced Parameters Netwerkname openFT Name PEENE Configure openFT in a cluster Network Name Parameters Configuration openFT service 3 Name Resource Type Dependencies Advanced Parameters Registry Replication e g Service openFT Generic Service Physical Disk in this case Disk S IP address openFT Network name openFT use standard or customize Service name openFT cluster SOFTWARE Classes SNI WINTNS only necessary if TNS is used openFT Windows Administration 401 openFT in a Windows cluster Appendix Press Finish to create the resource and bring it online right mouse button Bring Online Service open ft Properties 21 x General Dependencies Advanced Parameters Registry Replication i Service open ft Name Description od Possible owners P870_DDM PN70_DDM Modify
120. FT FTAC MCHSRV02 FT FTAC MCH2 MCHSRVO3 FT FTAC Hamburg HH1 HHWSRVO01 FT FTAC FT FTAC HHWSRV02 FT FTAC FT FTAC HHWSRV11 FT FTAC FT HH2 HHWSRV99 FT FTAC FTOP XML configuration file The configuration shown in the table is defined using the following configuration file Items indicated by numbers on the right margin are explained after the file lt xml version 1 0 encoding UTF 8 gt lt Configuration Version 1100 Description Configuration for central server MCHSRVO1 gt xmlns xsi http www w3 org 2001 XMLSchema instance xSi noNamespaceSchemaLocation C Program Files openFT include config xsd gt lt AdministratorID Name John Description Domain Controller Administrator User ID rz John i Profile ProfileOl gt Les openFT Windows Administration 133 Example of an XML configuration file Central administration lt AdministratorID ame Fred Description Production computer administrator UserID rz Fred T Profile Profile02 gt 2 lt AdministratorID ame Jack Description Administrator of the HR department computer in HH Profile Profile03 gt 2 lt AdministratorID ame Mike Description Administrator of the QA computer in HH Profile Profile04 gt 23 lt Group lt Gr ame Muenchen Description Computer Center Muenchen gt oup Name MCH1 Description Computer Center Muenchen Schwabing gt lt AccessList gt
121. FT administrator you may specify any user ID here a AsanFT administrator you can specify a to display requests for all user IDs ua not specified Your own user ID is the selection criterion Exception The FT administrator has called the command and also specified a request ID in this case the presetting is a 324 openFT Windows Administration openFT commands ftshwr ini l ini r ini Ir ini rl You use ini to specify the initiator for which you want to display requests The following specifications are possible l local Only locally submitted requests are displayed r remote Only remotely submitted requests are displayed Ir rl local remote Both locally and remotely submitted requests are displayed ini not specified The initiator is not the selection criterion corresponds to lr or rl St a st w st I st c st f st h st s If you specify st then only information on requests with the corre sponding status is output The following specifications are possible a active The request is currently being executed w wait The request is waiting to be executed I locked The request is locked c cancelled The request has been deleted f finished The request has already been executed h hold The starting time specified on the issue of the request has not yet been reached s Suspend The request was interrupted i e it is currently in the SUSPEND sta
122. FTAC administrator you can assign a transfer admission for yourself under your own login name or for any other user 168 openFT Windows Administration openFT commands ftcrep In this case if you do not have FT administrator permissions you must specify the complete login admission i e the user ID and password n for transfer admission By entering n you create an FT profile without a transfer admission As the FTAC administrator by specifying n you can create FT profiles for other login names without having to define transfer admissions If the profile is not a standard admission profile it is locked until you or the owner of the profile assign a valid transfer admission with ftmodp You must specify n when you create a standard admission profile transfer admission not specified If you do not specify the transfer admission in the command FTAC prompts you to enter the transfer admission after the command has been sent Your entry is not displayed to prevent unauthorized persons from seeing the transfer admission To exclude the possibility of typing errors the program expects you to enter the transfer admission a second time as an entry check ua user D password n As the FTAC administrator use ua to specify the user IDs for which you want to set up FT profiles user ID The user without administrator privileges can specify only his own user ID As the FTAC administrator you can specify an
123. ID gt has the following attributes e Mandatory attribute Name The value of the attribute Name is a string that specifies the name of the remote administrator The maximum length of the string is 32 bytes The name must be unique i e the configuration file must not contain any other lt AdministratorID gt tags with the same name because the name is used as the key for the record The name is used both internally in the configuration data and externally in log records in order to uniquely identify the initiator of a remote administration request e Optional attribute Description The value of the attribute Description is a string that describes the remote administrator in more detail The maximum length of the string is 100 bytes e Optional attributes UserID and Profile These attributes identify the remote administrator depending on the type of access to the remote administration server You must therefore specify a least one of the two attributes UserID or Profile It is also possible to enter both attributes The following applies to UserID and Profile The value of the UserID attribute is a string with the name of a valid login ID on the remote administration server The maximum length of the string depends on the platform and can be up to 36 bytes The user that logs in on the remote administration server locally under this ID is therefore a remote administrator and possesses the adminis tration permissions granted to this Admi
124. ID3 specifies the login names whose FT profiles and admission sets are to be imported You can specify up to 100 login names simultaneously u not specified all FT profiles and admission sets are imported pr profile name1 profile name2 profile name3 pr n specifies the FT profiles to be imported up to 100 n for profile name no FT profiles are imported pr not specified all FT profiles belonging to the login names specified in the u parameter are imported However the profile is not imported if another FT profile of the same name already exists under this login name as y as n specifies whether or not admission sets are to be imported Possible values are y default value all admission sets belonging to the login names specified in the u parameter are imported n no admission sets are imported sec s sec h sec specifies the security level when importing FT profiles It only makes sense to use the sec option if you the FTAC administrator have FT administrator privileges s standard If you have FT administrator privileges the attributes of the FT profile are not changed when it is imported If you do not have FT administrator privileges the effect is the same as sec h i e the profiles are locked sec s s the default value 196 openFT Windows Administration openFT commands ftimpe h high The FT profiles are locked LOCKED by import and are assigned the attribu
125. Interfaces 4 Set up the relevant resources with the following properties 1 Name e g IP Address openFT Resource Type IP Address Dependencies Physical Disk in this case Disk S Advanced Use standard or customize Parameters P Address namely the one openFT Client needs to address the cluster 396 openFT Windows Administration Appendix openFT in a Windows cluster Press Finish to create the resource and bring it online right mouse button Bring Online gG Adresse openFT Properties Configure openFT in a cluster IP Address General IP Adresse openFT Properties Configure openFT in a cluster IP Address Dependencies openFT Windows Administration 397 openFT in a Windows cluster Appendix IP Adresse openFT Properties IP Adresse openFT Properties 192 168 90 30 255 255 255 0 Configure openFT in a cluster IP Address Parameters 398 openFT Windows Administration Appendix openFT in a Windows cluster 2 Name e g Network name openFT Resource Type Network Name Dependencies Physical Disk in this case Disk S IP address openFT Advanced use standard or customize Parameters Name e g OPENFT Press Finish to create the resource and bring it online right mouse button Bring Online Netwerkname openFT Properties 21 x General Dependencies Advanced Parameters a Netwerkname openFT Name Netwerkname openFT
126. LE CRE FT PROF FTAC DELETE FT KEY SET DEL FT KEY FT FTDELKEY DELETE FT LOGGING RECORDS DEL FT LOG REC FT FTAC FTDELLOG DELETE FT PROFILE DEL FT PROF FTAC MODIFY FILE TRANSFER MOD FILE T FT FTMODREQ MODIFY FT ADMISSION SET MOD FT ADM FTAC MODIFY FT OPTIONS MOD FT OPT FT FTMODOPT MODIFY FT PARTNER MOD FT PART FT FTMODPTN MODIFY FT PROFILE MOD FT PROF FTAC REMOVE FT PARTNER REM FT PART FT FTREMPTN SHOW FILE TRANSFER SHOW FILE T SHFT FT FTOP NSTATUS NSTAT FTSHWREQ SHOW FT ADMISSION SET SHOW FT ADM S FTAC SHOW FT DIAGNOSTIC SHOW FT DIAG FT FTOP FTAC FTSHWD SHOW FT INSTANCE SHOW FT INST FT FTOP SHOW FT LOGGING RECORDS SHOW FT LOG REC FT FTOP FTAC FTSHWLOG 156 openFT Windows Administration openFT commands ftadm BS2000 command Short forms and Permission aliases SHOW FT MONITOR VALUES 1 SHOW FT MON VAL FT FTOP FTSHWMON SHOW FT OPTIONS SHOW FT OPT FT FTOP FTSHWOPT SHOW FT PARTNERS SHOW FT PART FT FTOP FTSHWPTN SHOW FT PROFILE SHOW FT PROF FTAC START FTTRACE FTTRACE FT FTOP STOP FT FTSTOP FT UPDATE FT PUBLIC KEYS UPD FT PUB KEY FT FTUPDKEY 1 As of V11 0 openFT Windows Administration 157 ftadm openFT commands Commands for openFT partners in z OS z OS command Alias Permission FTADDPTN FT FTCANREQ NCANCEL NCAN FT
127. Leay license apply to the toolkit See below for the actual license texts Actually both licenses are BSD style Open Source licenses In case of any license issues related to OpenSSL please contact openssl core openssl org openFT Windows Administration 19 License provisions Preface OpenSSL License Copyrig Redistr modific met 1 Redi noti 2 Redi noti docu dist 3 All ware Thi for ht c 1998 2006 The OpenSSL Project All rights reserved jbution and use in source and binary forms with or without ation are permitted provided that the following conditions are stributions of source code must retain the above copyright ce this list of conditions and the following disclaimer stributions in binary form must reproduce the above copyright ce this list of conditions and the following disclaimer in the mentation and or other materials provided with the ribution advertising materials mentioning features or use of this soft must display the following acknowledgment s product includes software developed by the OpenSSL Project use in the OpenSSL Toolkit http www openss org 4 The names OpenSSL Toolkit and OpenSSL Project must not be used to e prio open 5 Prod may sion 6 Redi ackn Thi for THIS SO EXPRESS IMPLIED PURPOSE CONTRIB ndorse or promote products derived from this software without r written permission For written permission plea
128. M ADMIN ROUT Check admission for remote administration request and forward remote administration request to the openFT instance to be administered if the admission check is successful TRANS ID Number of the administration request PROFILE Name of the profile used SEC OPTS Security options used during transfer ENCR Encryption of the request description DICHK Data integrity check of the request description DENCR Encryption of the transferred file content DDICHK Data integrity check of the transferred file content LAUTH Authentication of the local system in the remote system RAUTH Authentication of the remote system in the local system RSA nnn Length of the RSA key used for the encryption AES 128 AES 256 DES The encryption algorithm used openFT Windows Administration 291 ftshwl reason codes openFT commands INITIATOR Request initiator If initiated in the local system login name If initiated in the remote system REMOTE USER ADM User ID to which the remote administration request refers in the local system PARTNER Partner system involved Depending on the location to which the ADM log record was written the following is output Client Name address of the remote administration server Remote administration server inbound Name address of the client Remote administration server outbound Name adadress of the openFT instance to be administered Administered openFT instance Name ad
129. Microsoft s Windows Installer Start guided installation in Windows in the normal manner by double clicking the setup exe program located on the data medium containing the openFT software You can also install openFT in unattended mode See the section Unattended installation on page 75 There are three different types of installation depending on whether an FT version is already installed or which FT version is already installed on your computer e New installation This means that your computer has an openFT lt V8 1 or no FT version on it e Update installation This means that your computer has openFT version 8 1 or V10 0 installed e Installation of a correction version This means that your computer has openFT version 11 0 installed You can extend an existing installation of openFT using the Change function in Windows and install or uninstall openFT functions such as openFT FTAM or openFT FT at a later date In Windows XP for instance the function is located under Control Panel Add or Remove Programs openFT Change This function also allows you to repair an existing installation if necessary openFT Windows Administration 67 Installation Installation and configuration What you need to observe before installing openFT If German or English is set as the language of the operating system the language to be used is no longer queried during installation and the value used in the operating system is taken
130. NFO 20090717 100921 FT 251 yfysequ 46 SwinsLwrite fFffff fff 20090717 100923 FTAC 39 yfslogg 1 WriteErr fff ffftTf Explanation DATE Date when the error occurred TIME Time at which the error occurred SSID Subsystem ID possible values FT FTAC PPE COMPONENT Module number name LOCATION ID Location in the code at which the error occurred INFO Error code openFT Windows Administration 269 ftshwe openFT commands 6 32 ftshwe Display FT profiles and admission sets from a file ftshwe stands for show environment i e display FT profiles and admission sets from a file Using ftshwe the FTAC administrator can display FT profiles and admission sets that were saved using the ftexpe command Format ftshwe h lt file name 1 256 gt u lt user ID 1 36 gt lt user ID 100 1 36 gt pr lt profile name 1 8 gt lt profile name 100 1 8 gt pr n as y as n I csv Description h Displays the command syntax on the screen Entries after the h are ignored file name file name specifies the file from which the FT profiles and admission sets are to be displayed u user ID1 user ID2 user ID3 specifies the user IDs whose FT profiles and admission sets are to be displayed You can specify up to 100 login names simultaneously If the specified user ID has no admission sets only the standard admission set is displayed If you specify a non existent login name for user
131. NO openFT Windows Administration 375 Structure of CSV Outputs Appendix Column Type Values LocTransAdmld String NONE Value enclosed in double quotes LocTransAdmAcc String empty LocProfile String NONE Value enclosed in double quotes empty LocProcAdmld String NONE Value enclosed in double quotes empty LocProcAdmAcc String empty LocSuccProc String Value enclosed in double quotes empty LocFailProc String Value enclosed in double quotes empty LocListing String empty LocMonjv String empty LocCcsn String STD Value enclosed in double quotes RemFileName String Value enclosed in double quotes empty RemElemName String Value enclosed in double quotes empty RemElemType String Value enclosed in double quotes empty RemElemVersion String Value enclosed in double quotes empty RemTransAdmid String Value enclosed in double quotes empty RemTransAdmAcc String Value enclosed in double quotes empty RemTransAdmAccount String Value enclosed in double quotes empty RemProfile String YES NONE RemProcAdmld String Value enclosed in double quotes empty 376 openFT Windows Administration Appendix Structure of CSV Outputs Column Type Values RemProcAdmAcc String empty RemSuccProc String Value enclosed in double quotes empty RemFai
132. Notational conventions on page 143 transfer admission FTAC transfer admission for accessing the ADM trap server d for transfer admission If you specify d blanked the transfer admission is queried on screen after the command has been sent Your input is blanked neither partner nor transfer admission specified If you specify atpsv without parameters you remove the ADM trap server This means that ADM traps are no longer sent openFT Windows Administration 213 ftmodo openFT commands atp a atp n atp ADM trap list comma separated atp allows you to activate and deactivate ADM traps The ADM trap server to which the ADM traps are to be sent is specified with atpsv The following specifications are possible with the atp option a all All ADM traps are written n none No ADM traps are written fts Activates the ADM traps on the status of the asynchronous server fts Deactivates the ADM traps on the status of the asynchronous server ras Activates the ADM traps on the status of the request queue rqs_Deactivates the ADM traps on the status of the request queue rqc__ Activates the ADM traps when a request has been terminated successfully rqc_ Deactivates the ADM traps when a request has been terminated successfully rqf Activates the ADM traps when a request has failed rqf Deactivates the ADM traps when a request has failed pts Activates the ADM traps on the status of the pa
133. O0C500C600C700C800C900CADNCBOOCCOOCD O0D500D600D700D800D900DA00DBOODCOODD OES500E600E700E800E900EAODDEBOOECOOED OF 500F600F700F800F9IDDFAOOFBOOFCOOFD cS WwW Te oh Se SS ae Sle Se Se eh SE T OO OO OO Or Or D a E Or Ore One Ora S 2 fo De Oo CO om a OD ah a a CD a a D gt CS ED e EA 4 Co 0S Ce Oo OO OO eo es Ga Ts a a O a fa N mmammmommm TTE TTE ETT eA T OOOO GOOGOGOOOG OGOGO GOG O openFT Windows Administration 31 Starting and stopping openFT Tasks of the administrator 2 3 Starting and stopping openFT By default openFT is started automatically as service at system startup The openFT service is required for every openFT command that is to be executed and should therefore always remain running You can use the openFT Explorer Administration Operating Parameters Start Asynchronous Server Automatically option to specify whether the asynchronous openFT server should also be started automatically when the openFT service is started Note that by default the option for automatically starting the asynchronous openFT server is only activated for the std instance If the asynchronous openFT server is not started only synchronous requests are executed Asynchronous requests are stored in the request queue Furthermore no further requests are accepted from partner systems and admission profiles cannot be used After be
134. RSA 768 AES 256 INITIATOR REMOTE USER ADM admin002 PARTNER ftadm cog2 test eng homenet de ADM CMD ftshwo ADMIN ID Hugo ROUTING Munich Jonny LOGGING ID 399 RC 0000 TIME 2009 06 19 13 22 55 TRANS FROM REC TYPE ADM FUNCTION REM ADMIN TRANS ID 152973 PROFILE SEC OPTS ENCR DICHK RSA 768 AES 256 INITIATOR admin002 USER ADM admin002 PARTNER Test0001 ADM CMD ftshwo ADMIN ID ROUTING LOGGING ID 396 RC 0000 TIME 2009 06 19 13 22 54 TRANS T0 REC TYPE ADM FUNCTION REM ADMIN ROUT TRANS ID PROFILE adminacc SEC OPTS INITIATOR REMOTE USER ADM admin002 PARTNER Test0001 ADM CMD ftshwo ADMIN ID Hugo ROUTING Munich Jonny 3 ADM log record on the administered openFT instance ftshwl rt a 1 LOGGING ID 2571 RC 0000 TIME 2009 06 19 13 29 49 TRANS T0 REC TYPE ADM FUNCTION REM ADMIN TRANS ID 334030 PROFILE adminrem SEC OPTS ENCR DICHK RSA 768 AES 256 INITIATOR REMOTE USER ADM admin001 PARTNER ftadm flexthom homenet de ADM CMD ftshwl ADMIN ID ROUTING 290 openFT Windows Administration openFT commands ftshwl output Explanation LOGGING ID Log record number up to twelve characters in length RC Reason code of the request TIME Specifies time when the log record was written REC TYPE ADM is always output here for ADM log records FUNCTION Administration function executed REM ADMIN Execute remote administration request RE
135. Request rejected Violation of ADM inbound file management level RC Reason 7001 The administrator ID is invalid It was not possible to determine a valid administrator ID from the user ID or the profile name in the configuration data of the remote administration server 7002 The routing information is invalid The specified openFT instance specified in the routing information could not be found in the configuration data of the remote administration server 7003 The specified remote administration command is invalid The remote administration server rejects the specified command because it is not a supported remote administration command 7101 Infringement against the access rights list On checking the access rights the system identified that the administrator ID has not been assigned the necessary rights in the configuration data of the remote administration server to be able to execute the valid remote administration command on the specified openFT instance 7201 Infringement against the maximum command length In particular in the case of BS2000 commands the remote administration server replaces the shortest command names which are guaranteed by openFT by the full command names If this replacement of the command name causes the entire remote administration command to become longer than the maximum command length of 8192 characters the command is rejected 294 openFT Windows
136. S name openFT then uses the first 8 characters of the first part of the name the host name qualifier as the processor name ftmodo p and the entire name as the instance ID ftmodo id Messages of the ftcrei command If ftcrei could not be executed properly a self explaining message is output The exit code is not equal zero in this case For examples please refer to page 391 openFT Windows Administration 165 fitcrek openFT commands 6 8 ftcrek Create key pair set You use this command to create a key pair set for the authentication of your openFT instance in partner systems RSA procedure For more information on administering keys see the section Authentication on page 49 If the maximum number of key pair sets is exceeded you get the error message ftcrek Maximum number of key pairs exceeded Format ftcrek h Description h Displays the command syntax 166 openFT Windows Administration openFT commands ftcrep 6 9 ftcrep Create an FT profile ftcrep stands for create profile This command can be used by any user to set up FT profiles for his or her login name The FTAC administrator can also set up FT profiles for other login names either with or without defining a transfer admission When it is created the profile is given a timestamp that is updated each time the profile is modified e g using fimodp Note that the owner of an admission profile can only use
137. Snd T ata ThNetbTtl ThNetbSnd ThNetb hDiskRcev ThDiskTxt ThDiskBin ThRq to ThRqft 1 ThCosu ThCof uRqfmOut DuRqf nOut Rqaa RqAc TIME StRqwt St o TIMES DuOpenInb Stoftr St 1 ThCobr Du nInb DuRges DuClosOut Rqhd S Ftmr StFtp TRING STRI tRqsp hRqfm Th RqtlOut Out DuDn DuClosIn StRqlk S r StTrcer G STRI uct ThAbrt ThIntr ThUsrf ThFol uRqt Inb DuRqftOut DuRqftInb D DuDnscInb DuConnOut DuOpe DuUsrcOut DuUsrcInb StRqas S tRafi StCLim StCAct StRqLim S s INT INT INT I PINs INT 341 NT IN gt INT T INT I G INT INT T INT INT INT INT INT NT INT INT s INT3 1 Ts INT3 INT INT INT 100 INT 100 BOOL BOOL BO INT INT INT 100 L BOOL 0 INT INT INT 100 INT INT INT INT INT INT 100 INT 100 INT 100 INT INT PERCENT INT PERCENT 7 366 openFT Windows Administration Appendix Structure of CSV Outputs ftshwm csv ThNetbTtl ThDiskTtl CurrTime MonOn PartnerSel ReqSel Data ThNetbTt1 ThDiskTtl 2008 02 28 15 40 01 2008 02 28 15 36 12 0PENFT FTAM ONLY ASYNC ONLY REMOTE FORM 2681262 524064 openFT Windows Administration 367 Structure of CSV Outputs Appendix 9 1 6 ftshwo The following table indicates the CSV out
138. System Administrator Guide English FUJITSU openFT V11 0 for Windows Systems Installation and Administration Edition August 2010 Comments Suggestions Corrections The User Documentation Department would like to know your opinion of this manual Your feedback helps us optimize our documentation to suit your individual needs Feel free to send us your comments by e mail to manuals ts fujitsu com Certified documentation according to DIN EN ISO 9001 2008 To ensure a consistently high quality standard and user friendliness this documentation was created to meet the regulations of a quality management system which complies with the requirements of the standard DIN EN ISO 9001 2008 cognitas Gesellschaft f r Technik Dokumentation mbH www cognitas de Copyright and Trademarks Copyright Fujitsu Technology Solutions GmbH 2010 All rights reserved Delivery subject to availability right of technical modifications reserved All hardware and software names used are trademarks of their respective manufacturers This manual is printed on paper treated with chlorine free bleach Contents 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 2 1 2 2 2 3 2 4 2 4 1 2 4 2 2 5 2 6 2 7 2 8 2 8 1 2 8 2 2 9 2 9 1 2 92 Prelate aoe sce eh ice e SR E we ee Be 11 Brief description of the product 12 Target group sk casa Seka ca id ee a oe Bae we Rao 12 Concept of openFT for Windows manuals
139. TAC administrator 24 423 identify 257 FTAC environment exporting 190 importing 195 FTAC functionality 423 FTAC log 209 FTAC log record long output format 287 reason codes 292 FTAC logging function 423 ftaddptn 148 ftadm protocol prefix 40 ftadm command 153 FTADM protocol 40 FTAM 424 ftam protocol prefix 40 FTAM catalog 424 FTAM file attributes 424 FTAM partner 424 activating deactivating tracing 212 addressing 40 FTAM port number modifying 217 FTAM protocol 424 FTAM 1 421 424 FTAM 3 421 424 fteanr 142 161 ftcrei command messages 165 ftcrek 166 ftcrep 142 ftdeli 183 ftdeli command messages 183 ftdelk 184 ftdell 185 ftdelp 142 187 ftDiagStatus 91 ftEncryptKey 92 ftexpe 190 ftexpe example 191 fthelp 55 192 ftimpc 193 ftimpe 195 ftimpe example 197 FTMOD administration permission 116 ftmoda 142 198 admpriv 101 openFT Windows Administration 451 Index ftmodi 202 messages 203 ftmodo 204 ftmodp 142 240 ftmodptn 241 ftmodr 142 247 ftmonitor 249 calling via a profile 182 FTOP administration permission 116 ftp protocol prefix 40 FTP partner activating deactivating tracing 212 addressing 40 FTP port number setting 216 FTP server deactivating 216 encryption 54 ftremptn 252 ftsetpwd 253 ftshwa 255 ADMPR_ 101 example 256 ftshwatp 258 ftshwc 266 ftshwd 269 ftshwl 55 142 272 output 279 ftshwm 46 CSV format 364 ftshwo 305 ftshwp 142 311 CSV format 146 ftshwptn 317 ftshwr
140. TION TRANSFER FILE FILE PROCESS ING lil The asterisk in FTMONITOR in the profile monitor must be specified It is furthermore recommended to enter a space after FTMONITOR in the profile itself in order that subsequent options are automatically separated from the command You can specify this profile as the transfer admission in the ftmonitor command if you wish to view the openFT monitoring data from a remote system In order to call the graphical openFT Monitor from the openFT Explorer define a partner with this transfer admission there ftmonitor po 10 Partnerl onlyftmonitor Alternatively you can use this FTAC profile to get the monitoring data in the form of line based output and redirect it to a file for further processing using an ft or ncopy command Note that at this point only the interval can be set but no monitoring data can be selected Output is always in CSV format openFT Windows Administration 47 Monitoring with openFT Tasks of the administrator The following command allows you to output the current monitoring values of Partner at 10 second intervals ncopy Partner1 po 10 partnerl_data onlyftmonitor The monitoring data is output to the file partner _data The only parameter that you can specify within the quotes is po polling interval f you wish to use the default polling interval of one second enter a space between the quotes 48 openFT Windows Administra
141. TOP ftshwr FT FTOP ftshws openFT Script command FT FTOP ftstop FT fttrace FT FTOP ftupdk FT Commands on the remote administration server ftadm allows you to execute the commands ftshwc and ftshwatp on the remote administration server When you do so you must not specify the ri option Command Comment Permission ftshwc Gets the instances that the FT FTOP FTAC remote administrator is l e all instances are displayed for permitted to administer which the remote administrator has one of these permissions ftshwatp Outputs the ADM traps of the FT FTOP openFT instances that can be l e ADM traps of all instances are administered displayed for which the remote administrator has one of these permissions 160 openFT Windows Administration openFT commands ftcanr 6 6 ftcanr Cancel asynchronous requests You can use the ftcanr command to cancel asynchronous requests which are in the course of being processed or which are waiting to be processed in the request queue As an ordinary FT user you can only cancel requests entered under your own login name The FT administrator can cancel any requests In addition as administrator you can delete requests unconditionally i e without negotiating with the partner system If file transfer requests have already been started the status of the destination file may be undefined Format ftcanr h f ua lt use
142. TTR LOW ON 0 0 ftp ftp homenet de Explanation of output NAME Name of the entry in the partner list STATE Specifies how file transfer requests issued locally to the specified partner system are processed ACT File transfer requests issued locally to this partner system are processed with ftstart DEACT File transfer requests issued locally to this partner system are initially not processed but are only placed in the request queue ADEAC Failed attempts at establishing a connection lead to this partner system being deactivated The maximum number of consecutive failed attempts is 5 In order to perform file transfers with this partner system again it must be explicitly reactivated with ftmodptn st a NOCON Attempt to establish a transport connection failed LUNK Local system is not known in the remote FT system 320 openFT Windows Administration openFT commands ftshwptn RUNK Partner system is not known in the local transport system AINAC Partner system has been deactivated after a number of unsuc cessful attempts to establish a connection LAUTH Local system could not be authenticated in the partner system A valid public key for the local openFT instance must be made available to the partner system RAUTH Partner system could not be authenticated in the local system A valid public key for the partner system must be stored in the folder syskey of the openFT instance see also Instance directory
143. USER ADM ADM OWN FT FUNCTION ACCESS TO ADMINISTRATION LAST MODIF 2008 09 23 18 21 08 The profile acccentr is a ADM profile This is indicated by the value ACCESS TO ADMINISTRATION under FT FUNCTION and the value ADM for user ID under USER ADM You are the FT administrator and would like to view the profile remadmin that has been set up for remote administration ftshwp remadmin 1 Output takes the following form remadmin USER ADM ADMINOO1 OWN FT FUNCTION REMOTE ADMINISTRATION LAST MODIF 2009 02 27 16 20 38 316 openFT Windows Administration openFT commands ftshwptn 6 37 ftshwptn Display partner properties You use the ftshwptn command to call up the following information about the partner systems entered in the partner list The name of the partner system The status of the partner system activated deactivated The security level that was assigned to the partner system The priority that was assigned to the partner system The setting for the openFT trace function for the partner system The number of file transfer requests to the partner system issued in the local system that have not yet been completed The number of file transfer requests for the local system that have been issued in the partner system The mode for sender verification and authentication The partner system s transport address possibly with the port number if this is differe
144. UT and FTAM if required only TCP IP entries should be present e Set address of std instance ftmodi std addr PN70_DDM e On Instance std Start asynchronous openFT server see above e Bring the second node online using Move Group e Activate and check instance cluster you may not specify an address since the instance already exists ftcrei cluster S openFT cluster ftshwi a 1 Instance Address Directory cluster OPENFT XYZ NET S openFT cluster std PN70_DDM C Program Files openFT var std 9 3 1 4 Operations with the individual openFT Instance Ist possibility openFT Explorer Set the instance in the drop down list in the top right of the openFT Explorer FeSO xg eo sd z Name Size Modified on a Ed5eb9c294b1ae006b21a42b221f sa 13 05 2009 13 05 ma ni DA AA AAN AEn 2nd possibility command line e Cluster OPENFT failsafe at P870_DDM or PN70_DDM depending on where the disk S is online ftseti cluster any openFT command ftcrep clusterl FromOPENFT ftshwl a nb 10 394 openFT Windows Administration Appendix openFT in a Windows cluster e Computer P870_DDM not failsafe ftseti std any openFT command ftcrep maple SendToP870_DDM ftshwl rc f e Computer PN70_DDM not failsafe see computer P870_DDM 9 3 1 5 Use of the Windows cluster as an openFT Server e Inthe case of transfers with the failsafe Windows cluster OPENFT the host name OPENFT or the
145. able defines a character set Coded Character Set CCS for short and the coding of these characters in the file A CCS is assigned a name of up to 8 characters in length via which the CCS can be addressed As FT administrator you can use the ftmodo ccs command to set a standard CCS for openFT In addition you are still able to set your own 8 bit CCS The standard CCS is used for all FT requests However users can set a different CCS in the ft ncopy request and in the openFT Editor The following CCSs are supplied with openFT as standard Name of the CCS Meaning 1IS088591 to ISO8859B and for the ASCII tables ISO8859 1 to SO8859 1 1 ISO8859D to ISO8859G and ISO8859 13 to ISO8859 16 ISO646 for the international 7 bit ASCII table ISO646DE for the German 7 bit ASCII reference version EDF041 to EDF04A for the EBCDIC tables DF04 1 to DF04 10 EDF04D and EDFO4F DF04 13 and DF04 15 EDFO3IRV for the international 7 bit EBCDIC table defined by FSC EDFO3DRV for the German 7 bit EBCDIC table defined by FSC UTF16 for Unicode with UTF 16 coding platform specific endian UTF8 for Unicode with UTF 8 coding UTFE for Unicode with the UTF E coding UTF16LE for Unicode with UTF 16 coding little endian UTF16BE for Unicode with UTF 16 coding big endian UTFEIBM for Unicode with the UTF EBCDIC coding defined by IBM IBM037 for the US Canada EBCDIC character set defined by IBM IBM237 for
146. access list refer to the section Defining an access list Example lt Group Name MCH1 Description Computer Center Muenchen Schwabing gt lt AccessList gt lt AccessEntry eee eg lt AccessList gt lt Instance Name MCHSRVO1 Description Remote administration server Address ftadm MCHSRVO1 mch mycompany net Admission mchsrvOlremote gt lt Instance Name OPENFTO1 Description Windows XP Address ftadm OPENFTO1 mch mycompany net 11009 Admission openft0Olremote gt lt AccessList gt lt AccessEntry wal lt AccessList gt lt Instance gt lt Group gt openFT Windows Administration 113 Remote administration Central administration Defining an access list In the access list you specify which remote administrators have access to the given openFT instance to be administered and what remote administration permissions are granted to each of the remote administrators The following rules apply e Anaccess list can be defined at the following locations before all groups and or instances The list then applies to all subsequent groups and or instances as an element of a group The list then applies to all openFT instances that belong to this group and is inherited by all child groups as an element of an openFT instance that is to be administered The list then only applies to this instance e Every openFT instance that is to be administered requires an access list that is eit
147. administration lt AccessList gt tag 113 lt AdministratorID gt tag lt Configuration gt tag lt Group gt tag 109 lt Instance gt tag 111 107 105 456 openFT Windows Administration Index remote administration cont access by the remote adminis tration server 174 231 defining an access list 114 defining groups 109 defining remote administrators 107 length of instance path 106 modify port number 218 remote administration server 96 creating a configuration file 104 deactivating 207 settingup 101 specifying as 207 specifying the administrator 199 remote administrator 96 defining 107 defining openFT instances 109 remote system 433 remote TS application definition 384 definition FTAM 387 remove partners from partner list 252 request 433 asynchronous 419 synchronous 436 Request for Comments RFC 434 request ID 433 request identification 433 request lifetime maximum 207 request management 433 request number 433 request queue 433 administer 38 request storage 433 requests simultaneous 26 resources 433 responder 433 restart 433 restart point 433 restore configuration data 65 result list 434 RFC Request for Comments 434 RFC1006 434 Rivest Shamir Adleman procedure 434 root permission 25 router 434 RSA procedure 434 RSA AES 80 RSA DES 80 S save configuration data 65 saving log records 55 standard admission set 60 Saving of log records 81 Scope ID 42 SDF procedure partner proper
148. admission Measure specify new transfer admission LOCKED by_adm The FTAC administrator modified the FT profile by login name only The transfer admission remained unchanged but was disabled Measure enable the profile using the ftmodp command and the v y parameter LOCKED by_import The FT profile was created using the ftimpe command The transfer admission remains unchanged but is marked as disabled Measure enable the profile using the ftmodp command and the v y parameter LOCKED by_user The FTAC user disabled his her own FT profile Measure enable profile using the ftmodp command and the v y parameter EXPIRED The time up to which the transfer admission can be used has expired Measure enable profile using the ftmodp command and the d parameter by removing the temporal restriction using the d entry and defining a new time span with d date ftshwp does not provide a means of displaying a transfer admission If you have forgotten a transfer admission you have to define a new one using ftmodp l not specified displays only the names of your FT profiles Markings also indicate whether or not an FT profile is privileged and whether or not it is disabled 314 openFT Windows Administration openFT commands ftshwp csv You can use csv to specify that the FT profiles are to be output in the CSV format The values in the output are separated by semicolon
149. admission profile for the user ID profile name not specified Profile name is not used as a criterion for selecting the FT profile to be displayed If you do not specify the profile with s see below FTAC will display information on all of your FT profiles s transfer admission a nl user ID a s is used to specify criteria for selecting the FT profiles to be displayed If you wish to view standard admission profile you can only specify n or a openFT Windows Administration 311 ftshwp openFT commands Transfer admission Is the transfer admission of the FT profile to be displayed A binary transfer admission must be specified in hexadecimal format in the form x or X a for transfer admission Displays information either on the FT profile specified with profile name see above or if no profile name was specified on all FT profiles As the FTAC administrator you can specify a if you want to obtain information on FT profiles belonging to other login names since even you should not know the transfer admission n for transfer admission displays information on FT profiles that do not have a defined transfer admission As the FTAC administrator you can specify n if you want to obtain information on FT profiles belonging to other login names which do not have a defined transfer admission transfer admission not specified causes FTAC to query the transfer admission on the screen after t
150. age 189 You should therefore also encode an import file in UTF 8 Format ftimpc h lt file name 1 256 gt openFT Windows Administration 193 ftimpe openFT commands Description h Displays the command syntax on the screen Entries after the h are ignored file name specifies the name of the XML file to be imported Messages of the ftimpc command If ftimpc could not be executed properly a self explaining message is output The exit code is not equal zero in this case 194 openFT Windows Administration openFT commands ftimpe 6 18 ftimpe Import profiles and admission sets ftimpe stands for import environment i e importing the FTAC environment or importing FT profiles and admission sets Using ftimpe the FTAC administrator can import the FT profiles and admission sets of any login names from a file that was created using the ftexpe command Only those FT profiles whose profile names have not been specified for other FT profiles under the specified login name are imported If a profile with the same name is already present the timestamp LAST MODIF with ftshwp 1 indicates which has the most recent status An FT profile whose transfer admission has already been defined for another FT profile in the system will be imported but has an undefined transfer admission It must therefore be assigned a new transfer admission using the ftmodp command before it is used If the existing FT profile in
151. ains any uppercase characters they must be converted to lowercase characters in the file name 52 openFT Windows Administration Tasks of the administrator Authentication e For partners using openFT for Windows in the directory syskey of the instance file tree see Instance directory on page 68 In the case of the standard instance the path name under Windows XP is openFT installation directory varstd syskey The instance ID of your local openFT instance must be selected as the file name e For partners using openFT for z OS or OS 390 as a PO element in the library admuser instance SYSKEY where instance is the name of the instance The partner name allocated to your openFT instance in the remote partner list SYSPTF must be selected as the element name 2 10 4 Administering the keys of partner systems The public keys of the partner systems are stored in Windows systems as files in the directory syskey of the instance file tree of the local openFT instance see Instance directory on page 68 The instance ID of the partner system must be selected as the file name lf an updated public key is made available by the partner instance the old key file must be overwritten at that time For Secure FTP some special features apply see Note on Secure FTP on page 54 2 10 5 Reciprocal authentication Basically there are three distinct usages e For the local openFT instance it is important that the supplied data c
152. alarm icon in the status bar Administration ADM Traps T Admission Profiles a Admission Sets Viewing ADM traps in the openFT Explorer as the FT administrator You can set the selection criteria using the context menu The ADM traps are shown in the form of a list in the openFT Explorer For further details refer to the online Help system openFT Windows Administration 131 ADM traps Central administration e Asaremote administrator you can view your own ADM traps These are the ADM traps of those openFT instances for which you have at least FTOP permission See section Determining the names of the openFT instances on page 123 The following options are available If you log in directly on the remote administration server enter the command ftshwatp Alternatively In the openFT Explorer under Remote Administration in the object tree click ADM Traps for the local server If you log in on a remote computer enter the following command ftadm cs server ftshwatp options transfer admission Explanation server Name of the remote administration server from the partner list or address of the remote administration server using the format ftadm host transfer admission FTAC transfer admission for accessing the remote administration server The associated profile must have the property ACCESS TO ADMINISTRATION see page 102 and the profile name must be assigned to a remote administr
153. alues You must not specify the angle brackets lt gt and the permissible value ranges enclose optional entries The effect on the function of the command is described for the individual parameters T stands for at least one blank that must be inserted between the various entries l stands for alternatives You may specify only one of the values indicated Bold typeface This is used in the Description sections for individual characters or strings that must be specified in exactly the form given e g options or values In running text these are then shown in italics Lengths and characters sets The values which you use for parameters in the commands must observe certain restrictions on length and on the characters available file name you can specify an absolute or relative file name The file name specified in the local and remote systems may have a maximum length of 512 characters based on the length of the absolute path name Please note that although long file names can be specified at the openFT interfaces not all platforms support this maximum length For example Unix systems permit up to 512 characters whereas Windows systems only permit 256 characters If the file name contains blanks they must be set in double quotes e g file name The specification of UNC names is also possible openFT Windows Administration 143 Notational Conventions openFT commands date numeric exactly 8 character
154. ample With FTAM partners when one of the partners proposes a waiting period until the next start or recovery attempt via the FTAM protocol and this period exceeds the delay normally permitted If the cause of the LOCKED state is known further information is indicated in the PARTNER STATE field CANCELLED The request was cancelled in the local system However the remote system is aware of its existence because for example it was previously active Therefore the request cannot be removed from the request queue until the connection to the partner has been re established FINISHED This status occurs for requests involving FTAM partners when the request has either been completed or cancelled but the user has not yet been informed of this HOLD The start time specified when the request was issued has not yet been reached SUSPENDED The request was interrupted 330 openFT Windows Administration openFT commands ftshwr INITIATOR This specifies where the request was issued Possible values LOCAL The request was issued in the local system REMOTE The request was issued in the remote system WRITE This specifies whether the destination file is to be overwritten extended or created Possible values OVERWRITE default value If the destination file already exists it is overwritten otherwise it is created EXTEND If the destination file already exists the file sent is appended to the destination file othe
155. an change the priority of all requests in the system Format ftmodr h ua lt user ID 1 36 gt ua a pn lt partner 1 200 gt fn lt file name 1 512 gt pr n pr l qp f qp lt request ID 1 2147483647 gt Description h Displays the command syntax on the screen Entries after the h are ignored ua user ID ua a You use ua to specify the user ID for which requests are to be modified user ID As FT administrator you may specify any user ID here a As FT administrator you can specify a to modify requests relating to all user IDs ua not specified Your own user ID is the selection criterion Exception you called the command as FT administrator and also specified a request ID in this case the presetting is a pn partner You use pn to specify a name or an address for the partner system for which you want to modify requests The partner should be specified in the same way as in the request or as it is output in the ftshwr command without the option s l or csv If openFT finds a partner in the partner list openFT Windows Administration 247 ftmodr openFT commands that corresponds to the specified partner address then ftshwr indicates the name of the partner even if a partner address was specified on request entry fn file name You use fn to specify the file name for which requests are to be modified Requests which access this file in the local system
156. andard admission set and for any admission set of any user in the system The settings made by the administrator for other users are the MAX ADM LEVELS You can assign a security level of between 0 and 100 for each basic function These values have the following meanings 0 The basic function is locked i e it is not released for any partner system 1 to 99 The basic function is only released for partner systems with the same or a lower security level You can use the ftshwptn command to display the security level of a partner system 100 The basic function is available for all partner functions For basic functions consult the table on page 200 The FTAC or ADM administrator can also use ftmoda to transfer the FTAC administrator privileges or the ADM administrator privileges to other user IDs lil The meaning of the numbers in the admission set has been changed in openFT V10 0 Now all integers between 0 and 100 are analyzed and are compared with the partner system security levels to determine whether they are smaller than or equal to these values Format ftmoda h lt user ID 1 36 gt s priv y admpriv y ml s ml 0 100 os s os 0 100 or s or 0 100 is s is 0 100 ir s ir 0 100 ip s ip 0 100 if s if 0 100 198 openFT Windows Administration openFT commands ftmoda Description h Displays the command syntax on the screen Entries afte
157. are using TranSON the partner is only available over the TNS To do this a proxy must be entered in TNS For further information refer to the online Help system for the TNS User Interface application of PCMX 32 I Pv4 address with the prefix ip e g ip139 22 33 44 You should always specify the IP address with the prefix ip since the host name is immediately treated as the IP address Omitting this prefix results in performance impairments since in this case a search is initially performed in the TNS and then in the hosts file pathname SystemRoot system32 drivers etc hosts The IP address must always be specified as a sequence of decimal numbers separated by dots and without leading zeros I Pv6 address with the prefix ip6 e g i p6LFEDC BA98 7654 3210 FEDC BA98 7654 32101 IPv6 or ip6LFE80 20C 29ff fe22 b670 51 IPv6 with Scope ID The square brackets must be specified openFT Windows Administration 41 Administering partners Tasks of the administrator port When a connection is established over TCP IP you can specify the port name under which the file transfer application can be accessed in the partner system Permitted range of values 1 through 65535 The Scope ID designates the local network card via which the remote partner can be accessed in the same LAN segment It must be appended to the address with a character In Windows systems this is a numerical value e g 5 On o
158. art of the file t hh mm ss to Specifies the time up to which trace entries in the trace file are to be evaluated You enter the time in the format hours minutes seconds 2 digits each If you do not specify an end time then trace entries are output up to the end of the file tracefiles Name s of the trace file s that you want to evaluate You can specify multiple trace files and wildcards can be used openFT Windows Administration 353 Code tables Diagnosis 8 2 Code tables 8 2 1 Code table EBCDIC DF 04 upper half byte 0 1 2 3 4 5 6 7 8 9 A B Cc oD F 0 SP amp 29 gaii FUTA 0 1 NBSP a j ge l A J 1 2 a A E b k J s BYIK IS 2 3 a l J EJc t t e cojyLlti yt 3 4 a A EJ dadis m ul O dDJMi Us 4 5 a if A e ln v Ef N V4d5 6 a J 7 fjolwi qi F otlwle 7 Pale ae Sine le ae m ae Oe 5 8 lilo i nlaly H alyls l 9 Bi ileri zll i Ral zee A LI a 7 fa SHY 7 2 3 B Slt all 12 e 6 a O C lt dle DP 6 l D Se este cI alice Hate Cb ieee 1 Ub ent E gt pl lol 6o6 ua o6 u F ic ja x y O Code table EBCDIC DF 04 character set corresponding to ISO 8859 1 354 openFT Windows Administration Code tables Diagnosis 8 2 2 Code tab
159. artners 252 partnername 144 partner priority specifying 151 244 partner properties modifying 241 partner specific trace activate 349 partner system 430 password 430 patch 74 pathname administered instance performance control 26 permitted actions 430 portnumber 430 modify for remote administration 218 106 modifying for FTAM server 217 218 modifying for openFT server 217 openFT FTAM 383 partner computer 42 setting for FTP 216 Portable Open System Interface POSIX 430 POSIX Portable Open System Interface 430 postprocessing 430 log record 279 prepare trace files 63 preprocessing 431 log record 279 presentation 431 presentation selector 431 partner computer 43 priority partner specifying requests 247 PRIV 257 priv 227 private key 431 151 244 privilege FT profile 59 privileged admission profile 431 privileged admission set 418 431 privileged profile 227 PROC LIM 26 process limit 26 processorname 208 profile 431 setting up for access to remote administration server 175 231 setting up for ADM traps on the ADM trap server 129 174 231 profile name 144 prompting in procedures 431 protection bit setting 36 protocol 432 public key 432 public key encryption SNMP 92 public key for encryption SNMP 87 Q query information on instances 62 R RAUTH 284 291 reason code display 55 receive file 432 receive system 432 record 432 record length 422 439 relative pathname 432 remote
160. as required either programmatically or using an editor When you call ftshwm you specify what monitoring data is to be output the format in which it is to be output formatted raw tabular or in CSV format and the interval at which output is to be updated You will find details on ftshwm on page 295 e Using the openFT Monitor By default the openFT Monitor outputs the data in the form of one or more charts The charts show the current state and history of the monitoring data You can set what values are to be displayed in the openFT Monitor and store the setting for subsequent sessions It is also possible to display all the monitoring data in tabular format in a graphics window You start the openFT Monitor either using the openFT Explorer Extras menu or the context menu of a partner entry or using the ftmonitor command see page 249 When you start the program you also specify the interval at which output is to be updated For further details on the openFT Monitor refer to the online Help system Displaying monitoring data from other systems The openFT Monitor allows you to view the monitoring data of openFT instances on the other systems In order to do this you specify the partner and the transfer admission when you call the openFT Monitor This is done implicitly in the openFT Explorer if you start the openFT Monitor from the context menu of an entry in the Partner object directory See also page 40 In order to do this yo
161. ate instance then you specify the address information to be used for routing by the intermediate instance in routing info i for routing info The instance identification specified in id is used as the routing information neither i nor routing info specified default value The specification of ri without parameters means that the partner system can be accessed directly i e without an interme diate instance ptc i ptc a You can use ptc to modify the operating parameter setting for sender verification on a partner specific basis These settings only affect partners which are connected via the openFT protocol and do not operate with authentication e g partners with openFT V8 0 or earlier i identification Deactivates checking of the transport address Only the partner s identification is checked The partner s transport address is also not checked even if extended sender verification is globally active see the ftmodo command on page 204 openFT Windows Administration 149 ftaddptn openFT commands a address Activates checking of the transport address The partner s transport address is checked even if checking of the transport address is globally deactivated see ftmodo command on page 204 If the transport address under which the partner logs on is not the same as the entry in the partner list then the request is rejected neither i nor a specified default value ptc without parameters
162. ation data p Administrator Administrator Configuration data A B openFT openFT openFT openFT Administered Administered openFT instances openFT instances area A area B Separate configuration with two remote administration servers openFT Windows Administration 97 Remote administration Central administration Areas A and B are theoretically strictly separated but John is permitted to administer instances from areas A and B whereas Curt can only administer instances from area B The same method can also be used to define a redundant configuration with a second remote administration server This allows implementation of a simple backup solution asl openFT V11 0 John SA j Transfer Transfer gt __ Backup server admission admission Remote administration Remote administration server A server A Computer 1 Computer 2 ADM Configuration data Administrator lt _ _ Configuration data _ _ _ _ i ee _ a a oe openFT openFT Administered openFT instances Redundant configuration with a second administration server as a backup If Computer 1 fails the remote administrator can use Computer 2 as the remote administration server In order to do this the ADM administrator must always ens
163. ation of an inbound request Milliseconds 1 DuRqftOut Maximum request duration Outbound transfer Maximum duration of an outbound file transfer request Milliseconds 1 DuRqftInb Maximum request duration Inbound transfer Maximum duration of an inbound file transfer request Milliseconds 1 DuRqfmOut Maximum request duration Outbound file management Maximum duration of an outbound file management request Milliseconds 1 DuRaqfmIinb Maximum request duration Inbound file management Maximum duration of an inbound file management request Milliseconds 1 DuRqesOut Maximum outbound request waiting time Maximum waiting time before an outbound request is processed for requests without a specific start time Milliseconds 1 DuDnscOut Maximum duration of an outbound DNS request Maximum time an outbound openFT request was waiting for partner checking Milliseconds 1 300 openFT Windows Administration openFT commands ftshwm Monitoring values Name Meaning Output with a only Output unit Formatted Raw DuDnsclinb Maximum duration of an inbound DNS request Maximum time an inbound openFT request was waiting for partner checking X Milliseconds 1 DuConnOut Maximum duration of establishment of a connection Maximum time between requesting a connection and receiving
164. ator account is an FT administrator by default if User Account Control UAC is activated Users can however run openFT applications such as the openFT Explorer with administrator permissions if they grant the relevant permission in the dialog box displayed by the operating system when the program is started Who is the FTAC administrator Following a new installation the openFT and FTAC administrators are identical This means that all users who possess FT administration rights on the system are also FTAC administrators The FTAC administrator is identified by the fact that the corresponding privilege is defined in his or her admission set You can transfer this property to another login name by using the ftmoda command This is useful for example if someone other than the system administrator is responsible for data security The FTAC administrator has the following permissions e administer admission profiles see page 58 e administer admission sets see page 56 e back up the FTAC environment see page 59 In addition the FTAC administrator can also administer logging as well as the FT administrator and the ADM administrator see page 55 Depending on the user ID under which it is set up the FTAC administrator account has various rights and options e Default setting FT administrator is FTAC administrator Every other user ID that possesses FT administrator permissions is also an FTAC administrator This means that every FTAC admi
165. ator in the configuration file see page 107 Alternatively using the openFT Explorer In the object tree under Remote Administration open the object directory of the remote administration server and click ADM Traps See the figure below 384 Remote Administration E E adminsrv ADM Traps Muenchen E AdminHome H Jonny E Servus Viewing ADM traps in the openFT Explorer using the remote administration facility You can set the selection criteria using the context menu The ADM traps are shown in the form of a list in the openFT Explorer For further details refer to the online Help system 132 openFT Windows Administration Central administration Example of an XML configuration file 5 3 Example of an XML configuration file The configuration for the company mycompany is made up of four computer centers two in Munich MCH1 MCH2 and two in Hamburg HH1 HH2 A separate subgroup is created for each computer center The remote adminis tration computer MCHSRV01 is located in MCH1 Four remote administrators are configured John Fred Jack and Mike The following table shows the groups subgroups and openFT instances and specifies which remote administrator has which permissions Group Sub Instance Permissions of the remote administrator group John Fred Jack Mike Muenchen MCH1 MCHSRV01 FT FT FTAC OPENFTO1 FT FT FTAC OPENFTO2 FT FT FTAC OPENFT03 FTOP
166. bagent is started automatically each time the SNMP service is started Note that SNMP can only work with one instance when clustered The decisive factor is which instance is set up to start when the agent is started see also section Using openFT in a cluster on page 61 86 openFT Windows Administration SNMP SNMP management 4 3 SNMP management for openFT The openFT subagent is used to obtain information about the status of asynchronous openFT server start and stop the asynchronous openFT server obtain information about system parameters modify system parameters create the new public key for encryption authentication output statistical data to control the diagnosis The MIB to openFT offers objects for the above mentioned management tasks It is located in the file openFT installation directory snmp openF TMIB txt The objects for starting and stopping encrypting the public key modifying the system parameters and controlling the diagnose require write access openFT Windows Administration 87 SNMP management SNMP 4 3 1 Starting and stopping openFT MIB definition Object name Access Meaning object identifier ftStartandStop read write openFT protocol 1 3 6 1 4 1 231 2 18 1 1 0 Input Syntax Integer Meaning start 1 the asynchronous openFT server is started stop 2 the asynchronous openFT server is stopped Out
167. ber Value X ThFoll Number Value ThCosu Number Value ThCofl Number Value x ThCobr Number Value x DuRatlOut Number Value DuRatlinb Number Value DuRaqftOut Number Value DuRaftInb Number Value DuRqfmOut Number Value DuRafminb Number Value DuRqesOut Number Value DuDnscOut Number Value DuDnscinb Number Value DuConnOut Number Value DuOpenOut Number Value DuOpeninb Number Value DuClosOut Number Value DuClosinb Number Value DuUsrcOut Number Value DuUsrcInb Number Value StRqas Number 100 Value x StRqaa Number 100 Value x openFT Windows Administration 365 Structure of CSV Outputs Appendix Name Type Value Std stRqwt Number 100 Value x StRghd Number 100 Value x StRasp Number 100 Value x StRalk Number 100 Value x StRafi Number 100 Value StCLim Number Value X StCAct Percent Value x StRqLim Number Value x StRqAct Percent Value X StOftr BOOL 1 openFT protocol active x 0 not active StFtmr BOOL 1 FTAM protocol active x 0 not active StFtpr BOOL 1 FTP protocol active x 0 not active StTrer BOOL 1 Trace switched on O switched off 1 is not output with option raw 2humber is the measured value multiplied by 100 e g output 225 corresponds to value 2 25 Examples ftshwm ty cs CurrT ime MonOn v a PartnerSel Rev ThNetbTxt hNetbBin T ReqSel D hDiskTt ThDisk
168. ber is specified explicitly s ftstd s resets the default port number for the addressing of openFT partners via partner addresses The default port number of 1100 then applies again tns y tns n This option allows you to activate or deactivate the use of TNS names This does not affect the use of TCP IP host names IP addresses or partner management or the explicit specification of the port number and selectors with the openft and ftam options y This activates the use of TNS names for openFT and FTAM transfer 218 openFT Windows Administration openFT commands ftmodo This is necessary for example if other transport protocols are to be used alongside TCP IP This deactivates the use of TNS names In this case it is only possible to use the TCP IP transport protocol By default the port numbers set in the operating parameters are used for communi cations options openft ftam and ftstd Caution This option should not be changed as long as requests are stored or active Activation and deactivation of the TNS database can cause the conversion of a partner name to a partner address to change which could in turn lead to requests failing above all with restart requests or to unwanted delivery of files After switchover temporary partner entries can also appear twice in the partner list for a while see ftshwptn even if the partner name is converted to the same address in both cases ae y ae n T
169. bmitted the request in the local system For this to be possible the service must change to the identity of the user for certain actions To this end the service requires the login password of the user involved which must be made known to the service in openFT Explorer via Administration User password or by means of the ftsetpwd command The password must be stored in the following cases for asynchronous access to NTFS files or UNC names if you want to use FTAC profiles for inbound requests for local and remote preprocessing postprocessing and follow up processing for access to files via UNC names e Relative path names for inbound requests refer to the user specific home directory This can be defined by the system or domain administrator in the user management of Windows openFT Windows Administration 33 Setting operating modes Tasks of the administrator e The home directory specified for the corresponding user in the User Manager is used as the home directory If no such directory is specified openFT creates the directory For Windows XP for example this directory is located in userID hostname or userID domain under the directory Documents and Settings 2 4 2 Running the service under user rights When the openFT service is used under user rights it is started under the rights of a predefined user However the user must possess administrator rights When the service is run under user rights
170. butes Inbound Receive IBR and Inbound File Management IBF enabled Rename files Inbound Receive IBR and Inbound File Management IBF enabled Delete files Inbound Receive IBR enabled and Write mode overwrite in profile Display directories Inbound File Management IBF enabled Create rename and delete Inbound File Management IBF enabled directories and direction from partner in profile openFT Windows Administration 201 ftmodi openFT commands 6 20 ftmodi Modify an instance The ftmodi command allows you to assign another Internet host name address to an instance Note on using more than one instance All instances must be explicitly assigned their own IP address option addr with ftmodi or ftcrei This also applies to standard instances Using several openFT instances is only possible with the transport system TCP IP If you want to use several instances and you are using the TNS you must delete all TNS entries specific to openFT which do not relate to TCP IP Format ftmodi h lt instance 1 8 gt addr lt host name gt addr n Description h Displays the command syntax on the screen Entries after the h are ignored instance Name of the instance to be modified Instance names have a maximum length of 8 characters and must consist of alphanumeric characters The first character must not be a number addr host name addr n Internet host name whose assigne
171. by the ADM administrator ff not specified Corresponds to the specification f tmr i e the admission profile can be used for all file transfer functions other than file processing but cannot be used for remote administration functions a c and ADM traps dir f dir t dir ft specifies for which transfer direction s the FT profile may be used f allows data transfer only from a remote system to the local system t allows data transfer only from a local to a remote system Direc tories cannot be created renamed nor deleted ft tf both transfer directions are allowed dir not specified transfer direction is not restricted in the FT profile pn partner partner2 pn You use pn to specify that this admission profile is to be used only for FT requests which are processed by a certain partner system You can specify the name of the partner system in the partner list or the address of the partner system For details on address specifications see section Specifying partner addresses on page 40 You can specify more than one partner system maximum 50 with a maximum total of 1000 characters pn not specified or pn means that any remote system can use the FT profile openFT Windows Administration 175 ftcrep openFT commands fn file name fn fn specifies which file under your login name may be accessed using this FT profile If you specify a fully qualified file name only the f
172. c function inbound file management can be used see table at iif Specifying this option is enough as long as the basic function inbound send was disabled by the user but if it was disabled by the FTAC administrator it is also necessary that he she grant privi leged status to the FT profile n restricts the profile to the value in the admission set for the basic function inbound send iis not specified causes the values specified in the profile for the basic function inbound send to apply unchanged iir y iir n iir ignore inbound receive allows the value for the basic function inbound receive in the admission set to be ignored for details see im y allows the basic function inbound receive to be used even if it is disabled in the admission set At the same time subcomponents of the basic function inbound file management can also be used see table at iif Specifying this option is enough as long as the basic function inbound receive was disabled by the user but if it was disabled by the FTAC administrator it is also necessary that he she grant privileged status to the FT profile n restricts the profile to the value in the admission set for the basic function inbound receive iir not specified causes the values specified in the profile for the basic function inbound receive to apply unchanged 228 openFT Windows Administration openFT commands ftmodp iip y iip n iip ignore inbound proce
173. c iosd x tow a eed Rar a Sek ee a 350 Evaluating trace files with fttrace 352 openFT Windows Administration Contents 8 2 8 2 1 8 2 2 OOODDDDD0O k i ee ee ee ee oe ee OMNaAORWD 9 4 2 9 4 3 COMGIADIES 6246 66 8 FSH GS SSeS Re HGH Hore 354 Code table EBGDIC DF04 ia cosa ke 354 Code table ISO 8859 1 20 4 355 APGE eneren anae as a Rok ied 357 Structure of CSV Outputs anaana 357 a E E ee es Kae E E Gr SOS OSES EEA 357 TRING is e a oe a oh Ste a A Aa d a 359 RSRWG lt c aa eee eed wee oee ede REESE S Be BOE 360 MI se Go Gg bt hae ee ORE Re Se ee 361 PAW 2c ods ee ew EOS eR eee ee eee 364 MING 2 5 bg bee oS he RS eee ES oR EES 368 KOWE oo Sk acd amp amp Seo ed wm we GB he eB ead A 371 MAPI yerepe se deere edhe Pee ewe ek Gey 374 UIE Soo 6 3 hh 4 ot Bi DERE EER RORS SS ORS 375 Entering transport system applications inthe TNS 379 TNS entries created automatically 381 Definition of the local TS application for openFT FTAM 383 Definition of a remote TS application foropenFT 384 Sample entries foropenFT partners 385 Definition of remote TS applications for openFT FTAM 387 Sample entries for FTAM partners 389 The openFT instance concept in a Windows cluster 391 Sale 24 4 e se oo 2 abe oo eS Se es aR ES 391 Installation ofopenFT 392 Configuration of resource specific openFT properties o
174. cal designator for the key pair version Distributing public keys and obtaining public keys for partner systems to be authenticated If your local system is to be authenticated in partner systems then public keys for your system need to be made available to the partner systems You can find details in the section Distributing the keys to partner systems on page 52 If partner systems are to be authenticated by openFT you will need the public keys of those partners The public keys of the partner system are stored in the Windows system as files in the directory syskey of the instance file tree of the local openFT instance see also Instance directory on page 68 The instance ID of the partner system must be selected as the file name If an updated public key is made available by the partner instance the old key file must be overwritten Specifying the instance ID and the name of the local system for openFT openFT sends a sender address along with the request to a remote system This sender address must be known to openFT before you issue requests Partner systems using openFT version 8 1 and later are identified by the so called instance ID The local instance ID is defined using the command ftmodo id or by using the openFT Explorer You will find details on this in the section Instance Identifications on page 49 80 openFT Windows Administration Installation and configuration Activities after installat
175. capes the locations of the individual systems may be quite far apart Fujitsu Technology Solutions offers an extensive range of file transfer products the openFT product range for the following system platforms e BS2000 OSD e Solaris SPARC Intel LINUX AIX HP UX e Microsoft Windows XP Windows Server 2003 Windows Vista Windows 7 and Windows Server 2008 e 0S 390 and z OS IBM respectively openFT Windows Administration 11 Brief description of the product Preface 1 1 Brief description of the product openFT for Windows systems is the file transfer product for systems with the Windows XP Windows 2003 Windows Vista Windows 7 and Windows 2008 from Microsoft All openFT products communicate with each other using the openFT protocol previously known as the FTNEA as laid down by Fujitsu Since a number of FT products from other software vendors also support these protocols many interconnection options are available When used in combination with openFT FTAM openFT also supports the FTAM file transfer protocol File Transfer Access and Management standardized by ISO International Organization for Standardization This makes it possible to interconnect with even more systems from other vendors whose file transfer products support the same standard When used in combination with openFT FTP openFT also supports the FTP protocol This makes it possible to inte
176. ccessing the remote administration server The associated profile on the remote administration server must have the property ACCESS TO ADMINISTRATION see page 102 and the profile name must be assigned to a remote admin istrator in the configuration file see page 107 If you also activate the Save Transfer Admission option this has the advantage that you do not have to to specify the transfer admission in future every time you call the openFT Explorer When you click OK a new icon appears in the object tree with this remote administration server Clicking on the name of the remote administration server opens the associated object directory In the example below an additional server adminsrv is set up alongside the local remote administration server cog2 test eng Local see page 125 126 openFT Windows Administration Central administration Remote administration 4849 Remote Administration ADM Traps e Muenchen AdminHome Jonny Servus E 3 cog2 test eng Local ADM Traps London AdminHome Servus Test_system Local and remote remote administration servers in the openFT Explorer Issuing remote administration requests All instances that can be administered are listed under the relevant groups in the example these are Muenchen and London The context menu of an instance allows you to access the operating parameters and diagnos
177. ce name openFT cluster Startup parameters Use Network Name for computer name Configure openFT in a cluster Generic Service Parameters openFT Windows Administration 403 openFT in a Windows cluster Appendix Service open ft Properties 21x General Dependencies Advanced Parameters Registry Replication NG Service open ft Applications or services may store data in the registry It is important to have this data available on the node on which they are running Specify the registry keys below HKEY_LOCAL_MACHINE that should be replicated to all nodes in the cluster Root Registry Key SOFTWARE Classes SNINWINTNS lt 4 Only necessary if TNS is used Add Madi Remove coo __ Configure openFT in a cluster Generic Service Registry Replication If TNS is not used Registry Replication is not necessary 404 openFT Windows Administration Appendix Messages for administration commands 9 4 Exit codes and messages for administration commands Below is a description of the error messages output by openFT together with the associated exit codes meanings and measures as appropriate The description has the following format exitcode Message text meanings and measures as appropriate 9 4 1 Messages for all commands 0 The command was successful 3 The command was cancelled as the result of a response to a query 4 A syntax error occurred during command processing
178. cense Copyright C 1995 1998 Eric Young eay cryptsoft com All rights reserved This package is an SSL implementation written by Eric Young eay cryptsoft com The implementation was written so as to conform with Netscapes SSL This library is free for commercial and non com mercial use as long as the following conditions are aheared to The following conditions apply to all code found in this distribution be it the RC4 RSA lhash DES etc code not just the SSL code The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson tjh crypt soft com Copyright remains Eric Young s and as such any Copyright notices in the code are not to be removed If this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in documentation online or textual provided with the package Redistribution and use in source and binary forms with or without odification are permitted provided that the following conditions are et Redistributions of source code must retain the copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided wi
179. col Internet Protocol Widely used data transmission protocol corresponds approximately to layers 3 and 4 of the ISO OSI reference model i e network and transport layers originally developed for the ARPANET computer network of the US Ministry of Defense it has now become a de facto standard transfer admission Authorization for file transfer and file management when using FTAC The transfer admissions is then used in place of the LOGON or LOGIN authori zation transfer unit In an FTAM environment the smallest data unit for transporting file contents For FTAM and FTAM 3 these are strings A transfer unit can but need not correspond to one file record Transmission Control Protocol Internet Protocol gt see TCP IP TranSON TranSON is a software product that permits secure access to a server The use of TranSON is transparent to the application The connection to the remote partner goes from the workstation through a client proxy and server proxy to the remote partner The client proxy is located on the workstation and the server proxy is located on the remote partner The data transferred between the client proxy and the server proxy is encrypted transport connection Logical connection between two users of the transport system terminals or applications transport layer Layer 4 of the ISO OSI reference model on which the data transport protocols are handled openFT Windows Administration 437 Glos
180. collected You will find an example under ftcrep on page 182 orasalogin LOGON admission using the syntax of the remote system user ID where necessary with account and or password transfer admission not specified If you do not specify a transfer admission for a remote partner system the system prompts you for it in a dialog box The entry made for the password or the FTAC transfer admission remains invisible Asterisks are displayed as replacement characters 250 openFT Windows Administration openFT commands ftmonitor Messages from the openFT Monitor The openFT Monitor issues error messages in the form of a dialog box It terminates automatically if an error occurs or if monitoring is terminated in the system being monitored If the layout of the Monitor window is changed and if openFT is terminated before the changed layout is saved the openFT Monitor issues a message and queries whether the layout is to be saved openFT Windows Administration 251 ftremptn openFT commands 6 26 ftremptn Remove a partner from the partner list Format ftremptn h lt partner 1 200 gt Description h Displays the command syntax on the screen Entries after the h are ignored partner Specifies the partner that is to be removed from the partner list You can specify the name in the partner list or the partner s address The name and address are displayed using the ftshwptn command All r
181. confirmation of a connection for an outbound openFT request Milliseconds 1 DuOpenOut Maximum file open time outbound Maximum time an outbound openFT request required to open the local file Milliseconds 1 DuOpeninb Maximum file open time inbound Maximum time an inbound openFT request required to open the local file Milliseconds 1 DuClosOut Maximum file close time outbound Maximum time an outbound openFT request required to close the local file Milliseconds 1 DuClosInb Maximum file close time inbound Maximum time an inbound openFT request required to close the local file Milliseconds 1 DuUsrcOut Maximum user check time outbound Maximum time an outbound openFT request required to check the user ID and transfer admission Milliseconds 1 openFT Windows Administration 301 ftshwm Monitoring values openFT commands Name Meaning Output Output unit with a Formatted Raw only DuUsrcinb Maximum user check time x Milliseconds inbound Maximum time an inbound openFT request required to check the user ID and transfer admission StRqas Number of synchronous requests Average Current in the ACTIVE state value number StRqaa Number of asynchronous Average Current requests in the ACTIVE state value number StRqwt Number of
182. ctivates the asynchronous inbound server for requests via the FTP protocol A warning is issued if the FTP protocol is not installed adm Activates the asynchronous inbound server for administration requests No protocol type specified Specifying acta without parameters deactivates all asynchronous inbound servers ftp port number ftp s ftp You use port number to specify the port number used by FTP Possible values 1 to 65535 The default number is 21 s Sets the port number for FTP to the default value of 21 port number not specified You use ftp to set the FTP server to inactive i e it cannot accept any more inbound requests il Deactivation of the FTP server using ftp will be supported for the last time in openFT V11 0 Instead use the option acta 216 openFT Windows Administration openFT commands ftmodo openft port number IT selector openft s You can use port number to specify a port number other than the default for the local openFT server You can also specify a T selector of between 1 and 8 characters in length In this case the port number and T selector must be separated by a period If you are switching from operation without TNS to operation with TNS tns y and if only the T selector with no port number had previously been set under openft you must specify the port number explicitly even if it matches the default value This is necessary to ensure that the T sele
183. ctor cannot be confused with the global name in the TNS Possible values for the port number 1 to 65535 The default value for the port number is 1100 The default value for the T selector is FJAM For operating with TNS you can specify a TNS name other than the default for the local openFT server A period must be placed before the TNS name e g openft OPNFTSRV The TNS name must not contain any period The default value for the TNS name is FJAM Please use this function carefully because setting a port number or TNS name other than the default makes it difficult for openFT partners to address the local system s openft s sets the port number and the T selector for the openFT server to the default value i e 1100 and FJAM ftam port number T selector S selector P selector ftam s You can use port number to specify a port number other than the default for the local FTAM server You can also specify a T selector a session selector and a presentation selector each of which may have a length of 1 to 16 characters In this case the port number T selector S selector and P selector must be separated by a period If you switch to operation with TNS again tns y and if only the T selector with no port number had previously been set under ftam you must specify the port number explicitly even if it matches the default value This is necessary to ensure that the T selector cannot be confused with the global name in th
184. d IP address is used to address the instance externally destination address and which is used as the sender address with outgoing connections Changing addr does not affect the instance s operating parameters instance ID and processor host name A particular or another Internet host name can be assigned to the instance here n for host name This specification is only permitted for the standard instance std The standard instance is not assigned a particular host address anymore and therefore it signs on for all addresses of the system In this manner you can switch from an operation with several instances to a one instance operation 202 openFT Windows Administration openFT commands ftmodi Examples 1 The host with the name MAPLE is assigned to the default instance Local requests to 127 0 0 1 are thus no longer possible The command is as follows ftmodi std addr MAPLE 2 The default instance is to log in with all IP addresses of a system again and listen to all addresses The command is as follows ftmodi std addr n Messages of the ftmodi command If ftmodi could not be executed properly a self explaining message is output The exit code is not equal zero in this case openFT Windows Administration 203 ftmodo openFT commands 6 21 ftmodo Modify operating parameters You can use ftmodo to define and modify the following parameters for openFT operation the key length of th
185. d in the Address attribute Partners with openFT as of V11 0 must be defined with fradm Admission specifies the transfer admission for the instance to be adminis tered The associated admission profile must be set up there and must permit the REMOTE ADMINISTRATION function Corresponds to ftcrep ff a 5 The lt AccessList gt tag for an instance defines permissions that only apply for this instance The InheritFromParent No attribute cancels a parent inherited permission The DenyFunction attribute under lt AccessEntry gt restricts inherited permissions For instance the FT permission is reduced to FTOP with DenyFunction FTMOD AllowFunction defines or extends permissions 6 The Mode Legacy attribute specifies that an openFT version lt V11 0 is running on the instance The instance is addressed as an openFT partner i e the address is specified without a prefix The frexec command is then used internally for a remote administration request 138 openFT Windows Administration 6 openFT commands for the administrator This chapter contains the commands which are available only to the adminis trator or which include more options for the administrator than the user or which are primarily used by the administrator The commands for the openFT script interface are described in the User Guide as well as in the openFT Script Interface manual 6 1 Overview of the commands The following
186. d must be explicitly unlocked e g by using the command ftmodp v y 58 openFT Windows Administration Tasks of the administrator FTAC environment If a FT profile is private u pr and if a corresponding transfer admission is assigned for a second time the existing transfer admission is locked Deleting FT profiles You can use the ftdelp command to delete FT profiles of a user This function is necessary for example after deletion of a login name since the profiles are not automatically deleted when a login name is deleted You should contact the user before you delete profiles from active login names You can also delete admission profiles via the openFT Explorer by selecting the Delete command from the context menu You will find a detailed description of the object windows in the online help Assigning privileges to FT profiles A privileged FT profile is intended for exceptional circumstances in which it is necessary for a user to override all restrictions To assign privileges to a profile you can use the command ftmodp priv y for example Once a profile has been assigned privileges it is possible only to modify the transfer admission and cancel the privileges To prevent abuse no other changes are permitted You can also assign privileges to admission profiles via the openFT Explorer in the Admission Profiles dialog window You will find a detailed description of each of the functions in the online he
187. d requests or the unavailability of partners If for example all successfully completed 130 openFT Windows Administration Central administration ADM traps requests are sent to the ADM trap server by several instances this can place a heavy load on the local openFT system the ADM trap server and the network Alternatively you can also perform these actions using the openFT Explorer 1 Choose Administration Operating Parameters to open the Traps tab 2 Inthe ADM Trap Server group enter the name of the ADM trap server and the transfer admission 3 Inthe ADM column of the Type group select the events on which ADM traps are to be sent 5 2 3 Viewing ADM traps The FT administrator of the ADM trap server is permitted to view the ADM traps If the ADM trap server is also used as the remote administration server both the ADM administrator and the remote administrators can view traps The following points apply e f you log in to the ADM trap server as an FT administrator or ADM adminis trator you can view all ADM traps There are two ways of doing this Using the ftshwatp command In this case you can select traps according to different criteria source period number etc For details see the section ftshwatp Display ADM traps on page 258 Using the openFT Explorer Under Administration in the object tree click ADM Traps see figure or choose Show ADM Traps from the context menu of the
188. defines the number of code pages that follow It currently always has the value 1 30 openFT Windows Administration Tasks of the administrator Administering code tables e The following lines define the code pages and have the following structure The first of these lines contains the number of the code page in the form of a two digit hexadecimal number All the subsequent lines contain the mapping of the characters for the codes to be defined to UTF 16 in the form of a 4 digit hexadecimal number The values are arranged in 16 lines each of which contains 16 4 digit hexadecimal numbers with no spaces Example for ISO8859 15 Western Europe with Euro symbol Encoding file iso8859 15 single byte O3F 0 0 000 010 020 030 040 050 060 070 080 090 OAO OBO oco ODO OEO OFO 00200030004 01200130014 02200230024 03200330034 04200430044 05200530054 06200630064 07200730074 08200830084 09200930094 OAZ00A320AC 0B200B3017D 0C200C300C4 OD200D300D4 OEZ00E300E4 OF200F300F4 0050006000700080009000A000B000C000D 0150016001700180019001A001B001C001D 0250026002700280029002A002B002C002D 0350036003700380039003A003B003C003D 0450046004700480049004A004B004C004D 0550056005700580059005A005B005C005D 0650066006700680069006A006B006C006D 0750076007700780079007A007B007C007D 0850086008700880089008A008B008C008D 0950096009700980099009A009B009C009D 0A5016000A7016100A900AA00ABOOACOOAD 0B500B600B7017E00B900BA00BB01520153
189. defining the FTAC protection functions Admission profiles define a transfer admission that has to be specified in FT requests instead of the LOGON or Login authorization The admission profile defines the access rights for a user ID by restricting the use of parameters in FT requests admission profile privileged gt see privileged admission profile admission set In FTAC the admission set for a particular user ID defines which FT functions the user ID may use and for which partner systems admission set privileged gt see privileged admission set AES Advanced Encryption Standard The current symmetrical encryption standard established by NIST National Institute of Standards and Technology based on the Rijndael algorithm developed at the University of Leuven B The openFT product family uses the AES method to encrypt the request description data and possibly also the file contents ANSI code Standardized 8 bit character code for message exchange The acronym stands for American National Standards Institute API Application Program Interface An interface that is freely available to application programmers It provides a set of interface mechanisms designed to support specific functionalities Application Entity Title AET The Application Entity Title consists of Layer 7 addressing information of the OSI Reference Model It is only significant for FTAM partners 418 openFT Windows Administration
190. distributed across just a few processes and are therefore processed more slowly but that on the other hand the performance of other applications on your computer is not significantly impacted e A high value for the process limit means that the requests are distributed over more processes and are therefore processed more quickly On the other hand increasing the process limit by too great an amount can cause the throughput to level off or even fall In addition the performance of other applications on your computer will be impacted to a greater extent 26 openFT Windows Administration Tasks of the administrator Setting the operating parameters e A low value for the connection limit means that only a few file transfers can run concurrently and that connection requests from remote partners will be rejected more often because the limit is exceeded The performance of other applications on your computer will not be degraded significantly e Ahigh value for the connection limit means that a high volume of file transfer requests will be processed concurrently and will therefore be handled in a short period of time and connection requests from remote partners will generally be accepted The performance of other applications on your computer will however possibly be degraded to a greater extent openFT Windows Administration 27 Administering code tables Tasks of the administrator 2 2 Administering code tables A code t
191. dix Column Type Values Priv String NO YES for FTAC log records and entry of an FTAC profile otherwise NONE ProfName String Value enclosed in double quotes NONE ResultProcess String NONE STARTED NOT STARTED StartTime yyyy mm dd hh mm ss Value Transld Number Value Write String REPL EXT NEW NONE StoreTime yyyy mm dd hh mm ss Value ByteNum Number Value DiagInf String Value enclosed in double quotes NONE Errinfo String Value enclosed in double quotes NONE SecEncr String YES or NO SecDichk String YES or NO SecDencr String YES or NO SecDdichk String YES or NO SecLauth String YES or NO SecRauth String YES or NO RsaKeyLen Number Value the space remains empty if SecEncr does not have the value YES SymEncrAlg String DES AES 128 AES 256 Value the space remains empty if SecEncr does not have the value YES CcsName String Value enclosed in double quotes 362 openFT Windows Administration Appendix Structure of CSV Outputs Column Type Values Adminid String Value enclosed in double quotes Routing String Value enclosed in double quotes AdmCmd String Value enclosed in double quotes openFT Windows Administration 363 Structure of CSV Outputs Appendix 9 1 5 ftshwm The following table shows the CSV output format for the monitoring values for openFT operation if all the monitoring values are output ftshwm csv a
192. dministration 81 Setting up a partner list Installation and configuration 3 2 Setting up and administering the partner list Although the creation of a partner list is optional it offers considerable advan tages These include simplified addressing for users the central administration of partner addresses and enhanced security since you can assign individual properties such as security level priority or partner check level to partner systems Following a new installation the partner list is empty Consequently you should create the partner list immediately after installation and in particular enter frequently used partners in this list You can use the following commands to administer the partner list ftaddptn Enter new partner in the partner list ftmodptn Modify the properties of a partner in the partner list ftremptn Remove a partner from the partner list ftshwptn Display the properties of partners in the partner list and export the partner list You can also administer the partner list via the openFT Explorer You enter a new partner in the partner list via the menu command File New Partner List Entry Alternatively In the object hierarchy click Administration and choose New Partner List Entry from the Partner List context menu Using the following context menu commands in the Partner List object window New Partner List Entry Enter a new partner Delete Delete partner At
193. dows Vista and Windows Server 2008 the SNMP Service from Microsoft must be installed first You can then install the openFT subagent li It is only possible to manage one openFT instance using SNMP This is the instance that was set with the system environment variable OPENFTINSTANCE before the SNMP service was started This variable is not set by default In this event the instance std is administered Installing the SNMP service This section describes installation using Windows XP as an example Installation on other Windows systems may differ slightly For further information refer to the Windows documentation Under Windows XP proceed as follows e From the Control panel select Add or Remove Programs Inthe Add or Remove Programs dialog press the Add Remove Windows Compo nents button In the next dialog select Management and Monitoring Tools from the list of components After pressing Details the SNMP master agent can be selected e After installation the SNMP service it must be configured by selecting SNMP Service under Services in the Control Panel It is possible to specify your own name under Contact and your location under Location in the index card Agent Nothing need be entered in the index card Traps while a Community string should be entered in the Security index card The Community string acts as a password In the subsequent administration of the sub agent this string functions as a password In addition access r
194. dress of the remote administration server ADM CMD Administration command without parameters ADMIN ID Administrator ID under which the request is processed on the remote administration server In the case of ADM log records on a client this field is empty ROUTING Routing information on the openFT instance to be administered 6 33 2 Reason codes of the logging function The FTAC log records contain a reason code which indicates whether an request was accepted after the admission check successfully and if not why it was rejected In ADM log records the reason code specifies why a remote administration request was not executed You can use the fthelp command to output the message text associated with the code number see page 192 fthelp code number 292 openFT Windows Administration openFT commands ftshwl reason codes In many codes the last three digits correspond to the number of the associated openFT message In addition there are a certain number of codes which do not correspond to openFT messages These are listed in the table below RC Reason 0000 Request successfully completed 1001 Request rejected Invalid transfer admission 1003 Request rejected Transfer direction not permissible 1004 Request rejected Illegal partner 1006 Request rejected Violation of file name restriction 100f Request reject
195. e If you use the command interface for remote administration you must first determine the names of the openFT instances that you are permitted to admin ister Determining the names of the openFT instances You obtain the names of the openFT instances using the command ftshwc You can enter the command directly on the remote administration server On a remote computer you must package it using the command ftadm e Entering ftshwc on the remote administration server ftshwe rt i e Entering ftshwc on the a remote computer ftadm cs server ftshwe rt i transfer admission Explanation server Name of the remote administration server from the partner list or address of the remote administration server using the format ftadm host transfer admission FTAC transfer admission for accessing the remote administration server The associated profile must have the property ACCESS TO ADMINISTRATION see page 102 and the profile name must be assigned to a remote administrator in the configuration file see page 107 Sample output TYPE INSTANCE ACCESS FT FTOP FTAC NAME Muenchen Jonny DESC Computer Test en Ip TYPE INSTANCE ACCESS FTOP NAME Muenchen Hello DESC Computer Hello NAME specifies the name of the instance that you must specify exactly as given here in the remote administration request Your remote administration permis sions for this instance are listed under ACCESS See also the description
196. e you can use it to insert updated comments from the syspkf comment file into existing public key files or replace accidentally deleted public key files of a key pair set Format ftupdk h Description h Displays the command syntax on the screen Example The name of the FT administrator is to be imported into the public key files First the file syspkf comment is edited using an editor This file is located in the config subdirectory of the instance directory see the ficrei command on page 164 The file might for example contain only the following line FT administrator John Smith Tel 12345 The command is ftupdk The command is executed without an error message Following this the information will be placed at the beginning of all syspkf public key files as a comment line 340 openFT Windows Administration 7 Whatif the message Local file is inconsistent is output This may be because a binary file was inadvertently transferred as a text file Use the b option a text file contains records that are too long Use the r option the message Remote system not available is output This may be because the partner address specified in the partner list TNS or hosts entry is not correct For BS2000 interconnections you should check whether a BCMAP entry for FJAM was made with the port number 1100 on the BS2000 partner this is automatically created as of openFT V9 0
197. e RSA key the maximum values for file transfer the identification and the name of the local system the default value for the security level the mode for sender verification the logging scope traces logging console traps and ADM traps the scope of measurement data recording the variant of the used code table the addresses for the individual protocols the settings for the remote administration server For FTAM operation you can also activate or deactivate the Application Entity Title AET 204 openFT Windows Administration openFT commands ftmodo Format ftmodo h kl 0 kl 768 kl 1024 kI 2048 tu lt transport unit size 512 65535 gt pl lt process limit 1 32 gt pl cl lt connection limit 1 255 gt admcl lt connection limit 1 255 gt admcs n admcs y rql lt maximum number of requests 2 32000 gt rqt lt request lifetime 1 400 gt rqt id lt identification 1 64 gt p lt processor name 1 8 gt l lt station name 1 8 gt sl lt security level 1 100 gt sl p ptc i ptc a It a lt f It n J lc a Ic m Ic r la a la f la m la n mon n mon f monr llr als monp a monp openft ftam ftp tr n tr f tr c trp a trp openft ftam ftp adm trr Ilr als tro b atpsv lt partner 1 200 gt
198. e TNS Possible values for the port number 1 to 65535 The default value for the port number is 4800 The default value for the T selector is F TAM openFT Windows Administration 217 ftmodo openFT commands For operating with TNS you can specify a TNS name other than the default for the local FTAM server A period must be placed before the TNS name e g ftam FTAMSERV The TNS name must not contain any period The default value for the TNS name is FTAM Make sure that you carefully harmonize the specifications for the port number the transport selector the session selector and the presentation selector in this option or in the relevant TNS entry with your FTAM partners s ftam s sets the port number and the TNS name for the FTAM server to the default value i e 4800 and FTAM adm port number adm s port number allows you to specify the port number used for remote administration Possible values 1 to 65535 The default value is 11000 s adm s resets the remote administration port number to the default value of 11000 ftstd port number ftstd s You use port number to define the default port number for the addressing of openFT partners via partner addresses Possible values 1 to 65535 The default value is 1100 Take care when using this option because when you change the value of the option openFT partners that use the default openFT port number 1100 can only be accessed if the port num
199. e as FTAM administrator call the following command ftmoda userid admpriv y This makes the user ID userid the ADM administrator Once the ADM adminis trator has been defined only the ADM administrator is permitted to transfer the permission to another user ID It is not sufficient for you to be an FT adminis trator or an FTAC administrator If you do not specify a user ID ftmoda admpriv y you are both the FTAC administrator and the ADM administrator The ADM administrator is indicated in the ATTR column in the output from the jftshwa command The value ADMPR appears in the associated admission set In place of the commands you can also use the openFT Explorer functions for instance via the object directory Admission Sets in the object tree on the left hand side or using the menu File New Admission Set 5 1 2 2 Declaring an openFT instance as a remote administration server To allow an openFT instance to act as a remote administration server this must be specified explicitly in the operating parameters of the instance To do this the FT administrator enters the following command ftmodo admcs y Alternatively you can set this operating parameter using menu system of the openFT Explorer Administration Operating Parameters Addresses tab Remote Administration Server option i Assoon as an openFT instance is declared as a remote adminis tration server the operating parameter Administration Connections is i
200. e default access rights which apply to the directory or with full access for the user who created the file This is relevant to NTFS file systems only With Inbound traffic either the owner of the profile currently being used or the user ID explicitly specified by the initiator is used You must restart the asynchronous openFT server after the change has been made 36 openFT Windows Administration Tasks of the administrator Switching the language interface 2 6 Switching the language interface The default language for openFT is set on installation e With unattended installation If German or English is set as the locale in the operating system this language is taken as the default language for openFT during installation In the case of all other system languages you are asked whether German or English is to be preset as the default language for openFT e With unattended installation openFT is installed with the German language interface if you specify the TRANSFORMS openFTde mst parameter for the Windows Installer Otherwise openFT is installed with the English language interface This language setting can be changed as follows e The user can change the locale using the Control Panel e g Regional and Language Options topic under Windows XP This change then also applies to other programs e Using the environment variable OPENFTLANG each user can modify their own language setting To do this they must call up t
201. e fully updated Possible reasons The syspkf file is locked There is not enough disk space to allow the file to be created Measure Take the appropriate action depending on the cause of the error Unlock the file Allocate disk space or have your system administrator do it Update the key with ftupdk 34 Command only permissible for FT FTAC or ADM administrator Meaning Only the FT FTAC or ADM administrator is permitted to use the command Measure Have the command executed by the FT FTAC or ADM administrator 35 Command only permissible for FT administrator Meaning Only the FT administrator is permitted to use the command Measure Have the command executed by the FT administrator 36 User not authorized for other user Ids Meaning The user is not authorized to use a different user ID in the command Measure Specify your own ID or have the command executed by the FT or FTAC administrator 37 Key reference unknown Meaning The specified key reference is unknown Measure Repeat the command with an existing key reference 408 openFT Windows Administration Appendix Messages for administration commands 38 39 40 41 42 43 44 Request lt Request id gt is in the termination phase and can no longer be canceled openFT not active Meaning openFT is not started Measure Start openFT if necessary Config user ID unknown or not enough space Meaning The Config user ID of the curren
202. e management second accumu requests received lated ThSuct Successful requests Number per Number Number of successfully second accumu completed openFT requests lated ThAbrt Aborted requests Number per Number Number of aborted openFT second accumu requests lated Thintr Interrupted requests Number per Number Number of interrupted openFT second accumu requests lated ThUsrf Requests from non authorized Number per Number users second accumu Number of openFT requests in lated which the user check was terminated with errors ThFoll Follow up processing operations x Number per Number started second accumu Number of follow up processing lated operations started ThCosu Connections established x Number per Number Number of connections second accumu successfully established lated ThCofl Failed connection attempts Number per Number Number of attempts to establish a second accumu connection that failed with errors lated ThCobr Disconnections Number per Number Number of disconnections as a second accumu result of connection errors lated openFT Windows Administration 299 ftshwm Monitoring values openFT commands Name Meaning Output with a only Output unit Formatted Raw DuRqtlOut Maximum request duration Outbound Maximum request duration of an outbound request X Milliseconds 1 DuRqtlinb Maximum request duration Inbound Maximum request dur
203. e name with the transfer admission see below The profile name must be unique among all the FT profiles under your login name or FTAC will reject the frcrep command and issue the message FT profile already exists To have the profile names you have already assigned displayed you can issue the ftshwp command without options s for profile name Creates the standard admission profile for the user ID You must specify n as the transfer admission because a standard admission profile in a request is addressed using the user ID and password You must not specify the options v d and u with a standard admission profile transfer admission n replaces the login authorization for your Windows system otherwise required in FT requests When this transfer admission is specified in an FT request FTAC applies the access rights defined in this FT profile transfer admission The transfer admission must be unique within your Windows system so that there are no conflicts with transfer admissions defined by other FTAC users with other access rights If the transfer admission you select has already been assigned FTAC rejects the ftcrep command and issues the message Transfer admission already exists You can also define a binary admission with any characters including non printing characters To do this you must specify the transfer admission in hexadecimal format in the following form x or X e g Xf1f2f3f4f5f6f6f8 As the
204. e password for the particular login name If you do not have FT administrator rights or specify the password the profile is created without a transfer admission the user must then assign it later When you create the profile you can also assign privileges You can also create admission profiles in the openFT Explorer by opening the Admission Profiles dialog window via the File New menu item You will find a detailed description of each of the functions in the online help Viewing and modifying FT profiles You can use the ftshwp command to display the FT profiles of all users The transfer admission of the profile is not output i e your administrator privileges do not grant you access to files on remote systems You can also view the admission profiles in the openFT Explorer by clicking on the Admission Profiles object You can also change admission profiles in the Admission Profiles dialog window You will find a detailed description of each of the functions in the online help You can use the ftmodp command to make the following changes to an FT profile assign or cancel privileges modify the transfer admission of an FT profile whose owner is a different user ID In order to do this you must have FT administrator rights or you must know the password assign the profile to another login name Following a modification of this nature the profile will be locked unless the FTAC administrator has FT administrator rights an
205. e request is temporarily excluded from processing This state may occur both for openFT and for FTAM partners With openFT partners e g when a resource bottleneck is encountered or when external data media must be made available With FTAM partners when one of the partners proposes a waiting period until the next start or recovery attempt via the FTAM protocol and this period exceeds the delay normally permitted 90 openFT Windows Administration SNMP SNMP management WAIT The request is waiting ACTIVE The request is currently being processed CANCELLED The request was cancelled in the local system However the remote system is aware of its existence e g because it was previously active Therefore the request cannot be removed from the request queue until a connection to the partner has been re established FINISHED This status arises for requests involving FTAM partners when the request has been either completed or cancelled but the user has not yet been informed of the fact HOLD The start time specified when the request was issued has not been reached 4 3 4 Control of diagnostics MIB definition Object name Access Meaning object identifier ftDiagStatus read write Diagnosis Management 1 3 6 1 4 1 231 2 18 5 1 0 Input Syntax Integer Meaning off 1 Diagnosis management is deactivated on 18 Diagnosis management is activated If the values are set to on or
206. e row as the field names This is followed by a row containing the monitoring values or their types and scaling factors as decimal numbers You can limit the scope of the output by specifying individual monitoring values that are significant for you name name a The specified monitoring value or if ty is specified the type and scaling factor associated with the named value is to be output name must be one of the short names of the monitoring values as they appear in the CSV header You can specify up to 100 names separated by blanks a for name All openFT monitoring values or the types and scaling factors of all openFT monitoring values are to be output 296 openFT Windows Administration openFT commands ftshwm Monitoring values name not specified A predefined default set of monitoring values is output see the section Description of the monitoring values on page 297 6 34 1 Description of the monitoring values The table below shows all the monitoring values output with the option a You can instead specify a list of any of the monitoring values shown in the table The first two letters of the name indicate the data object that the monitoring value belongs to Th Throughput Du Duration St State The second component of the name indicates the performance indicator e g Netb for net bytes In the case of monitoring values for the Throughput or Duration data object the last
207. e specific files are located in the directory ProgramData Fujitsu Technology Solutions openFT ar std A standard admission set permitting all file transfer functions is created A key pair set is created see page 51 The openFT service and the asynchronous openFT server are started openFT Windows Administration 71 Update installation Installation and configuration 3 1 2 Update installation from openFT V8 1 and V10 0 If openFT V8 1 or V10 0 is already installed an update installation is performed Points to observe preparatory to an update installation During an update installation the following actions are carried out for all active instances including the default instance e The log file is deleted Therefore you should evaluate the log records before performing the update installation e Any running openFT Script requests are aborted during installation All old aborted openFT Script requests are not regarded as being restartable in the new openFT version You should therefore complete all running openFT Script requests before carrying out an update installation from V10 e Existing trace files if any and diagnostics files are deleted If you wish to continue using openFT instances that have been deactivated using ftdeli you should activate them before the update installation using ftcrei The corresponding instance file trees are then automatically updated during installation If you do not do this you must
208. e tag lt Instance gt for the openFT instances You can define up to 5000 instances For a detailed description of an instance refer to the section Defining groups and openFT instances to be administered on page 109 A pathname is formed from the name of the instance and the name of the group where appropriate with subgroups according to the following pattern group subgroupl subgroup2 instance The remote administrator must enter precisely this pathname in a remote administration request to the instance See also page 124 This pathname can be a maximum of 200 characters long The maximum number of subgroups therefore depends on the lengths of the individual names 106 openFT Windows Administration Central administration Remote administration Defining remote administrators In the configuration file you specify which remote administrators are permitted to perform remote administration To do this proceed as follows e Define one or more remote administrators e Assign each remote administrator a profile name and or a user ID on the remote administration server A remote administrator is defined using the XML tag lt AdministratorID gt You can enter a maximum of 100 remote administrators in the XML file The lt AdministratorID gt tags must be defined immediately following the lt Configu ration gt tag because the subsequent definitions for the groups and instances reference them lt Administrator
209. ears For reasons of data security this message does not differentiate between the various possible reasons for the rejection on the initiator side This information is only available via the openFT logging of the responder system 344 openFT Windows Administration What if requests still remain in the WAIT state Check whether the asynchronous openFT server is started in the local system Check whether the openFT or asynchronous openFT server is started in the remote system Using ftshwr l you can obtain further information on the cause the message Can t create termination event error x Command aborted is output on a Windows Terminal Server or Windows Server when a user executes an openFT command This means that the openFT command cannot be executed due to missing user privileges The problem might occur on Windows Terminal Server or Windows Server if the privilege to Create global objects is not granted to the Users group The System Administrator must therefore grant the privilege Create global objects to the Users group to solve the problem the openFT service only starts when the system is rebooted but cannot be started manually although the user has the necessary administrator rights In this case you will receive an error message from Windows with number 0xC0000022 regarding a failed initialization This happens when a path with a network drive or UNC name or a pat
210. ecution b ftexec Execute operating system commands in remote system File management ftcredir Create remote directories ftshw Display attributes of one or more files in the remote system ftshwf Display the FTAM attributes of a local file ftmod Modify file attributes in a remote system 140 openFT Windows Administration openFT commands Overview ftmoddir Modify the attributes of remote directories ftmodf Modify the FTAM attributes of a local file ftdel gt Delete a file in a remote system ftdeldir Delete remote directories Logging ftshwl Display log records ftdell Delete log records fthelp Display information on the reason codes in the log records FTAC function ftcrep Create FT profile ftshwp Display FT profile ftmodp Modify FT profile ftdelp Delete FT profile ftshwa Display admission set ftmoda Modify admission set ftexpe Export FT profiles and admission sets ftshwe Display FT profiles and admission set from a file ftimpe Import FT profiles and admission sets Administer instances ftseti ftshwi P ftmodi ftupdi ftdeli Set an instance Output information on instances Modify an instance Update the instance directory Deactivate an instance openFT Windows Administration 141 Overview openFT commands Display measurement data ftshwm Display measurement data of the openFT operation ftmonitor Display measurement data of the openFT operation on openFT Monitor
211. ed Violation of success processing restriction 1010 Request rejected Violation of failure processing restriction 1011 Request rejected Violation of write mode restriction 1012 Request rejected Violation of FT function restriction 1014 Request rejected Violation of data encryption restriction 2001 Request rejected Syntax error on file name extension 2004 Request rejected Overall length of follow up processing exceeds 1000 characters 3001 Request rejected Invalid user identification 3003 Request rejected Invalid password 3004 Request rejected Transfer admission locked 3011 Request rejected Violation of user outbound send level 3012 Request rejected Violation of user outbound receive level 3013 Request rejected Violation of user inbound send level 3014 Request rejected Violation of user inbound receive level 3015 Request rejected Violation of user inbound processing level 3016 Request rejected Violation of user inbound file management level 3021 Request rejected Violation of ADM outbound send level 3022 Request rejected Violation of ADM outbound receive level 3023 Request rejected Violation of ADM inbound send level 3024 Request rejected Violation of ADM inbound receive level openFT Windows Administration 293 ftshwl reason codes openFT commands RC Reason 3025 Request rejected Violation of ADM inbound processing level 3026
212. ed installation If at least Version 2 0 2600 2 of the Windows Installer is not already present on your Windows system you must first install this The openFT msi and PCMX 32 msi files are located in the openFT Unattended_installation directory on the product CD Possible Windows Installer parameters ADDLOCAL ADDLOCAL is used to specify which optional features are installed Possible values are FTAM FTP SNMP ALL lf ADDLOCAL is not specified only the openFT protocol is installed by default TRANSFORMS The German variant of openFT can be set by specifying the TRANS FORMS parameter It is then necessary to specify openFTde mst the path of the language transform for German If TRANSFORMS is not specified the English version is installed by default For details on setting the language see section Switching the language interface on page 37 openFT properties INSTALLDIR The INSTALLDIR parameter enables you to specify the installation directory for openFT see also page 68 The INSTALLDIR parameter can also be specified with the PCMX 32 msi package for unattended PCMX 32 installation You must not specify network drive paths or UNC paths as the installation path INSTALLDIR openFT Windows Administration 75 Automatic installation Installation and configuration Examples 1 You start unattended installation of PCMX 32 without user interaction with msiexec i PCMX 32 msi qn 2 You start unattend
213. ed installation of the German language version of openFT without user interaction in the default directory Program Files openFT with msiexec i openFT msi TRANSFORMS openFTde mst qn 3 Enter the following command to start unattended installation without user interaction of the German language version of openFT including FTAM protocol and SNMP in the default directory msiexec i openFT msi ADDLOCAL FTAM SNMP TRANSFORMS openFTde mst qn Li If you select unattended installation e g option gn or qb the system is restarted automatically by the Windows Installer if necessary You can suppress restart by setting the norestart option Windows Installer 3 0 or higher or the parameter REBOOT ReallySupress In the case of unattended installation the exit code of msiexec exe indicates whether installation was successful or not To use this facility start msiexec as follows start wait msiexec i openFT msi TRANFORMS openFTde mst qn REBOOT ReallySuppress You can then query the error level with echo ERRORLEVEL 0 Installation was successful 3010 The system must be rebooted All other exit codes returned by msiexec exe are explained in the command description for the Windows Installer 76 openFT Windows Administration Installation and configuration Installation of the SNMP subagent 3 1 5 Installation of the SNMP subagent In order to install the openFT sub agent on Windows XP Windows Server 2003 Win
214. ee also page 40 If the partner address is more than 8 characters in length then it is truncated to 7 characters and suffixed with an asterisk If the request is in a WAIT or LOCKED state the following indicators before PARTNER are also entered in the request queue s empty No resources free at present e g no memory The local FT administrator has locked the resource e g deacti vating the partner Connection setup to the partner system failed The partner is currently inactive or it can currently accept no further connec tions or a network node has crashed Other possibilities The connection to the partner system has been lost a data integrity error has been detected An installation or configuration error has occurred e g the local system is not known to the partner authentication of one of the partners has failed or the encryption is local or not available to the partner system 328 openFT Windows Administration openFT commands ftshwr DIR The DIR column specifies the direction of transfer TO Send to the remote system FROM Fetch from the remote system BYTE COUNT This column indicates the number of bytes transferred and saved up to now The BYTE COUNT counter is only updated at certain intervals FILE NAME Name of the file in the local system 6 38 1 2 Totaled ftshwr output In the case of totaled output a table showing the number of requests in the various request states is
215. efined with ss the character set available for specifying follow up processing in the FT request is restricted to alphanumeric characters letters and digits the special characters _ a period between alphanumeric characters 178 openFT Windows Administration openFT commands ftcrep lss not specified TAC adds no suffix to the follow up processing specified in the request in the event of successful file transfer If command4 n If specifies follow up processing to be executed under your login name if the file transfer is aborted due to an error If If is specified no failure follow up processing may be requested in the FT request Making an f entry only makes sense if you also make an entry for s see above to preclude the possibility that a successful request can circumvent the If entry If you have defined a prefix for the file name with fnp and plan follow up processing for this file you must specify the complete file name here n for command4 If f n is specified no failure follow up processing is then permitted in the event of unsuccessful file transfer If not specified does not restrict follow up processing in the local system in the event of unsuccessful file transfer Exception see lfp or fs Ifp command5 lfp defines a prefix for follow up processing in the local system in the event of unsuccessful file transfer FTAC then sets the character string command5
216. eir inbound values to 0 They may then use their profiles and the ignore level function to permit any desired access mode Inbound requests for which the corresponding security level is O will then be allowed only via the FTAC transfer admission but no longer via the login and password It is also possible to assign partner specific security levels see page 44 and for openFT partner to undergo a reliable identity check using crypto graphic means see section Authentication on page 49 The use of a file name prefix in the FT profile provides additional security This prevents switching to a parent directory Important If you have high security requirements these actions are really only useful if no other network access options are available that allow the protection mechanisms to be circumvented In particular this means that TCP IP services such as ftp tftp must not be active openFT Windows Administration 57 FTAC environment Tasks of the administrator 2 12 2 Administering admission profiles As the FTAC administrator you can create FT profiles for any user in the system and modify them The FTAC administrator is the only person who can assign privileges to FT profiles Creating FT profiles You can create FT profiles with the command ftcrep If you also want to assign a transfer admission at the same time you must either have FT administrator rights as the FTAC administrator or specify th
217. em if s if 0 100 sets the value for the basic function inbound file management see page 201 for possible values Please note that subcomponents of inbound file management are affected by other settings see Dependencies concerning inbound file management on page 201 0S or is ir ip Or if not specified leaves the setting for the respective basic function unchanged 200 openFT Windows Administration openFT commands ftmoda Possible values for the basic functions The following values are possible for the individual basic functions os or is ir ip and if s The specifications in the default admission record apply to the basic functions 0 The basic function is locked With some basic functions this can also affect inbound file management components For details refer to the table on page 201 1 to 99 The basic function is only released for partner systems on which the security level is less than or equal to the specified value 100 The basic function is released for all partner systems Dependencies concerning inbound file management The subcomponent Display file attributes is controlled by the basic function inbound send In addition the following dependencies on other on other settings exist for some components Inbound file management Values of the admission set function or extension in profile Display file attributes Inbound Send IBS enabled Modify file attri
218. en the initial host fails You will find examples on how to use openFT in a cluster of Windows systems in the appendix A requirement for this is that openFT uses only the TCP IP transport system Other transport systems are not supported in a cluster and must also not be configured in the TNS In a cluster the same version of openFT must be running on all the computers For systems that do not have TCP IP there is currently only the standard instance OpenFT commands that call preprocessing postprocessing or follow up processing run in the same instance as the request that initiated the pre post or follow up processing If you administer openFT via SNMP then please note when switching to the cluster that SNMP can only work together with one instance The decisive factor is which instance is set when the agent is started see also chapter Administering openFT via SNMP on page 85 Command for administering instances As an openFT administrator you can create modify and delete instances You can also set up instances and obtain information on instances like a user e Creating or activating an instance Using the command ftcrei you can create a new instance or re activate switch on a deactivated instance When an instance is created the operating parameters and the profile files are initialized as during a new installation If you create a new instance and wish to continue using the default instance std You must as
219. en a given maximum size is exceeded ADM traps cannot be explicitly deleted 5 2 2 Configuring ADM traps in the openFT instance To enable an openFT instance to send ADM traps to the ADM trap server the FT administrator of the openFT instance must make certain settings in the operating parameters The procedure for Unix and Windows systems is described below You will find the descriptions for BS2000 OSD and z OS systems in the relevant openFT Installation and Administration manuals Carry out the following actions in your role as FT administrator e Specify the following items in the atpsv option of the ftmodo command the name of the ADM trap server The ADM trap server must be an ADM partner i e it must either be defined in the partner list using the address format ftadm host or the address must be specified directly using the format ftadm host the transfer admission for the admission profile defined in the ADM trap server for this purpose See page 129 e Inthe atp option of the ftmodo command you specify the events on which ADM traps are to be sent to the ADM trap server state change of the asynchronous openFT server Change of partner status Unavailability of partners Change of request management status Successfully completed requests Failed requests For reasons of performance you should restrict the scope of the ADM traps to the necessary minimum for instance to faile
220. enFT specific TNS entries for cluster configura tions and delete those transport system entries that are not related to TCP IP i e everything but RFC1006 and LANINET Encryption If you want to use encryption for user data in addition to request description data you must install openFT CR version 11 0 for Windows systems openFT Windows Administration 79 Activities after installation Installation and configuration When connecting to openFT partners that support the AES algorithm the request description data and file contents are encrypted using the RSA AES algorithm instead of with the RSA DES algorithm In the case of partners using openFT as of V11 0 a 256 bit AES key is used and in the case of partners using openFT up to V10 0 a 128 bit AES key is used So that you can transfer openFT request description data and file content in encrypted form there must be a key pair set in the local system see page 51 A key pair set is created during installation of openFT and consists of private and public keys of suitable length Other key pair sets can be created if necessary using ftcrek Obsolete key pair sets are deleted using ftdelk Private keys are internally administered by openFT Public keys are saved under the name syspkf r lt key reference gt I lt key length gt in the config directory of the instance file tree of the openFT instance see also Instance directory on page 68 The key reference is a numeri
221. enter ftmodp without any parameters openFT Windows Administration 239 ftmodp openFT commands CAUTION If you use the ff p fn fnp ls lsp lss If lfp or lfs options you must remember that a file name restriction can be bypassed by renaming the file unless follow up processing is also restricted that follow up processing must always be restricted for both successful and unsuccessful file transfer and if necessary equivalent restrictions must exist for any permitted preprocessing that prefixes for the file names and follow up processing must be matched to one another that no symbolic links should occur in the part of your file tree that is refer enced by the file name prefix that restrictions applied to preprocessing or follow up processing can be circumvented if it is possible to replace this command with for example a Trojan horse Example The transfer admission in the goldmrep FT profile created in the Example on page 182 is to be changed to forScrooge The transfer direction is no longer to be restricted The profile is to be used to transfer any files with the prefix mine Follow up processing is to be prohibited entirely The following command has to be entered ftmodp goldmrep tad forScrooge dir tf fnp mine 1s n 1 f n 240 openFT Windows Administration openFT commands ftmodptn 6 23 ftmodptn Modify partner properties You use the ftmodp
222. entified by its address The default value is s p 208 openFT Windows Administration openFT commands ftmodo ptc i ptc a This allows you to modify the global settings for sender verification This setting only applies to partners which are connected via the openFT protocol and do not use authentication e g partners with openFT V8 0 or earlier and only applies if dynamic partners are deactivated dp i identification Deactivates verification of the transport address Only the identifi cation of the partner is checked a address Activates verification of the transport address If the transport address under which the partner logs in does not correspond to the entry in the partner list then the request is rejected It a It f It n This option is used to selectively deactivate FT log records Possible values a all This is the default setting log records are written for all FT requests f failure case Log records are written for failed FT requests only n none No log records are written Ic a lc m Ilc r This option is used to selectively activate deactivate FTAC log records Possible values a all This is the default setting log records are written for all FTAC access checks m modifying FM calls Log records are written for all modifying file management requests leaving the remote system as well as for all rejected FTAC access checks r reject case Log records are written fo
223. enuinely who they claim to be A high security level means that the need for protection vis a vis this partner is high because the identity of the partner has only been determined on the basis of their address for instance and that no authentication has been performed using cryptographic methods 1 100 Assigns a fixed security level to the partner 1 is the lowest and 100 the highest security level All integers 1 through 100 are permitted openFT Windows Administration 243 ftmodptn openFT commands p Assigns a security level to the partner depending on the partner s attributes i e Security level 10 if the partner has been authenticated Security level 90 if the partner is known in the transport system and is identified by the name it is known by in the transport system Security level 100 if the partner has only been identified by its address security level not specified sl without parameters means that the operating parameter setting for the security level applies see command fimodo on page 204 sl not specified The setting for the security level is unchanged pri l pri n pri h pri allows you to specify the priority of a partner in respect of processing requests that have the same request priority This means that the partner priority only applies in the case of requests that have the same request priority but that are issued to partners with a different partner priority I
224. equests OPTIONS only in the TRACE row NONE means no options the trace is written normally NO BULK DATA means minimum trace i e bulk data file contents is not logged In addition no repetitions of data log elements are logged ftmodo mon tr ftmodo monp trp fitmodo monr trr ftmodo tro 310 openFT Windows Administration openFT commands ftshwp 6 36 ftshwp Display FT profiles ftshwp stands for show profile and allows you to obtain information about FT profiles In short form it displays the names of the selected FT profiles as well as the following information whether or not the FT profile is privileged asterisk before the profile name whether or not the transfer admission is disabled exclamation mark before the profile name As the ADM administrator you may also obtain information about ADM profiles i e FT profiles with the property access to remote administration server As the FTAC administrator you may obtain information about all FT profiles in the system Format ftshwp h lt profile name 1 8 gt s s lt transfer admission 8 36 gt a n lt user ID 1 36 gt a adm I csv Description h Displays the command syntax on the screen Entries after the h are ignored profile name s Is the name of the FT profile you wish to see s for profile name Provides information on the standard
225. equests stored for this partner in the request queue are deleted This is even the case for requests with a status which means that they are known to the partner system Since this can lead to inconsistencies you should only remove a partner from the partner list if either there are no more requests for this partner in the request queue or if you can be sure that the partner system will not become active again 252 openFT Windows Administration openFT commands ftsetpwd 6 27 ftsetpwd Store user password With ftsetpwd you can store the user password of a Windows user ID in openFT Output is written to standard output If no user password has been stored for a user this user cannot use the functions Admission Profiles Follow up Processing Preprocessing Postprocessing or Asynchronous Requests Format ftsetpwd h ua lt user ID 1 36 gt lt password 1 64 gt s lt partner 1 15 gt c Description h Displays the command syntax on the screen Entries after the h are ignored ua user ID password user ID of the user logged on or of any user whose password is to be stored in openFT password is the user password If you specify c you must not enter a password here S partner partner is the name of a different Windows system for which you want to store the user password there This parameter can be omitted if the user password is to be stored on the local computer C This parameter all
226. er admission Identifies the FTAC transfer admission The remote administrator must specify this with a remote administration request See page 123 In addition for reasons of security you can use pn partl part2 partn to specify the partner s from which a remote administrator is permitted to access the remote administration server You can also set up the profile using the openFT Explorer by making the following settings in the Options tab of the Admission Profile dialog box Activate the option Access to Remote Administration Server Deactivate all file transfer functions under Permissible FT Functions 102 openFT Windows Administration Central administration Remote administration 5 1 2 4 Entering the openFT instances to be administered in the partner list On the remote administration server the FT administrator should enter the openFT instances that are to be administered in the partner list This makes it possible to reference the instances using the names in the partner list which has the following benefits e Ifthe address changes it is only necessary to change the entry in the partner list This avoids the necessity of modifying and re importing the configuration file e Itis possible to explicitly use partner checking and authentication thus elimi nating security risks on the path between the remote administration server and the administered openFT instance The FT administrator enters the partn
227. er remaining in the list the profile can be used by every partner system pn pna and pnr not specified causes the entries for permitted partner systems to apply unchanged fn file name fn specifies which file s under your login name may be accessed using this FT profile If you specify a fully qualified file name only the file with this name can be transferred If the file name ends with unique or UNIQUE this string is replaced by a string which changes for each new call In Windows systems this string is 18 characters long In addition a suffix separated by a dot may be specified after unique or UNIQUE e g filel unique txt Only the already converted file name is displayed in both the log and the messages If file name starts with a pipe character then it is interpreted as a preprocessing or postprocessing command file name not specified fn allows you to cancel a file name entry This also applies to a prefix assigned with jnp The FT profile then permits unrestricted access to all files fn not specified leaves the file name entries in the FT profile unchanged fnp file name prefix restricts access to a set of files whose names begin with the same prefix FTAC adds the character string specified as file name prefix to the file name in the request and attempts to transfer the file with the expanded name For example if this option is specified as fnp scrooge and the request contains the file name stoc
228. erent addresses for inbound and outbound requests to simplify administration you can define a dummy entry containing the incoming sender address for the inbound side To do this you enter a hash followed by a number in part 5 of the global name Checklist The following checklist is intended to help you gather the data required for the TNS entry of an FTAM partner The questions must be answered by the FTAM partner openFT Windows Administration 387 Remote TS application for openFT FTAM Appendix 1 openFT FTAM sets up the connection Which values do the following parameter have with specification of coding a called X121 LAN address NSAP X 31 called TSEL Code called SSEL Code called PSEL Code Protocol Identifier Layer 3 CUD f called APT _no _NILAPTitle __ 1 g called AEQ no 1 h calling APT _no _NILAPTitle __ 1 1 APT Application Process Title and AEQ Application Entity Qualifier are not specified in the TNS entries but in the openFT commands Some FTAM partners expect APTs and possibly AEQs others expect no APTs AEQs to be specified 2 The partner sets up the connection Which values do the following parameters have with specification of coding a calling X121 LAN address NSAP X 31 b calling TSEL Code c calling SSEL Code d calling PSEL Code
229. ering RSA key pairs 51 Distributing the keys to partner systems 52 Administering the keys of partnersystems 53 Reciprocal authentication sa ics 6 s ke ek i aa 53 OpenFT loggiING 22 vs ee eine ev SSPE RSD HS RO OS 55 Administering the FTAC environment 56 Administering admission sets 2 0004 56 Administering admission profiles 58 Saving the FTAC environment 59 Using openFTinacluster 022 28822 ae 61 Diagnosis 2 seksi vee bt eee eee eee eee ed Re ee 63 Save and restore configurationdata 65 Installation and configuration 265 67 Installation of openFT sasana ee 67 New installation c 24 2428 6 ba 6 44 se bee we ee 70 Update installation from openFT V8 1 andV10 0 72 Installation ofapatch 2 22 008 74 Unattended installation 2 0 000 4 75 Installation of the SNMP subagent 77 Deinstallation gt wk ka Be hw RRR wR RK dad 78 Activities after installation 008 4 79 Setting up and administering the partner list 82 Administering openFT viaSNMP 45 85 Activities after installation 85 Starting the openFT subagent 86 SNMP management foropenFT 2 55 87 Starting and stopping openFT 88 System parameters 2 0 a 89 Statistical information
230. erisk Date Date and time are always output in the format yyyy mm dd hh mm ss a date alone is output in the format yyyy mm dd One example of a possible evaluation procedure is supplied as a reference template in the Microsoft Excel format in the file openFT installation directory samples msexcelftaccnt xit The template evaluates a CSV log file by means of an automatically running macro The result shows the number of inbound and outbound requests and the Kilobytes transferred in each case for all users openFT Windows Administration 147 ftaddptn openFT commands 6 4 ftaddptn Enter a partner in the partner list You use the ftaddptn command to enter a partner system in the local system s partner list Format ftaddptn h lt partner name 1 8 gt pa lt partner address 1 200 gt id lt identification 1 64 gt id ri lt routing info 1 8 gt ri i ri ptc i ptc a ptc sl 1 100 sl p sl pri l pri n pri h st a st d st ad am y am n tr n tr f tr Description h Displays the command syntax on the screen Entries after the h are ignored partner name This is the name to be used to enter the partner system in the partner list The name may consist of 1 to 8 alphanumerical characters The first character must be a letter and no distinction is made between uppercase and lowercase The name can be chosen freely and need only
231. ers in the partner list To do so use the command ftaddpin See the section ftaddptn Enter a partner in the partner list on page 148 Alternatively you can use the openFT Explorer to navigate to the object directory Partner List in the object tree for instance and choose New Partner List Entry from the context menu Address format of the partners Partners using openFT as of V11 0 and openFT lt V11 0 have different address formats e Partners using openFT as of V11 0 must be entered as ADM partners An ADM partner has the following address format ftadm hostL port number port number only needs to be specified if the default ADM port 11000 is not used on the computer host of the instance to be administered e Partners using openFT lt V11 0 must be entered as openFT partners because the ftexec command is used internally for remote administration hostL port number port number only needs to be specified if the default openFT port 1100 is not used on the computer host of the instance to be administered The ADM administrator must additionally specify the attribute Mode Legacy in the configuration file for such partners See the section Defining instances on page 11 ff openFT Windows Administration 103 Remote administration Central administration 5 1 2 5 Creating a configuration file This section is intended for ADM administrators The configuration file is an input file in XML fo
232. ers which are not interconnected via TCOP IP an entry in the TNS is the precondition Which entries are created or modified for which installation variant and which type of link are explained in the following section entitled TNS entries created automatically The procedure for the entry of remote TS applications is explained starting on page 384 openFT Windows Administration 379 Entering transport system applications in the TNS Appendix TNS entries for cluster configurations Please note that cluster configurations are only supported for TCP IP You will therefore need to check all openFT specific TNS entries for cluster configura tions and delete those transport system entries that are not related to TCP IP i e everything except for RFC1006 and LANINET You will find an example of this in the appendix 380 openFT Windows Administration Appendix TNS entries created automatically 9 2 1 TNS entries created automatically During the installation of openFT depending on the installation variant certain FT applications are automatically entered in the TNS or the existing entries are modified It is generally advisable not to modify the applications entered during the installation If this is required in any case it must be ensured that the port number of the FJAM entry is divisible by 100 and that the port number of the FJAMOUT entry is equal to the port number of the FJAM entry 1 If your system
233. expe Export FT profiles and admission sets ftexpe stands for export environment i e exporting the FTAC environment or exporting FT profiles and admission sets Using ftexpe the FTAC administrator can write FT profiles and admission sets of any login names to files thereby saving them However the standard admission set is not saved and the variable values in an admission set values marked with an asterisk that refer to the standard admission set are saved as variables This means that there is no fixed value for the relevant basic function in the backup If an admission set is imported the relevant basic function receives the value of the standard admission set that is currently valid FT profiles and admission sets saved in this way can be re imported using the ftimpe command The timestamp of an admission profile is not changed on an export or import operation Format ftexpe h lt file name 1 256 gt u lt user ID 1 36 gt lt user ID 100 1 36 gt pr lt profile name 1 8 gt lt profile name 100 1 8 gt pr n as y as n adm y adm n Description h Displays the command syntax on the screen Entries after the h are ignored file name With file name you specify the name of the file in which the FT profiles and records are to be written You may access this file only using the ftimpe and ftshwe commands file name must not be longer than 256 characters and no f
234. f CSE e ik se Re ae ek Bok eS ee ho Me a Ande oe 392 Configuration of openFT 04 392 Operations with the individual openFT Instance 394 Use of the Windows cluster as an openFT Server 395 Configuring resource specific openFT properties 396 Exit codes and messages for administration commands 405 Messages for all commands 405 Messages for administration commands and measurement data ECONO 5 i aeaoe te aa A e a Be Beta A pry sm No 407 Messages for remote administration 414 openFT Windows Administration Contents GREENS o re ese FR ee ee ee ee ee ee 417 Abbreviations es 441 Related publicationS 2 2666 8 c82 deed ee eae knea 445 INEX 2G ches renerne eae ees HRP CRP ERT eR ERT RES 447 openFT Windows Administration Contents openFT Windows Administration 1 Preface The openFT product range transfers and manages files automatically securely and cost effectively The reliable and user friendly transfer of files is an important function in a high performance computer network The corporate topologies consist of networked PC workstations which are additionally linked to a mainframe or Unix based server or Windows server This allows much of the processing power to be provided directly at the workstation while file transfer moves the data to the mainframe for further processing there as required In such lands
235. f successful if specified in the request FAIL PROC Local follow up processing commands if unsuccessful if specified in the request 332 openFT Windows Administration openFT commands ftshwr REM Properties in the remote system FILE File name in the remote system TRANS ADM Transfer admission in the remote system Possible values REMOTE PROFILE request with FTAC transfer admission TRANS ADM user ID request with user ID password CCSN CCS name used in the remote system SUCC PROC Remote follow up processing commands if successful if specified in the request FAIL PROC Remote follow up processing commands if unsuccessful if specified in the request STORE Indicates the time at which the request was entered in the request queue BYTECNT This value is output only if the request is currently active or if it was already active and the file transfer has been interrupted BYTECNT indicates the number of bytes transferred and saved up to now The counter is updated regularly TRANS This shows the direction of transfer Possible values are TO The document is sent FROM The document is received START Indicates the time at which the request is to be started Possible values Date Time The date and time at which the request is to be started is output SOON The request should be started as soon as possible openFT Windows Administration 333 ftshwr openFT commands No entry The req
236. fy FT profiles ftmodp stands for modify profile The FTAC administrator can use this command to change or to privilege FT profiles of other users The ADM administrator can use this command to change ADM profiles i e FT profiles which have the property access to remote administration server cor responding to ff c The timestamp is updated when a profile is modified In the event that the FTAC administrator does not have FT administrator privi leges the same time then admission profiles of other users are blocked after a modification except after priv y This can be by passed by entering va user ID password f the user later changes his her password the profile will no longer be usable without further modification openFT Windows Administration 221 ftmodp openFT commands Format ftmodp h lt profile name 1 8 gt s a s lt transfer admission 8 36 gt a n lt user ID 1 36 gt a adm ua lt user ID 1 36 gt lt password 1 64 gt n nn lt profile name 1 8 gt tad tad lt transfer admission 8 36 gt tad n v yl v n d yyyymmdd d u pr u pu priv y priv n iml y iml n iis y iis n iir y iir n iip y iip n iif y iif n ff ff t m p rIlal ff c dir f dir t dir ft pn lt partner 1 200 gt lt partner 50 1 200 gt pn pna lt partner
237. g STRG Z at the start of a line followed by Return If input is blanked d for the transfer admission the system first queries the transfer admission You can then enter the command transfer admission d FTAC transfer admission for accessing the remote administration server Specification of the transfer admission is mandatory if you have specified cs and must not be specified if you have not specified cs 154 openFT Windows Administration openFT commands ftadm d for transfer admission If you specify d blanked the transfer admission is queried on screen after the command has been sent The entry you make is not displayed in order to prevent unauthorized persons from seeing the transfer admission transfer admission not specified If you do not specify an FTAC transfer admission two possible situations arise If you have also specified cs the transfer admission is queried on screen after the fradm command has been sent If you do not specify cs i e if you enter fradm directly at the remote administration server your user ID is used as proof that you are authorized to perform remote administration 6 5 1 Remote administration commands The following tables list the possible remote administration commands on the individual openFT platforms and on the remote administration server The Permission column shows the permission required to execute the command as a remote administration command The f
238. g and modification can only be set up if the FT administrator is also an FTAC administrator If this is not the case two profiles must be created for FT and for FTAC The instance must then also be configured twice in the configuration file of the remote administration server once for FT remote administration and once for FTAC remote administration openFT Windows Administration 119 Remote administration Central administration Example The FT administrator enters the following command for an admission profile for instance Unix or Windows system ftcrep profile name transfer admission ff a Possible alternative using the openFT Explorer Open the Admission Profile dialog box for instance using File New Admission Profile and then in the Options tab activate the option Remote Administration via Remote Administration Server BS2000 OSD CREATE FT PROFILE NAME profile name TRANSFER ADMISSION transfer admission FT FUNCT ION REMOTE ADMINISTRAT ION z OS FTCREPRF NAME profile name TRANSFER ADMISSION transfer admission FT FUNCT ION REMOTE ADMINISTRATION If you also wish to ensure that this profile can only be used by a particular remote administration server specify this using pn server Unix and Windows system or PARTNER server BS2000 OSD and z OS 120 openFT Windows Administration Central administration Remote administration 5 1 3 2 Configuring an admis
239. g function 427 cannot be called 343 Logical Unit LU 427 login authorization 428 LOGON authorization 428 long output format FTAC log record 287 log record 283 290 lose privileged status FT profiles 195 LU logical unit 427 M MAX ADM LEVELS 171 maximum length of path administered instance 106 message file for console commands 63 message length at transport level 206 messages ftcrei 165 ftdeli 183 ftmodi 203 minimum trace 213 modify admission set 198 an instance ftmodi 202 FT profile 221 FTAM portnumber 218 instance 61 operating parameters 204 partner properties 241 monitoring 45 activating deactivating 210 deactivating for partners 211 partner specific 211 request specific 210 monitoring data displaying as achart 46 displaying if monitoring is disabled for partners 297 displaying in tabular format 46 further processing 46 monitoring data from other systems displaying 46 N name administered instance 106 symbolic 379 384 ncopy no free transport connection 344 NCP Network Control Program 428 network heterogeneous 425 homogeneous 425 Network Control Program NCP 428 454 openFT Windows Administration Index network description file 428 new installation 67 70 non execution asynchronous requests 32 notational conventions 18 143 notify name of the local system 80 number of requests maximum 207 number of simultaneous requests 26 o open computer networ
240. g it in the Windows Explorer The trace file is then automatically formatted and loaded into the openFT Editor Displaying diagnostic information Unlike trace files diagnostic records are written only if an error occurs You can output these diagnostic records with the ftshwd command You can output the diagnostic records in the openFT Explorer using the Show Diagnosis Information command in the Administration menu Message file for console commands In order to use the diagnostic trace information in console output the output is also stored in the file conslog conslog is located in the log directory of the openFT instance see Instance directory on page 68 openFT Windows Administration 63 Diagnosis Tasks of the administrator You can output the messages in the openFT Explorer using the Show Console Messages command in the Administration menu Output diagnosis information with diaginfo The diaginfo command allows you to create further diagnostic information To do this start diaginfo with the a option and redirect output to a file Example diaginfo a gt diag txt You can then make this diagnostics file available to the Customer Service team 64 openFT Windows Administration Tasks of the administrator Save restore configuration data 2 15 Save and restore configuration data You should back up the configuration data of your openFT instance at regular intervals This ensures that you will
241. g parameters of the local openFT system Alongside the standard output and output in CSV format output may also be specified as a platform specific command sequence In this way it is possible to save the settings and then load them onto another computer The FT administrator can set or modify the operating parameters with the ftmodo command The transfer admission of the ADM trap server is not output with the default output format and CSV output format It only appears as a command sequence in the output px pw p2 pz Format ftshwo h csv px pw p2 pz Description h Displays the command syntax on the screen Entries after the h are ignored csv The operating parameters are output in CSV format The individual values are separated by semicolons px The operating parameters are output as a command string This can be called as a shell procedure on Unix systems in order to regenerate the identical operating parameters pw The operating parameters are output as a command string This can be called as a batch procedure on Windows systems in order to regenerate the identical operating parameters p2 The operating parameters are output as a command string This can be called as an SDF procedure on BS2000 OSD systems in order to regen erate the identical operating parameters pz The operating parameters are output as a command string This can be called as a Clist procedure on z OS systems in order t
242. g table indicates the CSV output format of instances that can be remote administrated Column Type Values Name String Value enclosed in double quotes Description String Value empty Type String GROUP INSTANCE AccessFtAdm String YES NO NONE Specifies if reading and modifying FT accesses are allowed YES corre sponds to FT administrator rights or not NO NONE for Type GROUP AccessFtacAdm String YES NO NONE Specifies if reading and modifying FTAC accesses are allowed YES correponds to FTAC administrator rights or not NO NONE for type GROUP AccessFtOp String YES NO NONE Specifies if reading FT accesses are allowed YES or not NO NONE for Type GROUP Example ftshwc csv Name Description Type AccessFtAdm AccessFtacAdm AccessFtOp location Liverpool GROUP NONE NONE NONE location D MS kensington road GROUP NONE NONE NONE location D MS RZ FT FT CT4 location D MS RZ FI E418 GROUP NONE NONE NONE T SYS1 Linux8 1 INSTANCE YES YES YES location D R shakespear square GROUP NONE NONE NONE location D R RZ QA QA IT center GROUP NONE NONE NONE location D R RZ QA SYS2 Solaris 10 INSTANCE YES NO YES location D R RZ QA SYS1 location D R RZ QA SYS1 TEM3 HP 11 INSTANCE NO YES NO
243. gement IBF enabled Delete files Inbound Receive IBR enabled and Write mode overwrite in profile Display directories Inbound File Management IBF enabled Create rename and delete Inbound File Management IBF enabled directories and direction from partner in profile openFT Windows Administration 173 fitcrep openFT commands ff t m p r a I ff c ff defines the FT function for which the FT profile can be used With the exception of c these letters can be combined in any way tm mt mr c must not be combined with other values t transfer The FT profile can be used for the file transfer functions Transfer files Display file attributes and Delete files modify file attributes The FT profile can be used for the file transfer functions Display file attributes and Modify file attributes processing The FT profile can be used for the file transfer functions File Preprocessing or File Postprocessing The FT function Transfer files must also be permitted Specification of p has no significance for profiles with a file name prefix fnp or a file name fn since in this case the first character of the file name or file name prefix decides whether the profile can only be used for preprocessing and postprocessing I or only for file transfer file management no I The use of follow up processing is not controlled by f but by If and ls
244. h as partner list logging files request queue etc 428 openFT Windows Administration Glossary openFT Monitor Program that allows the monitoring data for openFT operation to be shown in the form of a chart openFT Monitor requires a graphics capable terminal openFT partner Partner system which is communicated with using openFT protocols openFT protocols Standardized protocols for file transfer SN77309 SN77312 openFT FTAM Add on product for openFT for BS2000 Unix systems and Windows systems that supports file transfer using FTAM protocols FTAM stands for File Transfer Access and Management ISO 8571 openFT Script openFT interface providing an XML based script language that includes file transfer and file management functions This interface allows you to combine several file transfer or file management requests to form a single openFT Script request openFT Script commands Commands used for administering openFT Script requests operating parameters Parameters that control the resources e g the permissible number of connections outbound request outbound submission Request issued in your own processor outbound receive Request issued locally for which a file is received in the local system outbound send Request issued locally for which a file is sent from the local system openFT Windows Administration 429 Glossary owner of an FT request Login name in the local sys
245. h containing spaces has been entered in the PATH system environment variable before the openFT installation path If the service starts automatically when the system is booted then these entries are not active yet and the service will start normally They will then be activated later on but SYSTEM will not be able to access them because it does not have the proper rights Solution Clean up the path openFT Windows Administration 345 What if initialization errors occur in user32 dll or kernel32 dll under Windows when follow up processing is started Cause The system environment variable PATH contains path inaccessible UNC paths network drives Solution Clean up the path and use only local accessible paths Performance note The RFC1006 protocol is far more efficient than communicating via LANINET If you use the TNS ftmodo tns y you should therefore set the RFC1006 protocol for TNS entries in Windows systems In BS2000 the type of the global BCMAP entry determines the protocol type if the PTSEL I entry exists RFC1006 is used 346 openFT Windows Administration What if Actions in the event of an error 7 1 Actions in the event of an error If in spite of precautions an error occurs which neither the FTAC administrator nor the system administrator can rectify please contact your local Fujitsu Technology Solutions contact partner In order to simplify error diagnosis you should
246. hat are addressed via this or these protocol type s are then traced You can modify the selection made here on a partner specific basis see the tr option in the ftmodptn command on page 245 openFT Windows Administration 211 ftmodo openFT commands a all All protocol types and consequently all partners are selected for tracing openft All partners addressed via the openFT protocol are selected for tracing ftam All partners addressed via the FTAM protocol are selected for tracing ftp All partners addressed via the FTP protocol are selected for tracing adm All partners addressed via the FTADM protocol are selected for tracing No protocol type selected If you specify trp without parameters then no partner is selected for tracing In this case only those partners for which tracing has been activated on a partner specific basis using ftmodptn tr n are traced see page 245 trr I r a s This option allows you to select the request types that are to be traced The value or r can be combined with a or s Boolean AND e g la al ls IS n I local All locally submitted requests are selected for tracing r remote All remotely submitted requests are selected for tracing a asynchronous All asynchronous requests are selected for tracing Requests issued remotely are always regarded as asynchronous s synchronous All synchronous requests are selected for tracing Synchronous re
247. he ADM privilege i e if the owner of the admission set is the ADM administrator Format ftshwa h lt user ID 1 36 gt a s csv Description h Displays the command syntax on the screen Entries after the h are ignored user ID a s specifies the user ID for which the admission set is to be displayed user ID As the FTAC administrator you can specify any login name desired If a login name longer than 8 characters is specified the first 7 characters are output followed by an asterisk openFT Windows Administration 255 ftshwa openFT commands a for user ID When entered by the FTAC administrator a displays information on the standard admission set and all admission sets that differ from it When entered by the FT administrator who is not the FTAC administrator a displays information on the own admission set the standard admission set and the admission set of the FTAC administrator s for user ID returns information only on the standard admission set If you specify a non existent login name the current standard admission set is displayed for this login name user ID not specified FTAC displays information on the admission set of the login name under which ftshwa was entered csv Specifying csv indicates that the FT admission sets are to be output in the CSV format The values in the output are separated by semicolons csv not specified The FT admission sets are out
248. he ADM traps The columns designate the events for which traps may be generated SS STATE Change of the status of the openFT subsystem row CONS only FT STATE Change of the status of the asynchronous server PART STATE Change of the status of partner systems PART UNREA Partner systems unreachable RQ STATE Change of the status of request administration openFT Windows Administration 309 ftshwo openFT commands Field name Meaning and values TRANS SUCC Requests completed successfully TRANS FAIL Failed requests Command option FUNCT The settings for monitoring MONITOR row and tracing TRACE row are output in this section The individual columns have the following meanings SWITCH Function monitoring or tracing activated ON or deactivated OFF PARTNER SELECTION Selection based on the partner system s protocol type Possible protocol types OPENFT FTP FTAM ADM administration partner can also be output under TRACE ALL means that all protocol types have been selected i e tracing monitoring is possible for all partner systems NONE means that no protocol type has been selected REQUEST SELECTION Selection based on the request type The following are possible ONLY SYNC ONLY ASYNC only synchronous or only asynchronous requests ONLY LOCAL ONLY REMOTE only locally or only remotely submitted requests ALL means no restriction i e all r
249. he Windows Control Panel and specify the first two characters of the LANG variables in lowercase letters as the value for OPENFTLANG de and en The following table shows how settings or lack of settings for OPENFTLANG and the locale set in the control panel work OPENFTLANG Language setting Result Not set empty or invalid Invalid value The language set on instal value lation Not set empty or invalid Valid language Language set with language value German or English setting Valid value de or en Not evaluated Language set with OPENFTLANG The changed language setting takes effect as soon as a program such as the openFT Explorer the openFT Editor or the Windows command prompt is called again If a program was active before the change you must first close it and then restart it openFT Windows Administration 37 Administering requests Tasks of the administrator 2 7 Administering requests The request queue stores all asynchronous outbound requests and all inbound requests As the administrator you can e obtain information about all asynchronous requests on your system that are not yet completed This includes the right to query information about all requests of all users You can display the request queue with the ftshwr command e modify the processing order of all requests on your system including those of other users You can do this by using the ftmodr command e cance
250. he command is entered Your entry is not displayed to prevent unauthorized persons from seeing the transfer admission To exclude the possibility of typing errors the program prompts you to enter the transfer admission a second time If you just press lt ENTERs gt this has the same effect as specifying a user ID As the FTAC administrator you can specify any login name here a for user ID As the FTAC administrator you can obtain information on the FT profiles of all login names As the ADM administrator you can obtain information on the own FT profiles and the ADM profiles adm for user ID As the FTAC or ADM administrator you obtain information on ADM profiles user ID not specified displays only profiles belonging to the user s own login name regardless of who issues the command 312 openFT Windows Administration openFT commands ftshwp s not specified if no profile name is specified displays all the FT profiles belonging to the login name under which the ftshwp command is issued Otherwise displays information on the FT profile with the specified name l displays the contents of the selected FT profiles In long form the entire contents of the selected FT profiles are displayed The USER ADM parameter contains the following information the login name for which an admission profile is valid or if it is an ADM profile whether or not it is valid for a specific password of the l
251. he file protection attributes Repeat the command 412 openFT Windows Administration Appendix Messages for administration commands 69 70 71 73 74 Error accessing file lt 2 gt Meaning lt 2 gt DMS error Measure Take appropriate measures depending on the error code Configuration data invalid Meaning The configuration data is syntactically or semantically incorrect and can therefore not be imported Measure Correct the error on the basis of the additional diagnostic output and then repeat import of the configuration data Import of configuration data not possible while remote administration server is started Meaning The changes to the configuration data are so extensive that they can only be imported when the remote administration server has been terminated Measure Terminate openFT using the ftstop command and then attempt to import the configuration data again Command aborted Meaning The user has cancelled the command Command only permissible for ADM administrator on a remote administration server Meaning The command is only permitted for the ADM administrator Measure Have the ADM administrator execute the command if necessary openFT Windows Administration 413 Messages for administration commands Appendix 9 4 3 Messages for remote administration With the following messages the value for fthelp must be increased by 2000 e g 2052 instead of 52
252. he functions in the online help of the openFT Explorer openFT Windows Administration 55 FTAC environment Tasks of the administrator 2 12 Administering the FTAC environment The term FTAC environment refers to the admission sets and admission profiles present on your system 2 12 1 Administering admission sets As the FTAC administrator you specify the standard admission set and can view modify and delete the standard admission sets for all users in the system The FTAC administrator is also responsible for specifying the ADM administrator initially by setting the ADM privilege in the admission set of the ADM administrator see section Defining the ADM administrator on page 101 Standard admission set The standard admission set applies to all login names The user can restrict this admission set further The user can override the entries in the standard admission set only if you as FTAC administrator modify the admission set of the user accord ingly or if you set up a privileged FT profile Following an initial installation or preinstallation of openFT the standard admission set is set so that file transfer is possible without restriction As FTAC administrator you should therefore adapt the standard admission set to the protection requirements on your processor Displaying and modifying admission sets Admission sets can be viewed using the ftshwa command The entries made by the FTAC admin
253. he transport address used by the partner to log in does not correspond to the entry in the partner list the request is rejected AUTHM Authentication is activated NOKEY No valid key is available from the partner system although authen tication is required ADDRESS Address of the partner system ROUTING Routing info of the partner system if specified The routing info is only output with ftshwptn l IDENTIFICATION Identification of the partner system if specified The identification is only output with ftshwptn l openFT Windows Administration 323 ftshwr openFT commands 6 38 ftshwr Display request properties and status The ftshwr show requests command allows you to request information about FT requests You can specify selection criteria in order to obtain information about specific FT requests The FT administrator can obtain information about the requests of any owner Format ftshwr hI ua lt user ID 1 36 gt ua a ini I ini r ini Ir ini rl st a st w st l st c st f st h st s pn lt partner 1 200 gt fn lt file name 1 512 gt s l l csv lt request ID 1 2147483647 gt Description h Displays the command syntax on the screen Entries after the h are ignored ua user ID ua a You use ua to specify the user ID for which requests are to be displayed user ID As a user you can only specify your own user ID As an
254. her defined explicitly with the instance or that is inherited from parent elements associated group parent group or an access list defined before all groups instances An openFT instance without an access list access lists that has been either explicitly set or implicitly inherited cannot be administered e You can explicitly control the scope of inheritance in an access list of a child group or for an openFT instance You can deactivate inheritance using the optional attribute InheritFrom Parent In this event you must define a separate access list for this instance in which you specify the administration permissions for the remote administrators You can expand or restrict inherited permissions for particular remote administrators AllowFunction and DenyFunction attributes under lt AccessEntry gt Entries which deny a function to a specific remote administrator take priority over entries that permit a function for a specific remote administrator Additional entries in access lists for groups are also inherited by child groups 114 openFT Windows Administration Central administration Remote administration Defining an access list An access list starts with the XML tag lt AccessList gt There is no limit to the maximum number of access lists in the configuration file The access list can be defined at different places in the file See page 114 And access list has the following attribute e Optional attribute
255. his option activates deactivates the AET Application Entity Title y A nil Application Entity Title is included as the calling or called Application Entity Title AET for transfer using the FTAM protocol default value n The AET is deactivated The option only has to be reset to ae n if FTAM link partners as responders do not expect to receive an AET dp n dp f This option allows you to activate or deactivate the dynamic entries in the partner list n on This activates the dynamic partner entries Partners can then be accessed via their address even if they are not entered in the partner list f off This deactivates the dynamic partner entries i e partners cannot be accessed via their address As a result it is only possible to use partners that are entered in the partner list and are addressed via the partner name openFT Windows Administration 219 ftmodo openFT commands Examples 1 The identification of your own instance is to be set to host hugo net ftmod o id host hugo net 2 Only partners from the partner list are to be permitted ftmod 3 Flags ftmod o dp f the local openFT instance as a remote administration server o admcs y 4 Only the asynchronous inbound servers for the openFT and FTAM protocols are to be activated ftmodo acta openft ftam 220 openFT Windows Administration openFT commands ftmodp 6 22 ftmodp Modi
256. hoice instance std and start via Administration Start Asynchronous Server or by command ftstart e Bring the first node online using Move Group e Create a new instance cluster and check it OPENFT is the hostname of the cluster OPENFT XYZ NET the corresponding DNS name the directory S openFT must exist the directory S openFT cluster may not exist ftcrei cluster S openFT cluster addr OPENFT XYZ NET ftshwi a 1 Instance Address Directory cluster OPENFT XYZ NET S openFT cluster std P870_DDM C Program Files openFT var std e Select the cluster instance in the drop down list of the openFT Explorer and start asynchronous openFT server automatically openFT Explorer Administration Operating Parameters activate the option Start Asynchronous Server Automatically Starting the service openFT cluster will automatically start the asynchronous openFT server e Store the user password for the new instance via openFT Explorer or command ftsetpwd e f you use authentication on the cluster instance public keys of partner systems must be stored in the directory S openFT7 cluster syskey respectively make the public key of the directory S openF7T cluster config available for partner systems openFT Windows Administration 393 openFT in a Windows cluster Appendix Configuration on second node PN70_DDM e Stop asynchronous openFT server see above e If Use TNS is active Adapt the TNS entries FJAM FJAMO
257. horization LOGON authorization Transfer admission authorizing access to a computer The LOGON authori zation normally consists of user ID account number and password and authorizes the user to make use of interactive operation Network Control Program NCP Operating system of the front end processor for SNA hosts network description file File used up to openFT V9 that contains specifications concerning remote systems FT systems open computer network Computer network in which communication is governed by the rules of ISO OSI Interoperation of different computers from various vendors is made possible by defined protocols openFT Explorer openFT program that provides a graphical user interface that allows file transfer and administration functions to be performed openFT installation directory Path under which openFT is installed This path can be freely selected during interactive installation It can be set with the INSTALLDIR parameter during unattended installation The default path depends on the language setting and the version of the Windows operating system Default Program Files openFT openFT instance Several openFT systems so called openFT instances can be running simultaneously on a cluster of a TCP IP network Each instance has its own address instance ID and is comprised of the loaded code of the openFT products including add on products if they are available and of the variable files suc
258. ic information on operational states in the form of a CMX return code or an FTAM or openFT diagnostic code FTNEA diagnostic codes have the format NEBFnnnn NEABF or NEBDnnnn NEABD The following openFT diagnostic codes have been defined Value Meaning 0 No cause specified Connection setup normal There is a resource bottleneck WO rm There is a resource bottleneck the connection will be set up later by the rejecting entity Initialization is not yet complete SHUTDOWN is in progress The requesting entity is unknown A protocol error has occurred A transport error has occurred A system error has occurred This code is reserved for SN77309 part 5 gt O DOINI IO oO Ss a oO The connection is not accepted without encryption FTAM diagnostic codes have the format FTAMnnnn and values from the ISO 8571 3 standard An extract of possible diagnostic codes taken from the standard can be found in the section of the same name in the User Guide openFT Windows Administration 335 ftshwr openFT commands The following values are only output for FTAM partners STOR ACCOUNT Account number is output only if specified by the user AVAILABILITY Possible values IMMEDIATE DEFERRED Is output only if specified by the user ACCESS RIGHTS Access mode Possible values combinations of r i p X e a c d Is output onl
259. icated by openFT are assigned security level 10 e Partners that are known in the transport system are assigned security level 90 e Partners which are only accessed via their IP address e g FTP partners are assigned security level 100 This automatic mechanism can be activated on a partner specific basis ftaddptn and ftmodptn or globally by means of ftmodo If the security level is not specified at the partner system then openFT uses the global settings in the operating parameters ftmodo Here it is also possible to specify a fixed security level as the default The security level of a partner entry is taken into account when a user wants to process a request via this partner entry FTAC compares the security level of the partner entry with the security level for this function e g inbound sending specified in the user s admission set If the security level in the admission set is lower than that in the partner entry the request is rejected by FTAC Ifa privileged FTAC profile is used for the request it can override the restrictions defined in the admission set 44 openFT Windows Administration Tasks of the administrator Monitoring with openFT 2 9 Monitoring with openFT openFT provides the option of monitoring and displaying a range of characteristic data for openFT operation The data falls into three categories e Throughput e g total network throughput caused by openFT e Duration e g processing time for a
260. ication Access Method Byte Stream File Transfer Common Application Environment Comit urop en de Normalisation Comit urop en de Normalisation lectrotechnique Communication Manager Unix Systems Data Communication Access Method Data Communication Method Data Encryption Standard Deutsches Institut f r Normung German standards institute Domain Name Service Extended Binary Coded Decimal Interchange Code Europ ischer Normen Vorschlag European prestandard File Access Data Unit File Job Access Method openFT Windows Administration 441 Abbreviations FSB Forwarding Support Information Base FSS Forwarding Support Service FT File Transfer FTAC File Transfer Access Control FTAM File Transfer Access and Management ISO 8571 FTPS FTP via SSL TLS GPL Gnu Public License GSM Global System for Mobile Communication ISAM Index Sequential Access Method ISO International Organization for Standardization LAN Local Area Network LMS Library Maintenance System MSV Mittelschnelles Synchron Verfahren Medium fast synchronous method NDMS Network Data Management System NIS Network Information Service OSI Open Systems Interconnection OSS OSI Session Service PAM Pluggable Authentication Modules PCMX Portable Communication Manager Unix Systems PICS Protocol Implementation Conformance Statement PLAM Primary Library Access Method 442 openFT Windows Administration Abbreviations RFC1006 SAM
261. if the partner has only been identified by its address PRI Priority of a partner with respect to the processing of requests NORM Normal priority LOW Low priority HIGH High priority TRACE The global settings for partner selection in the openFT trace function apply FTOPT The global setting for partner selection in the openFT trace function applies ON _ The trace function is activated for this partner However a trace is only written if the global openFT trace function is also activated For details see section Activating partner specific trace on page 349 OFF The trace function is deactivated for this partner LOC Shows the number of file transfer requests addressed to the partner system entered in the local system REM Shows the number of file transfer requests issued by the remote FT system and addressed to the local FT system P CHK Shows the settings for sender verification and authentication FTOPT The global setting for sender verification applies 322 openFT Windows Administration openFT commands ftshwptn STD Checking of the transport address is deactivated Only the identi fication of the partner is checked The transport address of the partner is not checked even if extended sender verification is activated globally T A Checking of the transport address is activated The transport address of the partner is checked even if checking of the transport address is deactivated globally If t
262. ified in the form x or X a for transfer admission deletes either the FT profile specified by profile name see above or all of your FT profiles openFT Windows Administration 187 ftdelp openFT commands As the FTAC administrator you must specify a if you want to delete FT profiles belonging to other login names since you actually should not know the transfer admission n for transfer admission As the FTAC administrator you can specify n if you only want to delete FT profiles of other login names which do not have any defined transfer admissions transfer admission not specified causes to query the transfer admission on the screen after the command is entered Your entry is not displayed to prevent unauthorized persons from seeing the transfer admission To exclude the possibility of typing errors the program prompts you to enter the transfer admission a second time If you just press lt ENTERs gt this has the same effect as specifying a user ID As the FTAC administrator you can specify any login name a for user ID If you specify a as the FTAC administrator FT profiles belonging to all login names are deleted adm for user ID If you specify adm as the FTAC or ADM administrator ADM profiles are deleted user ID not specified deletes only profiles belonging to the user s own login name regardless of who issues the command s not specified if a is specified for profile name
263. ights must still be assigned If it is likely that during subsequent openFT operation settings will not only be read but also modified e g in order to start or terminate openFT it is advisable to select READ WRITE at this point Otherwise the specification READ would be quite sufficient openFT Windows Administration 77 Deinstallation Installation and configuration Installing the openFT sub agent Proceed as follows e From the Control Panel select Add or Remove Programs Select openFTV11 0A00 from the list of currently installed programs and press the Change button e Inthe dialog Application Maintenance select the Modify option and press the Next gt button e Inthe Select Features dialog select the SNMP agent feature for installation and press the Next gt button After confirming the selection the openFT SNMP sub agent will be installed The MIB Management Information Base file openFTMIB txt will be stored in the directory openFT installation directory snmp e After installation of the SNMP sub agent the SNMP service must be restarted 3 1 6 Deinstallation openFT openFT CR and PCMX 32 can only be uninstalled separately This must be done in the following order 1 openFT CR if installed 2 openFT 3 PCMX 32 The software may be uninstalled using Add or Remove Programs from the Control panel 78 openFT Windows Administration Installation and configuration Activities after installation
264. iguration file or choose a different name and repeat the command Resulting file name too long Meaning The filename has the wrong syntax or is too long Specifying a partially qualified filename may be the cause of the error Measure Repeat the command using the correct syntax openFT Windows Administration 411 Messages for administration commands Appendix 64 65 66 67 68 File locked to prevent multiple access Meaning The command was not executed because the file is already locked by another process Measure Repeat the command later File not found Meaning The command was not executed because the specified file was not found Measure Correct the file name and repeat the command Not enough space for file Meaning The command was not executed because the permitted storage space on the local volume is exhausted Measure Take appropriate measures depending on the cause of the error Delete any files that are no longer required or Request the system administrator to assign more storage space Syntax error in resulting file name Meaning The file cannot be accessed because the absolute file name has become too long for instance Measure Shorten the path or the file name Repeat the command Access to file denied lt 2 gt Meaning The command was not executed because the file only permits certain access modes e g read only Measure Correct the file name or t
265. ile with the same name must exist in the directory 190 openFT Windows Administration openFT commands ftexpe u user ID1 user ID2 user ID3 u specifies the login names whose FT profiles and admission sets are to be saved to a file Up to 100 login names can be specified simulta neously u not specified all FT profiles and admission sets on the system are saved to the specified file pr profile namei profile name2 profile name3 n specifies the FT profiles to be saved to the specified file up to 100 n for profile name no FT profiles are saved pr not specified all FT profiles belonging to the login names specified in the u parameter are saved as y as n specifies whether or not the admission sets should be saved to the specified file Possible values are y default value all admission sets belonging to the login names specified in the u parameter are saved n no admission sets are saved admzy adm n specifies whether or not the ADM profiles i e FT profiles with the property access to remote administration server corresponding to fitcrep ff c should be saved to the specified file Possible values are y default value all ADM profiles are saved n no ADM profiles are saved Example The admission set and the FT profiles belonging to the login name donald are to be saved ftacsave is specified for the backup file ftexpe ftacsave u donald openFT Windo
266. ile with this name can be transferred If the file name ends with unique or UNIQUE this string is replaced during the file transfer by a string which changes for each new call In Windows systems this string is 18 characters long In addition a suffix separated by a dot may be specified after unique or UNIQUE e g filel unique txt Only the already converted file name is displayed in both the log and the messages If file name starts with a I pipe character then it is interpreted as a preprocessing or postprocessing command see also the corresponding section in the user guide fn not specified or fn omitting fn means that the FT profile allows unrestricted access to all files under the login name exception see fnp fnp file name prefix restricts access to a set of files whose names begin with the same prefix FTAC adds the character string specified as file name prefix to the file name in the request and attempts to transfer the file with the expanded name For example if this option is specified as fnp scrooge and the request contains the file name stock the file transferred is scrooge stock In this way you can designate the files you have released for transfer If the fnp option was used to specify a prefix the file name specified in the request must not contain the character string This disables uninten tionally changing directories You should also ensure that there is no chance for a symbolic link to
267. iled descriptions of the ftcrei ftmodi ftupdi and ftdeli commands in chapter openFT commands for the administrator starting on page 139 The ftseti and ftshwi commands are described in the openFT for Windows systems User Guide 62 openFT Windows Administration Tasks of the administrator Diagnosis 2 14 Diagnosis To support error diagnostics you can switch a trace on or off trace files and output diagnostic information These functions are primarily intended for the Maintenance and Diagnostic Service of Fujitsu Technology Solutions Switching on and off trace mode You can switch the trance mode on or off with the FT command ftmodo or via the openFT Explorer dialog Operating Parameters from the Administration menu When the trace mode is enabled the diagnostic data is written to trace files which must be edited for further diagnostics Preparing trace files The trace files are located in the directory traces of the respective openFT instance see Instance directory on page 68 The trace files can be displayed in the openFT Explorer using the Open Trace File command in the Administration menu Further possibility In the openFT Explorer navigate to the directory traces and in the object window open a trace file using the View command from the context menu You will find a detailed description of each of the functions in the online help Alternatively you can open the trace file by double clickin
268. ime when the log record was written FUNCTION FT function TRANSFER FILE Transfer file READ FILE ATTR Read file attributes DELETE FILE Delete file CREATE FILE Create file possible only in requests submitted in the remote partner system 288 openFT Windows Administration openFT commands ftshwl output MODIFY FILE ATTR Modify file attributes READ FILE DIR Read directories CREATE FILE DIR Create file directory DELETE FILE DIR Delete file directory MODIFY FILE DIR Modify file directory LOGIN Login Inbound FTP access This log record is written if incorrect admission data was specified for inbound FTP access openFT Windows Administration 289 fishwl output openFT commands 6 33 1 6 Long output format of an ADM log record Examples The option rt a causes only ADM log records to be output 1 ADM log record on a client ftshwl rt a 1 LOGGING ID 27 RC 0000 TIME 2009 06 19 04 22 56 TRANS FROM REC TYPE ADM FUNCTION REM ADMIN TRANS ID 190845 PROFILE SEC OPTS ENCR DICHK RSA 768 AES 256 INITIATOR ftadmin USER ADM ftadmin PARTNER flexthom ADM CMD ftshwo ADMIN ID ROUTING Muenchen Jonny 2 ADM log records on the remote administration server ftshwl rt a 1 nb 3 LOGGING ID 400 RC 0000 TIME 2009 06 19 13 22 56 TRANS T0 REC TYPE ADM FUNCTION REM ADMIN TRANS ID 65608 PROFILE adminacc SEC OPTS ENCR DICHK
269. in front of the follow up processing specified in the FT request and attempts to execute the resulting command For example if this option is specified as fp print and the request specifies file name as follow up processing FTAC executes print file name as follow up processing Prefix and suffix and follow up processing command must together not be longer than 1000 characters Please also bear in mind the information provided on the f option If a suffix was defined with fs the character set available for specifying follow up processing in the FT request is restricted to alphanumeric characters letters and digits the special characters _ a period between alphanumeric characters lfp not specified FTAC sets no prefix in front of the follow up processing specified in the request in the event of unsuccessful file transfer openFT Windows Administration 179 ftcrep openFT commands lfs command6 Ifs defines a suffix for follow up processing in the local system in the event of unsuccessful file transfer FTAC then sets the character string commando after the follow up processing specified in the FT request and attempts to execute the resulting command For example if this option is specified as fs file name and the request specifies print as follow up processing FTAC executes print file name as follow up processing Prefix and suffix and follow up processing command
270. in the empty format for the P selector and the S selector if you do not wish to or have to set explicit values for the P selector or the S selector openFT Windows Administration 383 Remote TS application for openFT Appendix 9 2 3 Definition of a remote TS application for openFT In openFT partners with version 8 1 and later you must ensure that the name by which requests are processed with this partner correspond to the instance ID of the remote system If there is any doubt a TNS input whose global name is the instance ID is needed For each further partner system which is to be accessible for requests issued locally it is necessary to make a TNS entry In both of the cases described above additional TNS entries must be made for the partner systems and separate names assigned to the partner systems The entries are made in the TNS User Interface As symbolic name GLOBAL NAME you must use an alphanumeric name containing up to 78 characters No special characters may be used except for o as separator e The entry behind the hash is used to differentiate entries with the same prefix In this way it is possible to enter a partner who has several addresses several times with the same name prefix This is only useful for inbound requests Here the partner system is always displayed with the same partner address corresponding to the prefix You are free to select the symbolic name However
271. ing started the asynchronous openFT server executes both asynchro nously issued requests as well as file transfer requests issued on the remote system You can start and stop the asynchronous openFT server manually via the via jtstart and ftstop commands or via the openFT Explorer with the Adminis tration Start Asynchronous Server or Administration Stop Asynchronous Server functions or 32 openFT Windows Administration Tasks of the administrator Setting operating modes 2 4 Setting operating modes The openFT service can run under user rights or system rights By default the service is started under system rights 2 4 1 Running the service under system rights This operating mode is the default setting and is recommended if more than one user is working on one system and true multi user operation is required e g on a central Windows server It is recommended to retain this default setting Notes e The service is automatically started up when the operating system is started up unless this has been explicitly deactivated via the administration facilities e The access to the file system and to the files in the network is performed exclusively with the rights of the user involved i e for inbound requests requests with initiative in the partner system the owner of the FTAC profile or the initiator of the request who identified himself or herself with user id password for outbound request the user who su
272. inistration requests including ADM traps that can be processed simultaneously RQ LIM Maximum number of file transfer requests that ftmodo rql can simultaneously be present in the local system s request queue MAX RQ LIFE Maximum lifetime of requests in the request ftmodo rqt queue in days TU SIZE Upper limit for message length at transport ftmodo tu level in bytes KEY LEN Length of the RSA key currently used to ftmodo kl encrypt the AES DES key CCS NAME Name of the character set used by default for ftmodo ccs file transfer requests see page 215 306 openFT Windows Administration openFT commands ftshwo Field name Meaning and values Command option PTN CHK Setting for sender verification ADDR address STD identification ftmodo ptc DYN PART Setting for dynamic partner entries ON activated OFF deactivated ftmodo dp SEC LEV Default security level for partners in the partner list for which no security level has been set 1 100 Fixed security level 1 is the lowest and 100 the highest security level B P ATTR The security level is depending on the partner s attributes i e 10 if the partner has been authenticated 90 if the partner is known in the transport system 100 otherwise i e if the partner has only been identified by its address ftmodo sl FTAC LOG Scope of FTAC logging ALL All FTAC access checks MODIFY
273. ion For connecting to an older version of openFT on BS2000 OSD OS 390 or z OS openFT needs a sender address With a processor link the name of your processor is also sent as the sender address The network administrator for your processor has stipulated the node name for your processor uname n With installation of openFT the node name is automatically entered as the processor name In this case you do not have to take any action More details on the ftmodo command and the id p and options can be found in the description on the ftmodo command starting on page 204 Activating and disabling the automatic startup of openFT The asynchronous openFT server for each openFT instance created with ftcrei is preset so that it is not automatically started when the system is booted You can activate and deactivate automatic startup of the asynchronous openFT server in the openFT Explorer by choosing Administration Operating Parameters General and toggling the Start Asynchronous Server Automatically option Saving of log records in files followed by deletion The logging file can grow indefinitely and fill the disk on which it is saved It is therefore extremely important that this file be monitored and purged on a regular basis You can set the scope of logging i e what log records are to be written in the openFT Explorer under Administration Operating Parameters General or using the ftmodo command openFT Windows A
274. ion 175 231 129 actions lt AdministratorID gt tag 107 system wide 142 specifying logging 210 activate administrator asynchronous FTAM server 216 remote administration server 199 asynchronous FTP server 216 administrator privileges asynchronous inbound assign 198 server 216 admission check 292 openFT Windows Administration 447 Index admission profile 418 CSV output format 371 for collecting monitoring data privileged 418 431 timestamp 239 admission set 418 backup 59 CSV output format modify 198 privileged 418 431 ADMPR_ 101 Advanced Encryption Standard AES 418 AES Advanced Encryption Standard 418 AES key 128 bit 80 256 bit 80 AES RSA_ 80 AET 204 AET Application Entity Title AllowFunction granting administration permissions 116 ANSI code 418 API Application Program Interface 418 Application Entity Title activating deactivating 204 Application Entity Title AET 418 Application Program Interface API 418 asynchronous inbound server activating 216 deactivating 216 asynchronous request 419 asynchronous requests defining maximum number 182 357 418 207 B basic functions 419 block length station link 26 BS2000 not accessible 342 Cc CCS name defining default 215 central administration 93 change order of requests 247 character repertoire 419 checklist for FTAM 387 client 419 CLIST procedure partner properties 319 cluster 61 cluster configuration TNS entries 380 clu
275. ional conventions README Preface 1 5 Notational conventions The following notational conventions are used throughout this manual typewriter font typewriter font is used to identify entries and examples italics In running text names variables and values are indicated by italic letters e g file names instance names menus commands and command options indicates notes pi o Additional conventions are used for the command descriptions see page 143 1 6 README files Information on any functional changes and additions to the current product version can be found in product specific README files You will find the files on your computer under the directory openFT You can view the README files with an editor or print them out on a standard printer 1 7 Current information on the Internet Current information on the openFT family of products can be found in the internet under http ts fujitsu com openft 18 openFT Windows Administration Preface License provisions 1 8 License provisions The following provisions apply to the use of libxml2 and Secure FTP Use of libxml2 libxml2 is used for processing XML data This contains the XML C Parser and an XML toolkit ibxm 2 was originally developed for the Gnome project but can also be used outside Gnome libxml2 is freeware available under the MIT license Copyright c lt 2008 gt lt Daniel Veillard gt Permission is hereby granted free
276. is protected by a firewall and is to be accessible from the outside the FJAM input port must be released in the firewall TNS entries for a new installation Depending on the platform a maximum of the following entries are made layout after exporting in a text file FIAM TSEL OSITYPE T FJAM TSEL ANSBKA T FJAM TSEL WANFAR T FJAM TSEL RFC1006 T FUAM TSEL LANINET A 1100 APPTYPE openFT FIAMOUT TSEL OSITYPE T FUJAMOUT TSEL ANSBKA T FJAMOUT TSEL ANFAR T FJAMOUT TSEL RFC1006 T FUAMOUT TSEL LANINET A 1101 APPTYPE openFT FTAM SEL OSITYPE T FTAM SEL ANSBKA T FTAM SEL WANFAR FTAM TSEL RFC1006 T FTAM TSEL LANINET A 4800 SSEL yee PSEL v APPTYPE openFT TranSON as TA RFC1006 127 0 0 1 PORT 4444 A SOCKS4 APPTYPE PROXY The TranSON entry is created by PCMX 32 openFT Windows Administration 381 TNS entries created automatically Appendix The local TS application FJAM is the contact for inbound requests from openFT partners FJAMOUT for outbound requests to openFT partners The local TS application FTAM is the contact for all inbound and outbound requests with FTAM partners As of V11 the transport selector for the FTAM application was changed from SNI FTAM to FTAM TNS entries for an update installation The following applies with an update insta
277. is to the partner system and to the local system When an FTAM partner modifies the access rights of a local file two log records are written The direction BOTH is specified in each Name of the profile used INITIATOR Request initiator If initiated in the local system login name If initiated in the remote system REMOTE openFT Windows Administration 287 ftshwl output openFT commands USER ADM Login name to which the requests in the local system refer PARTNER Identifies the partner system in question The name in the partner list or the address of the partner system possibly truncated to 8 characters or the name under which the partner system is entered in the TNS is output In the case of requests issued from a remote computer it is also possible for strange to be output followed by a part of the address of the partner system if the partner system is not entered in the TNS and TCP IP RFC1006 was not used as the transport system In this case strange followed by the DTE address of the partner system is shown for X 25 links in Windows for example FILENAME Local file name RC Reason code Specifies whether a request was successful RC 0 or if not why it was rejected or cancelled You can use the fthelp command to obtain further information REC TYPE Specifies whether the log record is an FTAC log record PRIV Specifies whether or not the FT profile being used is privileged TIME Specifies t
278. istration server accepts the administration request checks the authorization and forwards the request to the openFT instance that is to be administered In addition as remote administrator you can use ftadm to query the following information from the remote administration server see the section Remote administration commands on page 160 You can determine what openFT instances you are authorized to administer and what remote administration permissions you have for these instances You can read the ADM traps that the openFT instances you are administering have sent to the remote administration server For this to be possible the remote administration server must also be configured as an ADM trap server for the administered openFT instances For details see the section ADM traps on page 129 Format ftadm h c cs lt partner 1 200 gt ri lt routing info 1 200 gt lt command 1 8192 gt lt transfer admission 8 67 gt d Description h Displays the command syntax on the screen Entries after the h are ignored C Specifies whether the user data i e the command and the command output is to be transferred in encrypted form Itis only possible to specify c if openFT CR is installed If openFT CR is not installed c is suppressed in the command syntax and a syntax error is generated if c is specified openFT Windows Administration 153 ftadm openFT commands
279. istrator are listed under MAX ADM LEVELS the user entries under MAX USER LEVELS The smaller value is valid in each case You can also view admission sets in the openFT Explorer by clicking on the Admission Sets object You will find a detailed description of each of the functions in the online help The settings in the admission set apply to all users initially As the FTAC administrator you can assign an individual admission set for each user in the system or modify an existing one The ftmoda command is available for this purpose 56 openFT Windows Administration Tasks of the administrator FTAC environment Using admission sets properly With an openFT request outbound and inbound the admission specified in the admission set is compared with the FTAC security level of the partner concerned see also page 44 To protect your processor against attempted intrusion you should set the inbound properties in the admission set as restrictively as possible for user IDs with administrator rights i e at least prohibit inbound processing 1 For secure operation you should prevent all inbound admissions in the standard admission set e g by using the command ftmoda s os 100 or 100 is 0 ir 0 if 0 ip 0 2 For each user to whom inbound request may be processed you as FTAC administrator should set all parameters of the corresponding admission set to 100 3 Recommend all users to change th
280. it must be unique in the local system The further entries to be made depends on the how the remote system is connected to the network The entries must be made in TRANSDATA format indicator T You can obtain the information required to make the entries from the network administrator 384 openFT Windows Administration Appendix Remote TS application for openFT 9 2 3 1 Sample entries for openFT partners The following examples are created using the TNS User Interface Values in italics may be changed e Partner address entry for openFT for Windows for transfer via TCP IP RFC100 Global Name jtwin Application type openFT P selektor lt none gt S selektor lt none gt T selektor TRANSDATA FJAM Port number 1100 Proxy lt none gt System name transport system dependent e Partner address entry for openFT for BS2000 OSD for transfer via TCP IP RFC100 Global Name ftbs2 Application type openFT P selektor lt none gt S selektor lt none gt T selektor TRANSDATA FJAM Port number 102 Proxy lt none gt System name transport system dependent e Partner address entry for transfer via TranSON Global Name fttranson Application type openFT P selektor lt none gt S selektor lt none gt T selektor TRANSDATA FJAM Port number 1100 Proxy TranSON System name transport system dependent The global application TransON with the proxy address is registered during the installation of PCMX 32 openFT
281. ive The request is currently being processed WAIT wait The request is waiting In this case the partner system PARTNER may be indicated This indication shows the cause of the WAIT state LOCK locked The request is temporarily excluded from processing This state may occur both for openFT and for FTAM partners With openFT partners e g when a resource bottleneck is encoun tered or when external data media must be made available With FTAM partners when one of the partners proposes a waiting period until the next start or recovery attempt via the FTAM protocol and this period exceeds the delay normally permitted openFT Windows Administration 327 ftshwr openFT commands In this case the partner system PARTNER may be indicated This indication shows the cause of the LOCKED state CANC canceled The request was cancelled in the local system However the remote system is aware of its existence e g because it was previously active Therefore the request cannot be removed from the request queue until a connection to the partner has been re established FIN finished This status arises for requests involving FTAM partners when the request has been either completed or cancelled but the user has not yet been informed of the fact HOLD hold The start time specified when the request was issued has not been reached SUSP suspend The request was interrupted PARTNER Name or address of the partner s
282. k the file is transferred as scrooge stock In this way you can designate the files you have released for transfer If the fnp option was used to specify a prefix the file name specified in the request must not contain the character string to avoid unintentionally changing directories You should also ensure that there is no chance for a symbolic link to cause a jump to another place in the file tree openFT Windows Administration 233 ftmodp openFT commands Y unique or UNIQUE cannot be used for a file name prefix In the case of a file transfer request the user can use a file name ending with UNIQUE or UNIQUE suffix or Yunique or Yunique suffix to generate a unique file name with the prefix specified here A file name prefix which starts with the character indicates that the FTAC profile can only be used for file transfer with preprocessing and postprocessing since the file name created using the prefix and the name specified for the ncopy or ft command also starts with the character In this case no follow up commands may be specified unless the filename prefix under Windows starts with cmd c or amp cmd c The following strings may not be specified two dots dot backslash This makes it impossible to navigate to higher level directories file name prefix can be up to 511 characters in length fn allows you to cancel a file name prefix entry see above Special cases e Y
283. k 420 openFT automatic start 81 ending 32 starting 32 starting stopping SNMP 88 openft protocol prefix 40 openFT commands 139 openFT Explorer 428 openFT for BS2000 partner 429 protocols 429 openFT installation directory 68 openFT instance defining in remote administration openFT instances 61 openFT Monitor 46 openFT monitoring activating deactivating 210 openFT operation controlling 26 openFT partner activating deactivating tracing 212 addressing 40 openFT port number modifying 217 openFT protocol addressing with 40 openFT subagent starting 86 109 openFT trace function activating deactivating 211 partner specific 211 openFT CR_ 68 79 openFT FTAM 429 openFTScript 68 operating modes 33 operating parameters 26 429 CSV output format 368 display 305 modifying 204 remote administration server OSI reference model 426 outbound receive 429 request 429 send 429 submission 429 OUTBOUND RECEIVE 257 OUTBOUND SEND 257 output ADM trap 263 logrecords 279 output in CSV format ftshwa 257 357 ftshwatp 359 ftshwc 360 ftshwl 361 ftshwm 364 ftshwo 368 ftshwp 371 ftshwptn 374 output information 101 146 onthe reasoncodes 192 owner 430 of FT request 430 P partner CSV output format 374 displaying properties 317 entering in partner list 148 removing from partner list 252 partner address 144 openFT Windows Administration 455 Index partner list 39 148 removing p
284. l accessible computers 1A5String Character repertoire for files transferred to and from FTAM partners identification Procedure making it possible to identify a person or object openFT Windows Administration 425 Glossary inbound file management Request issued in a remote system for which directories or file attributes of the local system can be displayed file attribute modified or local file deleted inbound follow up processing Request issued in a remote system with follow up processing in the local system inbound receive Request issued in the remote system for which a file is received in the local system inbound request inbound submission Request issued in another system i e for this request inbound send Request issued in a remote system for which a file is sent from the local system to the remote system initiator Here FT system that submits an FT request instance entity A concept of OSI architecture active element in a layer Also see openFT instance instance ID A network wide unique address of an openFT instance integrity Unfalsified correct data following the processing transfer and storage phases interoperability Capability of two FT systems to work together ISO OSI reference model The ISO OSI Reference Model is a framework for the standardization of communications between open systems ISO International Standards Organization 426 openFT Windows Ad
285. l asynchronous requests on your system including those of other users You can do this by using the ftcanr command You can also view the request queue in the openFT Explorer by clicking on the Request Queue object window In addition you can also execute the following functions via the openFT Explorer Cancellation of asynchronous requests Update the request queue Change the priority of requests You will find detailed descriptions of the functions in the online help of the openFT Explorer 38 openFT Windows Administration Tasks of the administrator Administering partners 2 8 Administering partners openFT allows you to perform file transfers with a number of different partner systems These partner systems may be accessible via different transport systems and protocols To allow you to administer these partner systems efficiently and facilitate your work openFT provides the partner list and the Transport Name Service TNS The TNS can be approached in the openFT Explorer via Administration Partner TNS Addresses openFT Explorer additionally provides the Partner object directory in which the individual partner systems are shown Partner list You enter the address of a partner system and give it a symbolic name in the partner list This name can be used to address the partner in all FT requests This applies to both requests sent via the openFT Explorer and requests which are issued by means of a com
286. lProc String Value enclosed in double quotes empty RemCcsn String STD Value enclosed in double quotes FileSize Number Value empty RecSize Number Value empty RecFormat String STD VARIABLE FIX UNDEFINED StoreTime yyyy mm dd Value hh mm ss ExpEndTime yyyy mm dd_ Value empty hh mm ss TranspMode String YES NO DataEncrypt String YES NO TabExp String AUTO YES NO Mail String ALL FAIL NO DiagCode String Value empty FileAvail String IMMEDIATE DEFERRED NSPEC StorageAccount String Value empty AccessRights String Values empty LegalQualif String Value empty PartnerPrio String LOW NORM HIGH TargetFileForm String STD BLOCK SEQ TargetRecForm String STD UNDEFINED Protection String STD SAME openFT Windows Administration 377 Structure of CSV Outputs Appendix Short output of ftshwr in CSV format ftshwr s csv Outputs a table with two rows indicating the number of requests that have the corresponding status Example ftshwr s csv Act Wait Lock Susp Hold Fin Total 013 0303 25033 378 openFT Windows Administration Appendix Entering transport system applications in the TNS 9 2 Entering transport system applications in the TNS As of openFT V10 it is no longer necessary to use the TNS for linking over TCP IP If you nevertheless use the TNS for instance if you link to transport systems other than TCP IP or you wish to make use
287. le ISO 8859 1 upper half byte WO jc o 10 lt 0 10 0 Ql ao sa oa ss a gt QO LU oO fo eo fw wo oo Bl o o o a AQ PZ O O 0 0 JO x a ao O fel p fel fret fect fot WE On ty fot fst fet fe fee Mj o H N oO 2 j e alr ol a iS T gt lt 23 eja a a Ola i riTl 2 n D BR alolye ol as gt eB xX gt N i o ojajoldoloj ol c x lElcsc vial Ol cjole dDl gt lz xi gt N l gt l lt T O L O Osas wWJu s OJ Ts jo lt j4 Ss Zz MIOlr INI M N OlNR O vj nya au oi l a l sttoaf l Al lo f olr iaj oi ojoj nilolioj lt jnlojlaAjw q rey 13m0 Code table ISO 8859 1 355 openFT Windows Administration Code tables Diagnosis 356 openFT Windows Administration 9 Appendix 9 1 Structure of CSV Outputs 9 1 1 ftshwa The following table indicates the CSV output format of an admission set Column Type Values Userld String Value enclosed in double quotes UserMaxObs Number Value UserMaxObsStd String YES NO UserMaxObr Number Value UserMaxObrStd String YES NO UserMaxlbs Number Value UserMaxlbsStd String YES NO UserMaxlbr Number Value UserMaxlbrStd String YES NO UserMaxlbp Nu
288. lid v must not be specified with a standard admission profile d yyyymmdd specifies the period during which the transfer admission can be used The FT profile is disabled when this period has expired You can specify an eight digit date e g 20170602 for June 2 2017 The transfer admission can no longer be used after 0 00 hours on the specified day The largest possible value which can be specified as the date is 20380119 January 19 2038 d must not be specified with a standard admission profile d not specified default value no period is specified for using the transfer admission 170 openFT Windows Administration openFT commands ftcrep u pr u pu with u you can control how FTAC reacts when someone attempts to create an FT profile with the same transfer admission Normally the transfer admission must be disabled immediately Transfer admissions that do not require as much protection are desig nated as public This means that they are not disabled even if a user attempts to assign another transfer admission of the same name pr default value the transfer admission is disabled as soon as someone under another login name attempts to specify a transfer admission of the same name private In this case the values for u and d are set to their default values at the same time pu the transfer admission is not disabled even if someone attempts to specify a transfer admission of the same name public
289. llation e At most those TNS entries are created that are also created with a new installation e If entries of the form FJAM_OUTBOUND ftstd or ftstdisdn are present they are deleted e All existing entries other than FJAM_OUTBOUND ftstd or ftstdisdn are retained unchanged The same also applies if a version of openFT lt V8 1 was installed as TNS entries are not deleted on uninstallation 382 openFT Windows Administration Appendix Local TS application for openFT FTAM 9 2 2 Definition of the local TS application for openFT FTAM If you wish to use openFT FTAM the local application FTAM must be defined This is done automatically during new installation or full installation and update installation if no F TAM entry is present The local application FTAM is used for all request with FTAM partners outbound and inbound Special points With the TCP IP LAN transport system two entries must be made for the symbolic name e an RFC1006 entry with the transport selector Enter the relevant symbolic name FTAM as transport selector The entry must be made TRANSDATA format indicator 7 e aLANINET entry with the port number The port number is specified in ASCII format You make the entries via the TNS User interface GUI More details on this topic can be found in the online help of the TNS User interface The GLOBAL NAME FTAM is fixed T FTAM is recommended for the transport selector You must reta
290. llows 1 Activate the Interface Trace option under Administration Operating Parameters Trace 2 Stop the openFT service using the control panel and then restart it Deactivation is performed in the same way 1 Deactivate the Interface Trace option under Administration Operating Parameters Trace 2 Stop the openFT service using the control panel and then restart it Note that the interface trace is extremely extensive and can slow down operation of openFT For this reason you should only activate the interface trace if this is required for diagnostic purposes 8 1 2 Viewing trace files You can either view trace files directly in the openFT Explorer or open them in an editor after preparing them with the fttrace command Files which have the suffix fttf are prepared directly and are display in the openFT editor when double clicking on such a file in the openFT Explorer File with the suffix fttf are protocol trace files Their names begin with Y or S Files with the suffix PPE are interface trace files The names of the trace files have the following format Yoddhhmm Sssccc Pppppp tttf Protocol trace files for synchronous outbound requests Soddhhmm Sssccc 000 fttf Protocol trace files for the control process Soddhhmm Sssccc iii fttf Protocol trace files for the server processes that handle asynchronous outbound requests and inbound requests 350 openFT Windows Administration Diagnosi
291. lp 2 12 3 Saving the FTAC environment When migrating individual users to another processor or when migrating the complete processor it is possible to provide the users with the same FTAC environment by saving the admission sets and FT profiles and restoring them on the new processor Furthermore you can also created backup copies of the FTAC environment on your processor by this method Saving admission sets and FT profiles You can use the ftexpe command for backups You can select the admission sets and FT profiles which you wish to save for particular users You must specify the name of the backup file openFT Windows Administration 59 FTAC environment Tasks of the administrator In all cases the standard admission set is not included in the backup Instead all the values of an admission set that refer to the standard admission set repre sented by an asterisk in the display are stored as variables This means that when they are restored they will receive the value of the standard admission set valid at the time You can also save admission sets and admission profiles via the openFT Explorer using the Export FTAC Environment command in the Administration menu You will find a detailed description of each of the functions in the online help Displaying saved admission sets and FT profiles You can display saved admission sets and FT profiles with the ftshwe command You must specify the name of the backup file
292. lso regarded as Unix systems 438 openFT Windows Administration Glossary variable length record A record in a file all of whose records may be of different lengths The record length must either be specified in a record length field at the start of the record or must be implicitly distinguishable from the next record through the use of a separator e g Carriage Return Line Feed virtual filestore The FTAM virtual filestore is used by FT systems acting as responders to make their files available to their partner systems The way a file is represented in the virtual filestore is defined in the FTAM standard see file attributes VisibleString Character repertoire for files transferred to and from FTAM partners WAN Wide Area Network A public or private network that can span large distances but which runs relatively slowly and with higher error rates when compared to a LAN Nowadays these definitions have only limited validity Example in ATM networks openFT Windows Administration 439 Glossary 440 openFT Windows Administration Abbreviations ACSE AES AET ANSI ASCII BCAM BSFT CAE CEN CENELEC CMX DCAM DCM DES DIN DNS EBCDIC ENV FADU FJAM Association Control Service Element Advanced Encryption Standard Application Entity Title American National Standards Institute American Standard Code for Information Interchange Basic Commun
293. ly able to authenticate the partner see page 49 am not specified The authentication mode is unchanged tr n tr f tr You can use this option to modify the operating parameter settings for the partner selection for the openFT trace function on a partner specific basis n on The trace function is active for this partner or for all the partners However a trace is only written if the openFT trace function has been activated via the operating parameters In this case this setting for ftmodptn takes priority over the partner selection for the trace function in the operating parameters See page 204ff ftmodo tr option f off The trace function is deactivated for this partner or for all partners openFT Windows Administration 245 ftmodptn openFT commands neither n nor f specified tr without parameters means that the operating parameter setting for the partner selection in the openFT trace function applies see the ftmodo command on page 204 tr not specified The setting for the trace function is unchanged 246 openFT Windows Administration openFT commands ftmodr 6 24 ftmodr Change the property of requests With the ftmodr command you can change the priority of requests you have issued or of a group of requests for example all the requests to a particular partner Furthermore you have the option of changing the order of requests within a priority As the FT administrator you c
294. m that uses FTAM protocols for communication FTP protocol Manufacturer independent protocol for file transfer in TCP IP networks 424 openFT Windows Administration Glossary functional standard Recommendation defining the conditions and the forms of application for specific ISO standards equivalent term profile The transfer of unstruc tured files is defined in the European Prestandard CEN CENELEC ENV 41 204 file management is defined in the European Prestandard CEN CENELEC ENV 41205 gateway Generally understood to mean a computer that connects two or more networks and which does not function as a bridge Variants gateway at network level router or OSI relay transport and application gateway gateway processor Communication computer that links a computer network to another computer network The mapping of the different protocols of the various computer networks takes place in gateway processors general string Character repertoire for file files transferred to and from FTAM partners GraphicString Character repertoire for files transferred to and from FTAM partners heterogeneous network A network consisting of multiple subnetworks functioning on the basis of different technical principles homogeneous network A network constructed on the basis of a single technical principle HOSTS file Network administration file that contains the Internet addresses the processor names and the alias names of al
295. mand openFT Windows Administration 343 What if If the data file already contains modifications to the admission sets and or profiles then you should enter the following commands cd C Program Files openFT var std config ftstop nove sysfsa dat sav sysfsa dat del sysfsa idx ftshwa del sysfsa dat nove sav sysfsa dat sysfsa dat dcheck b sysfsa fFtstart Explanation If sysfsa idx is defective it must be recreated To do this you must first back up the sysfsa dat file that you want to create You then use ftshwa to create a new sysfsa dat file which you immediately delete and replace with the backed up sysfsa dat file The resulting file pair can now be re used If this attempt also fails you must delete the admission set and admission profile and make new entries to ensure a consistent state You are not given a free transport connection for an ncopy request This may occur with an connection to an non TCP IP network e g X 25 Check the configuration settings for the corresponding transport system Check the partner address in the partner entry or in the partner list If you are working with TNS check your TNS entries and check whether TNS use is activated in the case of ftshwo the value YES must be displayed for USE TNS otherwise activate TNS use with ftmodo tns y Check the address settings in the operating parameters the openFT message Remote transfer admission invalid app
296. mand via the program interface or via the openFT Script interface Although entry in the partner list is optional it offers the following advantages For each request you may enter the short symbolic name and do not have to note the possibly complex partner address You can enter routing information should the partner only be accessible via a gateway You can specify a partner instance ID which differs from the standard ID You can make certain partner specific attribute settings e g the security level the sender verification the status activated deactivated and tracing Partner systems with which file transfer is frequently performed should always be entered in the partner list For more detailed information see section Setting up and administering the partner list on page 82 Transport Name Service Partner systems only have to be entered in the TNS if they are not connected via the TCP IP transport system To use the TNS you must explicitly activate the function in the operating parameters To do this you either enter the ftmodo tns y command or activate the Use TNS operating parameter option via the openFT Explorer For details see section Entering transport system applications in the TNS on page 379 openFT Windows Administration 39 Administering partners Tasks of the administrator The Partner object directory in the openFT Explorer The Partner object directory in the openFT
297. mber Value UserMaxlbpStd String YES NO UserMaxlbf Number Value UserMaxlbfStd String YES NO AdmMaxObs Number Value AdmMaxObsStd String YES NO AdmMaxObr Number Value AdmMaxObrStd _ String YES NO AdmMaxlbs Number Value AdmMaxlbsStd String YES NO AdmMaxlbr Number Value AdmMaxlbrStd String YES NO AdmMaxlbp Number Value openFT Windows Administration 357 Structure of CSV Outputs Appendix Column Type Values AdmMaxlbpStd String YES NO AdmMaxlbf Number Value AdmMaxlbfStd String YES NO Priv String YES NO Password String YES NO AdmPriv String YES NO 358 openFT Windows Administration Appendix Structure of CSV Outputs 9 1 2 ftshwatp The following table indicates the CSV output format of an ADM trap log record Column Type Values Trapld Number Value Source String Value enclosed in double quotes TrapTime yyyy mm dd hh mm ss Value TrapType String Value PartnerState String Value Transid Number Value Ralnitiator String Value enclosed in double quotes REM PartnerName String Value enclosed in double quotes FileName String Value enclosed in double quotes RgErr String Value enclosed in double quotes RqErrMsg String Value openFT Windows Administration 359 Structure of CSV Outputs Appendix 9 1 3 ftshwe The followin
298. ments which are written in the first lines of the public key files when a key pair set is created The syspkf comment is a text file that you can edit The comments could for example contain the contact information of the FT admin istrator on duty the computer name or similar information that is important for partners The lines in the file syspkfcomment can only be a maximum of 78 characters long Using the command ftupdk you can also import subsequent comments from this file into existing public key files If a public key file were accidentally deleted you could re create the public key files of the existing key pair set using ftupdk If you want to replace a key pair set with a completely new one you can create anew key pair set using ftcrek You will recognize the most up to date public key by the highest value key reference in the file name openFT supports a maximum of three key pair sets at a time The existence of several keys however should be temporary until you have made the most up to date public key available to all partner systems Thereafter you can delete key pair sets that are no longer needed using ftdelk Deleted key pair sets can not be restored using ftupdk openFT Windows Administration 51 Authentication Tasks of the administrator You can also create and administer RSA key pair sets using the openFT Explorer To do this choose the relevant command from Administration Key Pair Set Management
299. ministration Glossary job Sequence of commands statements and data job transfer Transfer of a file that constitutes a job in the receive system and is initiated as a job there kernel group Group of file attributes of the virtual filestore that encompasses the kernel attributes of a file library File with internal structure elements library element Part of a library A library may in turn be subdivided into a number of records Local Area Network LAN Originally a high speed network with limited physical extension Nowadays any network that uses CSMA CD Token Ring or FDDI irrespective of the range see also WAN Wide Area Network local system The FT system at which the user is working logging function Function used by openFT to log all file transfer accesses to the protected system log record Contains information about access checks performed by openFT FTAC log record or about a file transfer or remote administration request which is started when the access check was successful FT log record or ADM log record Logical Unit LU Interface between an application program and the SNA data communica tions network The LU type describes the communications characteristics openFT Windows Administration 427 Glossary Login authorization Transfer admission to a computer which as a rule consists of the login name and the password and authorizes dialog operation see also LOGON aut
300. ministration Installation and configuration New installation Steps performed automatically During installation the following steps are carried out automatically The use of the TNS is deactivated Default TNS entries are generated for openFT if no TNS entries yet exist otherwise they are adapted see the section TNS entries created automat ically on page 381 The operating parameters e g maximum number of requests that can be processed simultaneously maximum block length scope of FT and FTAC logging setting of the CCS port numbers for the asynchronous inbound servers are set to default values In addition the following applies The FTP server is deactivated The name of the processor is entered as the processor name The DNS name of the computer if one exists is pre set as the instance ID for the standard instance When there is no DNS name the name of the computer is used for the instance ID The instance directory for the default instance ist set up see page 68 The path depends on your operating system New installation under Windows XP Windows Server 2003 The instance specific files are located in the directory openFT installation directory var std By default the openFT installation directory is ProgramFiles openFT but the user can change this to a different directory New installation under Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 The instanc
301. mission profile monitor that only allows monitoring data to be output Assign onlyftmonitor as the transfer admission The command is as follows ftcrep monitorl onlyftmonitor ff tp fnp FTMONITOR The purpose of the blank after FTMONITOR is to automatically separate any options specified during the call from the command A profile such as this can be used to call the openFT monitor e g using the ftmonitor command and in the ncopy command The admission profile is only valid for communicating via the openFT protocol You will find further details in the section Monitoring with openFT on page 45 182 openFT Windows Administration openFT commands fideli 6 10 ftdeli Deactivate an instance The ftdeli command allows you to deactivate an instance Deactivating an instance removes the instance from the openFT instance administration The instance file tree is not changed The standard instance std and the currently set instance can not be deleted Format ftdeli h lt instance 1 8 gt Description h Displays the command syntax on the screen Entries after the h are ignored instance Name of the instance to be deactivated Using the ftshwi a command displays the names of all instances Messages of the ftdeli command If ftdeli could not be executed properly a self explaining message is output The exit code is not equal zero in this case Examples 1 The instance inst from the directory
302. mmand Format fttrace h d sl n sl I sl m sl h cxid lt context id gt f hh mmiss t hh mmiss lt tracefile gt lt tracefile gt Description h Outputs the command syntax on screen Any specifications after h are ignored d Specifies that the trace files are to be output in hexadecimal format dump format If you do not specify d then the files are output in printable form default value sl n sl I sl m sl h Specifies the security level for the output n no No security requirements i e all the data is output This includes IDs passwords file names etc low Passwords are overwritten with XXX m medium Passwords user IDs account numbers and follow up processing commands are overwritten with XXX Default value if s is not specified h high Passwords user IDs account numbers follow up processing commands and file names are overwritten with XXX 352 openFT Windows Administration Diagnosis Trace files cxid context id Selects the trace entries on the basis of the context ID If you omit cxid or specify cxid without a context ID then trace entries are output for all context IDs f hh mm ss from Specifies the time as of which trace entries in the trace file are to be evaluated You enter the time in the format hours minutes seconds 2 digits each If you do not specify a start time then trace entries are output from the st
303. mmands 6 33 ftshwl Display log records With ftshwl you can obtain information on all openFT requests logged up to now by openFT If you are the FT FTAC or ADM administrator you can view log records of all user IDs The log records are stored in the file syslog This file is located in the log directory of the relevant openFT instance see also Instance directory on page 68 For details on other instances see the command ftcrei on page 164 The log records are marked as FT FTAC and ADM log records respectively which means that you can determine the type of log record from the output For every request there is an FTAC log record in which you can find the result of the FTAC admission check For transfer requests openFT logs whether it can actually execute this request in FT log records and for remote administration requests in ADM log records The following applies IfFTAC rejects a transfer request as a result of a negative access check only an FTAC log record exists and no FT log record An FT log record is only written after the file has been successfully created or opened If for instance it is not possible to find a file no FT log record is written If no options are specified openFT outputs the current log record If options are specified openFT outputs all log records up to the time specified in the com mand in reverse chronological order i e starting from the most recent record to the oldest rec
304. mparison with a single computer openFT Windows Administration 419 Glossary Comma Separated Value CSV This is a quasi tabular output format that is very widely used in the PC environment in which the individual fields are separated by a semicolon It permits the further processing of the output from the most important openFT commands using separate tools communication controller gt SCE preprocessor compression This means that several identical successive characters can be reduced to one character and the number of characters is added to this This reduces transfer times computer network open gt See open computer network Component of the FTAM file attribute access control part of the security group in the virtual filestore that controls concurrent access connectivity In general the ability of systems and partners to communicate with one another Sometimes refers simply to the communication possibilities between transport systems constraint set Component of the document type contents type File attribute in the virtual filestore attribute of the kernel group that describes the file structure and the form of the file contents data communication system Sum of the hardware and software mechanisms which allow two or more communication partners to exchange data while adhering to specific rules data compression Reducing the amount of data by means of compressed representation
305. mplicitly changed and set to 64 If a high load is to be expected the FT administrator can increase this value in particular if the openFT instance is also used as an ADM trap server See page 129 openFT Windows Administration 101 Remote administration Central administration For reasons of performance it is recommended that a separate computer that only handles remote administration tasks and that possibly also acts as the ADM trap server is used as the remote administration server 5 1 2 3 Setting up admission profiles for accessing the remote administration server To ensure that the remote administrators obtain access to the remote administration server the ADM administrator must set up special admission profiles with the property Access to Remote Administration Server ACCESS TO ADMINISTRATION The owner of these admission profiles is always the ADM administrator and never the remote administrator for whom access using such a profile is set up It is urgently recommended that you set up a separate admission profile for each remote administrator in order to make it clear which remote administrator has made changes to which openFT instance As ADM administrator enter the command ftcrep with the option ff c ftcrep profile name transfer admission ff c profile name Identifies this profile name You must enter this name in the configuration file when you define the remote administrator See page 107 transf
306. must be unique and not case sensitive see also section Instance Identifications on page 49 If you modify the instance ID the relevant public key files will be automatically updated p processor name You specify the processor name assigned to your system here l station name The station name of the openFT application The default value is FJAM The specifications for processor name and station name depend on how your system is connected to the network Further details can be found in the chapter Installation and configuration on page 67 sl security level sl p You use this option to define the default security level This level applies to partners in the partner list to which no explicit security level value has been assigned as well as to partners which are not entered in the partner list The effect also depends on the settings for the admission set see the ftmoda command on page 198 security level Specifies a fixed default security level Values between 1 and 100 are permitted 1 indicates a very low and 100 a very high requirement for protection with regard to the partners p The default security level depends on the partner s attributes Security level 10 if the partner has been authenticated Security level 90 if the partner is known in the transport system and is identified by the name it is known by in the transport system Security level 100 otherwise i e if the partner has only been id
307. n 172 openFT Windows Administration openFT commands ftcrep inbound receive was disabled by the user but if it was disabled by the FTAC administrator it is also necessary that he she grant privileged status to the FT profile n default value restricts the profile to the value in the admission set for the basic function inbound follow up processing preprocessing postpro cessing iif y iif n iif ignore inbound file management allows the values for the basic function inbound file management in the admission set to be ignored for details see imi y allows the basic function inbound file management to be used even if it is disabled in the admission set Specifying this option is enough as long as the basic function inbound file management was disabled by the user but if it was disabled by the FTAC adminis trator itis also necessary that he she grant privileged status to the FT profile n default value restricts the profile to the value in the admission set for the basic function inbound file management The following table shows which subcomponents of the file management can be used under which conditions Inbound file management Values of the admission set function or extension in profile Display file attributes Inbound Send IBS enabled Modify file attributes Inbound Receive IBR and Inbound File Management IBF enabled Rename files Inbound Receive IBR and Inbound File Mana
308. n If you have not yet installed any version of openFT on your computer or if openFT V8 0 or earlier is installed the installation is a new installation Tasks required of the system administrator 1 If openFT version 8 0 or earlier and possibly add on products are already installed then you should proceed as follows Save admission profiles and admission sets that are still needed in an external file using frexpe Uninstall openFT CR openFT and the add on products Install the openFT V11 product software When doing this please note the following On a system in which the openFT installation takes place in a dialog you need to answer a question during installation asking you if you have a valid openFT FTAM license and a valid openFT FTP license Only activate this option if you have a valid license for openFT FTAM or openFT FTP Depending on the responses openFT FTAM and or openFT FTP is installed or not The host name ftmodo p and the identification ftmodo id are set automatically during initial installation You should check that these values are correct Import the saved admission sets and admission profiles using ftimpe All security levels in the admission sets that were previously set at 1 are automatically converted to 90 The standard admission set is re set After these steps openFT will be fully operational and will be activated at each system startup 70 openFT Windows Ad
309. n have the following values ET FTMOD FTAC FT FTAC PTAC FT FTAC FTMOD E MOD FTAC Specifying FTMOD denies FT access for modification Specifying FT denies FT access for reading and modification Specifying FTAC denies FTAC access for reading and modification Combinations mean that both functions are denied This means for example that FTAC FTMOD means that neither FTAC access nor FT access for modification is permitted In other words read FT access only is permitted which corresponds to specifying FTOP under AllowFunction 116 openFT Windows Administration Central administration Remote administration Example lt Group Name HH1 Description QA Computer Center gt lt AccessList gt lt AccessEntry AdministratorID Jack AllowFunction FT FTAC gt lt AccessEntry AdministratorID Mike AllowFunction FT FTAC gt lt AccessList gt lt Instance ame HHWSRV02 Description HP 11 Address ftadm HHWSRVO2 hhw mycompany net Admission hhwsrv02remote gt a m S lt Instance ame HHWSRV11 Description Solaris 9 Address HHWSRV11 hhw mycompany net Admission hhwsrvllremote ode Legacy gt lt AccessList gt lt AccessEntry AdministratorID Mike DenyFunction FTAC gt lt AccessList gt lt Instance gt lt Group gt 5 1 2 6 Importing the configuration The configuration defined in the co
310. n names The instance ID is a unique name up to 64 characters long which must not be case sensitive An instance ID may consist of alphanumeric characters as well as special characters It is advisable to use only the special characters and The first character must be alphanumeric or be the special character The character can only be used as an initial oy character An alphanumeric character must follow a In order to ensure the network wide uniqueness of the instance ID you should proceed as follows when allocating the instance IDs Ifthe openFT instance has a network address with a DNS name you should use this as the ID You can create an artificial DNS name for an openFT instance by placing another part of a name in front of an existing neigh boring DNS name separated by a period openFT Windows Administration 49 Authentication Tasks of the administrator e Ifthe openFT instance does not have a DNS name but is connected to a TCP IP network you should use the following ID IPv4 ipn n n n n n n n is the IPv4 address of the local openFT instance without leading zeros in the address components IPV6 ip6f x x x x x x x x without scope ID or IPV6 ip6 x x x x x xix x s with Scope ID where x x x x x x x x is the IPv6 address of the local openFT instance and s is the scope ID of the local network card You currently allocate these IDs for yo
311. n page 119 openFT V11 0 REMOTE ADMINISTRATION corresponds to ftcrep f a openFT lt V11 0 TRANSFER FILE FILE PROCESSING corresponds to ftcrep ff tp e Optional attribute Mode The string Legacy can be specified for the Mode attribute This means that the openFT instance is an instance lt V11 0 that can only be administered using ftexec In this case no protocol prefix ftadm is allowed to be specified in the partner address e Optional attribute DataEncryption The string Yes can be specified for the DataEncryption attribute This means that the user data exchanged between the remote administration server and the openFT instance to be adminis tered is transferred in encrypted form If the DataEncryption attribute is missing the user data is not encrypted when it is transferred DataEncryption Yes can only be specified if openFT CR is installed both on the remote administration server and on the instance that is to be adminis tered 112 openFT Windows Administration Central administration Remote administration An instance can contain the following element e Optional access list with the tag lt AccessList gt The access list allows you to define non standard permissions for individual remote administrators that only apply to this instance You can extend or restrict the inherited permis sions or deactivate inheritance and specify other permissions For a detailed description of the
312. nce This can be called in Windows systems as a batch procedure in order to generate partner entries with identical properties The properties of the partner systems are output as a command sequence This can be called in BS2000 systems as an SDF procedure in order to generate partner entries with identical properties The properties of the partner systems are output as a command sequence This can be called in z OS systems as a CLIST procedure in order to generate partner entries with identical properties l CSV px pw p2 pz not specified If you do not specify any of these options then the partners properties are output in their abbreviated form openFT Windows Administration 319 ftshwptn openFT commands Output format of ftshwptn Examples Ftshwptn NAME STATE SECLEV PRI TRACE LOC REM P CHK ADDRESS Testsys ACT STD NORM FTOPT 0 0 FTOPT D123S456 mydomain com tam01 ACT 5 NORM FTOPT 0 0 ftam i1p123 11 22 33 tamfsc ACT STD NORM FTOPT 0 0 ftam PCO1 tt net tamdex ACT STD NORM FTOPT 0 0 ftam PC02 102 TS1 PS1 BS2HOST DEACT STD LO FTOPT 0 0 BS2HOST tp001 ACT STD LOW FTOPT 0 0 ftp UX000002 tshwptn 1 NAME STATE SECLEV PRI TRACE LOC REM P CHK ADDRESS ROUTING IDENTIFICATION pingftam ACT 50 NORM OFF 0 0 ftam PING homenet de PINGO ACT STD NORM ON 0 0 T A PINGPONG homenet de 1234 PINGPONG homenet de rout0001 ACT STD HIGH FTOPT 0 O FTOPT INCOGNITO ROUTO1 INCOGNITO id new servftp ACT B P A
313. nce to other terms in this glossary absolute path name The entire path name from the root directory to the file itself access control File attribute in the virtual filestore attribute of the security group that defines access rights access protection Comprises all the methods used to protect a data processing system against unauthorized system access access right Derived from the transfer admission The access right defines the scope of access for the user who specifies the transfer admission action list Component of the file attribute access control attribute of the security group in the virtual filestore that defines access rights ADM administrator Administrator of the remote administration server This is the only person permitted to modify the configuration data of the remote administration server ADM partner Partner system of an openFT instance with which communication takes place over the FTADM protocol in order to perform remote administration ADM traps Short messages sent to the ADM trap server if certain events occur during operation of openFT ADM trap server Server that receives and permanently stores the ADM traps It must be configured as a remote administration server openFT Windows Administration 417 Glossary administrated openFT instance openFT instances that are able to be administered by remote administrators during live operation admission profile Way of
314. ndows Administration 4 Administering openFT via SNMP In order to administrate openFT via SNMP your processor must be have a the Microsoft SNMP Server You have to install the SNMP sub agents for openFT explicitly see section Installation of the SNMP subagent on page 77 4 1 Activities after installation After installation of openFT different activities are required 1 If your system is not already being administered with SNMP you will need to activate administration via SNMP You will need a community string with write authorization to administer openFT via the openFT subagent If you only have read authorization then only information can be output via SNMP In this case you will not be able to change values or perform starts or stops see also page 87 For further details please refer to section Installing the SNMP service on page 77 2 Start the agent see below You will find a list of activities performed by the SNMP administrator in the documentation for the management station used Consult your SNMP documentation to obtain information on security mechanisms openFT Windows Administration 85 Starting the openFT subagent SNMP 4 2 Starting the openFT subagent The openFT subagent is registered with the SNMP service when the openFT SNMP function is installed To start the openFT subagent you must stop and restart the SNMP service once following installation After this the openFT su
315. nfiguration file still has to be converted to the internal optimized format which in turn activates it To do this the ADM administrator enters the command ftimpc at the remote administration server ftimpc xml file xml file identifies the configuration file that you have created previously See page 104 Alternatively you can perform this action in the openFT Explorer Administration menu Remote Administration Import Configuration command The file can be imported during live operation After the configuration file has been imported the remote administration server is ready for operation It is able to accept remote administration requests and forward them to the openFT instances to be administered openFT Windows Administration 117 Remote administration Central administration 5 1 2 7 Exporting and modifying a configuration openFT provides the ADM administrator with an export function that allows the configuration data to be backed up checked or modified It is not possible to change the configuration data directly on the remote admin istration server Note that the purpose of the ftshwc command is not to output the entire configuration for the ADM administrator Its purpose is rather to show a remote administrator the openFT instances which that administrator is able to administer including the remote administration permissions on the instances that have been granted to the administrator For further
316. ng Value AdmPort String Value NONE OpenftApplState String ACTIVE INACT DISABLED NAVAIL FtamApplState String ACTIVE INACT DISABLED NAVAIL FtpState String ACTIVE INACT DISABLED NAVAIL AdmState String ACTIVE INACT DISABLED AdminLog String ALL FAIL MODIFY NONE CentralAdminServer String YES NO ActiveAppl String ALL NONE OPENFT FTAM FTP ADM 2 1 Not relevant on Windows systems 2 Combinations are also possible not with ALL and NONE 370 openFT Windows Administration Appendix Structure of CSV Outputs 9 1 7 ftshwp The following table indicates the CSV output format of an admission profile Column Type Values ProfName String Value enclosed in double quotes Priv String YES NO TransAdm String NSPEC SECRET Duplicated String YES NO LockedBylmport String YES NO LockedByAdm String YES NO LockedByUser String YES NO Expired String YES NO ExpDate yyyy mm dd__ Value NRES Usage String PUBLIC PRIVATE NSPEC IgnObs String YES NO IgnObr String YES NO Ignlbs String YES NO Ignibr String YES NO Ignibp String YES NO Ignibf String YES NO Initiator String LOC REM NRES TransDir String FROM TO NRES MaxPartLev Number Value NRES Partners String One
317. ning groups and openFT instances to be administered The configuration file contains all the openFT instances that can be adminis tered via this remote administration server using the remote administration facility Defining groups By defining groups and subgroups with freely selectable names it is possible to organize the openFT instances that are to be administered in a way that meets your precise requirements When groups are formed the path of an instance is made up of the Name attributes of the parent groups and the instance in question e g Muenchen MCH1I OPENFTO1 The complete pathname must not exceed a total length of 200 bytes The maximum nesting depth therefore depends on the lengths of the individual names A group starts with the XML tag lt Group gt There is no limit to the maximum number of groups in the XML file The groups must be defined after the remote administrators in the XML file because the subsequent definitions for the groups and instances reference the remote administrators A group is made up of the following attributes e Mandatory attribute Name The value of the attribute Name is a string that specifies the name of the group The maximum length of the string is 24 bytes The name could for instance be the name of a town a branch office or a department or it could simply be the description of the functions of a group of openFT instances Optional attribute Description The value of the attribute De
318. nistrator has the permissions of an FT administrator e Transfer of the FTAC privilege to a different user ID with FT administrator permissions This means that only this user ID still has both FT and FTAC administrator permissions All other previous FT administrators lose their explicit FTAC administrator permissions 24 openFT Windows Administration Tasks of the administrator e Transfer to a user ID without FT administrator permissions An FT administrator is no longer permitted to administer any admission sets and admission profiles or to back up the FTAC environment The FTAC administrator only has the FTAC administrator privileges listed above but not the permissions of an FT administrator The command ftmoda ftadm priv y allows both FTAC administrators and FT administrators to reset FTAC administration to the default settings i e FT administrators and FTAC administrators are identical again ADM administrator The ADM administrator is the only person permitted to administer the remote administration server Working with a remote administration server and the role of the ADM administrator are described in detail in the chapter Central admin istration on page 93 Immediately after a new installation no ADM administra tor yet exists The FTAC administrator must first define one See the section Defining the ADM administrator on page 101 openFT Windows Administration 25 Setting the operating pa
319. nistratorID A particular login ID must therefore only be specified for one AdministratorID otherwise the correlation between the user ID lt gt remote administrator is no longer unique openFT Windows Administration 107 Remote administration Central administration The value of the Profile attribute is a string with the name of a valid FTAC profile The maximum length of the string is 8 bytes The ADM adminis trator of the remote administration server must be the owner of the profile Each FTAC profile name may only be used with exactly one AdministratorID This profile is used if the remote administrator issues a remote adminis tration request on a remote computer and sends it to the remote admin istration server using the FTADM protocol In this event the remote administrator must specify the associated transfer admission in the request The profile must include the function ACCESS TO ADMINISTRATION corresponds to ftcrep ff c See section Setting up admission profiles for accessing the remote administration server on page 102 Example lt Configuration Version 1100 gt lt AdministratorID ame John Description Domain Controller Administrator UserID rz John Profile Profile01 gt lt AdministratorID ame Fred Profile Profiled2 gt Seas wale lt Configuration gt 108 openFT Windows Administration Central administration Remote administration Defi
320. nsfer This is supplied to the user in the local system and contains information on his or her FT requests RFC Request for Comments Procedure used on the Internet for commenting on proposed standards definitions or reports Also used to designate a document approved in this way RFC1006 Supplementary protocol for the implementation of ISO transport services transport class 0 using TCP IP Rivest Shamir Adleman procedure RSA procedure Encryption procedure named after its inventors that operates with a key pair consisting of a public key and a private key Used by the openFT product family in order to reliably check the identity of the partner system and to transmit the AES key to the partner system for encrypting the file contents router Network element that is located between networks and guides message flows through the networks while simultaneously performing route selection addressing and other functions Operates on layer 3 of the OSI model security attributes An object s security attributes specify how and in what ways the object may be accessed Secure FTP Method by which a connection is tunneled using the FTP protocol thus allowing secure connections with encryption and authentication security group Group of file attributes in the virtual filestore encompassing the security attributes of a file security level When FTAC functions are used the security level indicates the required level of pro
321. nt from the default The identification of the partner system The routing information if the partner system can only be accessed via an intermediate instance You can also output the partners in the partner list as a platform specific command sequence In this way it is possible to save the partner list and load it at another computer which may possibly be running a different operating system Format ftshwptn h lt partner 1 200 gt a st a st na st d st ie st nc st ad st da I csv px pw p2 pz openFT Windows Administration 317 ftshwptn openFT commands Description h Displays the command syntax on the screen Entries after the h are ignored partner a Specifies the partner whose properties you want to display You can specify the name of the partner in the partner list or the address of the partner system For details in address specifications see section Speci fying partner addresses on page 40 a for partner The properties of all the partners in the partner list are displayed partner not specified The properties of all the partners in the partner list are displayed St a st na st d st ie st nc st ad st da This operand enables you to display the properties of partner systems which have a specific status You an specify the following values a active All the partner systems with the status ACTIVE are displayed na n
322. ntaining configuration data on the remote administration server The existing configuration is overwritten on import The format of the XML file must match the format in the schema defined in config xsd config xsd is located in the openFT installation directory under the directory include You will find further details on creating a configuration file in the section Creating a configuration file on page 104 The XML file is checked for correct syntax and semantics by the XML parser and XML schema validator during import If errors occur a message is output to stderr indicating the element or the row column in which the error occurred The messages generated always appear in English In some cases it is possible that you will receive a message during import indicating that the configuration data cannot be imported and that the asynchronous openFT server must be terminated In this case stop the asynchronous openFT server e g using the ftstop command call the ftimpc command again and then restart the asynchronous openFT server e g using the ftstart command You can use ftimpc if you wish to change an existing configuration To do this export the existing configuration into an XML file with ftexpc adapt the file and then import the changed file again with ftimpc The content of the XML file exported with frexpc is encoded using UTF 8 see the section ftexpc Export the configuration of the remote administration server on p
323. ntries that are not TCP IP compliant i e all except for LANINET and RFC1006 You must explicitly assign an individual address to all instances using addr Ifthe instance is to be authenticated in partner systems it must have a unique instance ID assigned to it using fta id In addition a public key for the instance must be made available to the partner systems Format ftcrei h lt instance 1 8 gt lt directory 1 128 gt addr lt host name gt Description h Displays the command syntax on the screen Entries after the h are ignored instance Name of the instance to be created Instance names have a maximum length of 8 characters and must consist of alphanumeric characters The first character must not be a number The instance name must not be confused with the instance ID see ftmodo id 164 openFT Windows Administration openFT commands ftcrei directory Directory in which the instance file tree is to be located The directory must not yet exist If you do not specify directory the instance file tree is by default created in openFT installation directory var instance Windows XP and Windows Sever 2003 ProgramData Fujitsu Technology Solutions openF T var instance Windows Vista Windows Server 2008 Windows 7 and Windows Server 2008 R2 addr host name Internet host name by which the instance is addressed If your system has a DNS name you should specify the full DN
324. o regenerate the identical operating parameters No option specified The operating parameters are output in standard format openFT Windows Administration 305 ftshwo openFT commands Example ftshwo STARTED PROC LIM CONN LIM ADM CLIM RQ LIM MAX RQ LIFE TU SIZE KEY LEN CCS NAME YES 2 2000 30 65535 PTN CHK DYN PART SEC LEV FTAC LOG FT LOG ADM LOG USE TNS STD ON B P ATTR ALL ALL ALL NO OPENFT APPL FTAM APPL FTP PORT ADM PORT STD STD 21 11000 ACTIVE ACTIVE ACTIVE ACTIVE HOST NAME IDENTIFICATION LOCAL SYSTEM NAME NONE servus FJAM SERVUS ADM TRAP SERVER NONE 768 CP1252 ADM CS NO TRAP SS STATE FT STATE PART STATE PART UNREA RQ STATE TRANS SUCC TRANS FAIL OFF CONS OFF OFF OFF OFF OFF OFF ADM OFF OFF OFF OFF OFF FUNCT SWITCH PARTNER SELECTION REQUEST SELECTION OPTIONS MONITOR ON ALL ONLY SYNC ONLY LOCAL TRACE ON OPENFT FTP ADM ALL OFF NO BULK DATA Meaning of the output together with the associated command options Field name Meaning and values Command option STARTED Specifies whether the asynchronous openFT ftstart server has started YES or not NO ftstop PROC LIM Maximum number of openFT servers available fimodo pl for the processing of asynchronous requests CONN LIM Maximum number of asynchronous requests ftmodo cl that can be processed simultaneously ADM CLIM Maximum number of asynchronous ftmodo admcl adm
325. o use openFT in the cluster Creating key pair sets 1 and making a current public key available to the partner systems This enables the local system to be authenticated by the partner Obtaining the public keys of partner systems and suitably storing them in the local system so that the partner systems can be authenticated by the local system The administration functions marked with can also be executed via the openFT Explorer More information on the openFT Explorer can be found in the manual on openFT V8 1 for Windows systems and in the online help The administration functions marked with 2 can also be performed via an SNMP management station see chapter Administering openFT via SNMP on page 85 The administration of the FTAC functions can also be transferred to another person known as the FTAC administrator Central administration including setting up a remote administration server is a separate task See page 25 and the chapter Central administration on page 93 openFT Windows Administration 23 Tasks of the administrator Who is the FT administrator Under Windows users can only be openFT administrators if they possess administration rights on the system i e if they are logged in under the Administrator uset id or if they are a member of the Administrators group Note that the different Windows versions can behave differently Thus for example under Windows Vista only the Administr
326. ocessing FTAC executes print file name as follow up processing Prefix suffix and follow up processing commands must together not be longer than 1000 characters Please also bear in mind the information provided on the f option If a suffix was defined with fs the character set available for specifying follow up processing in the FT request is restricted to alphanumeric characters letters and digits the special characters _ a period between alphanumeric characters command6 not specified Ifs cancels the follow up processing suffix in the FT profile in the event of unsuccessful file transfer lfs not specified leaves the suffix entry in the FT profile for a follow up processing in the event of unsuccessful file transfer unchanged wm o wm n wm e wm one wm specifies which write modes may be used in the file transfer request and what they effect o overwrite In the FT request of openFT or FTAM partners only o or e may be entered for write mode The receive file is overwritten if it already exists and is created if it does not yet exist With FTP partners n may also be entered if the file does not yet exist n no overwrite In the FT request o n or e may be entered for write mode The receive file is created if it does not yet exist If the receive file already exists the request is not executed 238 openFT Windows Administration openFT commands f
327. of charge to any person obtaining a copy of this software and associated documentation files the Soft ware to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distrib ute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software HE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGE MENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CON RACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH HE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE Use of Secure FTP The following provisions apply to the use of Secure FTP This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org This product includes cryptographic software written by Eric Young eay cryptsoft com LICENSE ISSUES The OpenSSL toolkit stays under a dual license i e both the condi tions of the OpenSSL License and the original SS
328. og ID 1450 ftdell rg 1450 186 openFT Windows Administration openFT commands ftdelp 6 13 ftdelp Delete FT profiles ftdelp stands for delete profile You should occasionally thin out the set of profiles with tshwp to ensure that no out of date admission profiles are retained that could potentially threaten the security of your system ftdelp allows the FTAC administrator to delete FT profiles belonging to other login names as well ftdelp allows the ADM administrator to delete ADM profiles i e FT profiles with the property access to remote administration server Format ftdelp h lt profile name 1 8 gt s a s lt transfer admission 8 36 gt a n lt user ID 1 36 gt a adm Description h Displays the command syntax on the screen Entries after the h are ignored profile name s a is the name of the FT profile you wish to delete s for profile name Deletes the standard admission profile for the user ID a for profile name profile name is not used as a criterion for selecting the FT profile to be deleted If you do not identify the profile more closely with s see below you will delete all of your FT profiles s transfer admission a n user ID a s is used to specify criteria for selecting the FT profiles to be deleted transfer admission is the transfer admission of the FT profile to be deleted A binary transfer admission must be spec
329. ogin name whether or not it is valid for any password of the login name whether or not it has an undefined password and is thus disabled Please note that ADM profiles always are indicated by the value ADM under the USER ADM parameter USER ADM Meaning user ID OWN Profile is valid for all passwords of the login name user ID YES The profile is valid only for a specific password of the login name specified in ua user ID password with an ftcrep or ftmodp command The profile is deactivated not disabled if the password is changed You can activate it again for example by resetting the password user ID NOT SPECIFIED The FTAC administrator created or modified the FT profile knowing only the login name As a result the profile was disabled You must enable the profile with ftmodp and the v y parameter If an FT profile is disabled the TRANS ADM parameter indicates the reasons why the profile was disabled The following table shows the possible parameter values as well as their meanings openFT Windows Administration 313 fishwp openFT commands TRANS ADM Possible cause and action NOT SPECIFIED The FTAC administrator created the FT profile without transfer admission or the FTAC user did not specify transfer admission Measure specify transfer admission DUPLICATED An attempt was made to create an FT profile with the same transfer
330. ollow up processing unchanged lf lf n lf command4 If specifies follow up processing to be executed under your login name if the file transfer is aborted due to an error If fis specified no failure follow up processing may be requested in the FT request Making an f entry only makes sense if you also make an entry for ls see above to preclude the possibility that a successful request can circumvent the f entry If you have defined a prefix for the file name with fnp and plan follow up processing for this file you must specify the complete file name here 236 openFT Windows Administration openFT commands ftmodp n for command4 lf n is specified no follow up processing is then permitted in the FT profile in the event of an unsuccessful file transfer command4 not specified f f allows you to cancel an entry for follow up processing in the event that file transfer is unsuccessful The FT profile then no longer restricts failure follow up processing in the local system This is also a way to cancel a prefix defined with p If not specified leaves the entries in the FT profiles for failure follow up processing after unsuccessful file transfer unchanged lfp command5 defines a prefix for follow up processing in the local system in the event that file transfer is unsuccessful FTAC then adds the character string command5 to the follow up processing specified in the FT request and attemp
331. ollowing permissions are possible FTOP Read FT access FT operator FT Read and modify FT access FT administrator FTAC Read and modify FTAC access FTAC administrator If a number of permissions are specified e g FT FTAC it is sufficient if one of these permissions applies i e FT or FTAC In the case of a remote administration request these permissions are compared with the permissions you have on the relevant instance as a remote administrator The ADM administrator defines the permissions in the configuration data of the remote administration server If your permissions are insufficient to execute the remote administration command on a particular instance the request is rejected e g with ftadm Administration request rejected by remote administration server In this event an ADM log record is written on the remote administration server with a reason code not equal to 0000 The reason code specifies the exact reason for rejection fthelp reason code openFT Windows Administration 155 ftadm openFT commands Commands for openFT partners in BS2000 OSD The commands always have to be prefixed with slash before the command name BS2000 command Short forms and Permission aliases ADD FT PARTNER ADD FT PART FT FTADDPTN CANCEL FILE TRANSFER CAN FILE T CNFT FT NCANCEL NCAN FTCANREQ CREATE FT KEY SET CRE FT KEY FT FTCREKEY CREATE FT PROFI
332. omes from a secure source To ensure this the local openFT instance checks the identity of the partner instance This assumes that a current public key of the partner instance was stored locally in the syskey directory the name of which corresponds to the instance ID of the partner instance A configuration of this kind makes sense for example if a server s files are to be accessed via openFT It is important for the local openFT instance that the received data come from a reliable source the authenticated partner In contrast the source of an access attempt is unimportant to the server openFT Windows Administration 53 Authentication Tasks of the administrator e For the partner system it is important that only a secure local openFT Instance is able to access its data To ensure this the partner instance checks the identity of the local openFT instance This requires that a current public key of the local openFT instance is stored in the partner instance re coded for BS2000 and z OS or OS 390 partners A configuration of this kind would be conceivable for example if partner systems in several branch offices were to be accessed from a central computer via openFT and the branch computers were only permitted to access the central computer and in fact only the central computer e For both the local openFT instance and the partner instance it is important that the data comes from a reliable source and ends up
333. on your computer Please note the following e Any running openFT Script requests are aborted during installation You should therefore complete all running openFT Script requests before installing a correction version Tasks required of the system administrator 1 Install openFT V11 0 from the data medium Any protocols installed previously FTP FTAM SNMP are taken over and no confirmation query is issued Steps performed automatically The following steps are performed automatically on installing a patch e Running openFT processes are terminated running openFT Script requests are cancelled e The FT profiles and admission sets the log files operating parameters and requests the partner list and the key pair sets are taken over without changes for all openFT instances e The language setting from the previous version is used e The configuration data for the central administration is used 74 openFT Windows Administration Installation and configuration Automatic installation 3 1 4 Unattended installation PCMX 32 and openFT can also be installed unattended using the msiexec command Please note the following e PCMX 32 must already be installed before openFT can be installed Because PCMxX is not automatically installed with an unattended openFT installation you must first install PCMX 32 see the example below e Windows Installer 2 0 is not included in the openFT msi installation package for unattend
334. onSel String Value enclosed in double quotes empty PresentationSel String Value enclosed in double quotes empty Identification String Value enclosed in double quotes SessRout String Value enclosed in double quotes ID empty PartnerAddr String Value enclosed in double quotes Check String FTOPT STD TRANSP ADDR AuthMand String YES NO Priority String LOW NORM HIGH 374 openFT Windows Administration Appendix Structure of CSV Outputs 9 1 9 ftshwr The following table indicates the CSV output format of a request Short output is also possible with ftshwr ftshwr s csv see page 378 Column Type Values Transid Number Value Initiator String LOC REM State String LOCK WAIT HOLD FIN ACT CANC SUSP PartnerName String Value enclosed in double quotes PartnerState String Values TransDir String TO FROM ByteNum Number Value empty LocFileName String Value enclosed in double quotes LocElemName String empty LocElemType String empty LocElemVersion String empty Prio String NORM LOW Compress String NONE BYTE ZIP DataEnc String YES NO DiCheck String YES NO Write String REPL EXT NEW StartTime yyyy mm dd_ Value hh mm ss String SOON CancelTime yyyy mm dd_ Value hh mm ss String NO Owner String Value enclosed in double quotes DataType String CHAR BIN USER Transp String YES
335. ons ff not specified The FT function is not a selection criterion ini I ini r ini Ir ini rl Defines the initiator for which log records are to be output Possible values are J r Ir rl l local Only log records belonging to openFT requests issued locally are output r remote Only log records belonging to openFT requests issued remotely are output Ir rl The log records belonging to openFT requests issued locally and remotely are output ini not specified The initiator is not a selection criterion pn partner Defines the partner system to which the log records are to be output Partner is the name of the partner in the partner list or the address of the partner system For details on address specifications see section Specifying partner addresses on page 40 pn not specified The partner system is not a selection criterion fn file name Defines the file to which the log records are to be output You can specify wildcards such as asterisk i e any character string and question mark i e single character fn not specified The file name is not a selection criterion 276 openFT Windows Administration openFT commands fishwl nb number a Defines the number of log records to be output a for number All log records are output nb not specified If rg has also been specified nb is replaced by the value nb a If rg is also not specified nb is replaced by
336. openFT service 255 ftexec ftadm command failed Meaning Remote execution of the command with ftexec failed 406 openFT Windows Administration Appendix Messages for administration commands 9 4 2 Messages for administration commands and measurement data recording With the following messages the value for fthelp must be increased by 1000 e g 1034 instead of 34 20 openFT already started Meaning openFT can only be started once in each instance Measure Terminate openFT if necessary 21 Request must be canceled without FORCE option first Meaning Before the FORCE option is used the command must be called without the FORCE option Measure Issue the command without the FORCE option first 29 Maximum number of key pairs exceeded Measure Before new key pair set can be created an older key pair set must be deleted 30 Warning last key pair deleted Meaning The last key pair set has been deleted Without a key pair set encrypted transfer authentication and data integrity checking are not possible Measure Create a new key pair set 31 No key pair available Meaning All transfers are carried out without encryption Measure Create a new key pair set if necessary 32 Last key pair must not be deleted openFT Windows Administration 407 Messages for administration commands Appendix 33 The public key files could not be updated Meaning The contents of the syspkf file could not b
337. ord There are three types of output short output long output and CSV output Comma Separated Value Output is written to standard output 272 openFT Windows Administration openFT commands fishwl Format ftshwl h lt user ID 1 36 gt a rg vyyy mm dd hhmml 1 99999999999910 9991 0 999 yyyy Jmm dd hhmml 1 99999999999910 9991 0 999 rt t c a ff t m d lal C D IMILI f ini I ini r ini lr ini rl pn lt partner 1 200 gt fn lt file name 1 512 gt nb 1 99999999 nb a rc 0 ffff rc f I csv tid 1 2147483647 adm lt administrator id 1 32 gt ri lt routing info 1 200 gt Description h Displays the command syntax on the screen Entries after the h are ignored user ID a is used to specify the login name s for which log records are to be displayed As the administrator you can specify any login name a for user ID FT or FTAC or ADM administrators can display the log records for all login names user ID not specified Only the log records for the login name under which the command was entered are displayed rg yyyy mm dd hhmm lyyyy mm dd hhmm You can rg to specify the start and or end of a logging interval lyyyy Imm dd hhmm When specifying a time a 4 digit specification is interpreted as the time expressed in hours and minutes a 6 digit specification as the da
338. ot active All the partner systems which do not have the status ACTIVE are displayed d deactivated All the partner systems with the status DEACTIVE are displayed ie installation error All the partner systems with the status LUNK RUNK LAUTH RAUTH NOKEY or IDREJ are displayed nc not connected All the partner systems with the status NOCON or DIERR are displayed ad active automatic deactivation All the partner systems for which the option AUTOMATIC DEACTIVATION is set see the option ad in the ftaddptn and ftmodptn commands but are still active are displayed da deactivated automatic deactivation All the partner systems which have actually been deactivated because of the AUTOMATIC DEACTIVATION option are displayed 318 openFT Windows Administration openFT commands ftshwptn st not specified The output is not restricted to partner systems with a specific status csv px pw p2 pz These options determine the scope and format of the output The properties of the partner systems are output in full as a table The properties of the partner systems are output in CSV format The individual values are separated by semicolons The properties of the partner systems are output as a command sequence This can be called in Unix systems as a shell procedure in order to generate partner entries with identical properties The properties of the partner systems are output as a command seque
339. ou must specify a file name or file name prefix which starts with the string Iftexecsv for FTAC profiles which are to be used exclusively for the ftexec command If a command prefix is also to be defined you must specify it as follows fnp Iftexecsv_ p command prefix e g fnp ftexecsv p ftshwri The same restrictions apply to the command string of the ftexec call as to the filename prefix during preprocessing and postprocessing e For FTAC profiles that are only to be used for getting monitoring data specify the filename prefix FTMONITOR The functions of the profile must permit File Preprocessing ff tp For details see the frcrep command Example 3 on page 182 fnp not specified leaves the file name prefix entries in the FT profile unchanged 234 openFT Windows Administration openFT commands ftmodp Is ls n ls command1 specifies follow up processing which is to be performed under your login name in the event that file transfer is successful If s is specified no success follow up processing may be requested in the FT request Specifying s only makes sense if you also make an entry for f see below to preclude the possibility that an intentionally unsuccessful request can circumvent the s entry If you have defined a prefix for the file name with fnp and plan follow up processing for this file you must specify the complete file name here n for command If you enter
340. output refer to the State column under the standard output for the meanings of the states ftshwr s ACT WAIT LOCK SUSP HOLD FIN TOTAL 3 2 0 0 0 0 5 6 38 1 3 Detailed output from ftshwr Example for the detailed output of the request with request ID 131074 TRANSFER ID 131074 STORE 06 05 29 11 49 11 FILESIZE 514610 STATE WAIT BYTECNT 0 INITIATOR LOCAL TRANS FROM PRIO NORM RITE REPLACE START SOON CANCEL NO COMPRESS NONE DATA CHAR TRANSP NO ENCRYPT NO OWNER maier DICHECK NO RECFORM VARIABLE PARTNER ftservOl mycompany net PARTNER STATE ACT PARTNER PRIO NORM LOC FILE E memo02 txt TRANS ADM mydomain maier CCSN CP1252 REM FILE memo02 txt TRANS ADM servelog openFT Windows Administration 329 ftshwr openFT commands Description of the output TRANSFER ID transfer identification Request ID which openFT uses to identify file transfer requests Requests can be canceled using the ftcanr and the request ID STATE State of the request Possible values ACTIVE The request is currently being processed WAIT The request is waiting If the cause of the WAIT state is known further information is indicated in the PARTNER STATE field LOCKED The request is temporarily excluded from processing This status can also occur at openFT and at FTAM partners With openFT partners when a resource bottleneck is encoun tered or if external data media must first be made available for ex
341. overview shows a list of all commands arranged according to the various tasks Commands indicated by gt are primarily aimed at FT users and are therefore only described in the User Guide Administer openFT ftstart Start asynchronous openFT server ftstop Stop asynchronous openFT server ftshwo Display operating parameters ftmodo Modify operating parameters ftshwd Display diagnostic information Administer partners ftaddptn Enter a partner in the partner list ftshwptn Display partner properties ftmodptn Modify partner properties ftremptn Remove a partner from the partner list openFT Windows Administration 139 Overview openFT commands Administer key pair sets for authentication ftcrek Create key pair set ftupdk Update public keys ftdelk Delete key pair set Remote administration and ADM traps ftadm Enter a remote administration command ftshwe Display remote administrable openFT instances ftshwatp Display ADM traps ftexpc Export configuration of the remote administration server ftimpc Import configuration of the remote administration server File transfer and request queue managing ncopy b Issue synchronous file transfer request ft Issue asynchronous file transfer request ftcanr Cancel asynchronous file transfer requests ftmodr Change the order of the requests in the request queue ftshwr Display the properties and statuses of requests Set user password ftsetpwd Store user password Remote command ex
342. ows you to check whether a valid password is stored for a user c must be specified together with ua and no password may be entered for ua openFT Windows Administration 253 ftsetpwd openFT commands Examples 1 You want to store the password topsecret for the user ID Administrator on the system Win01 ftsetpwd ua Administrator topsecret s Win01 2 Acheck is to be made on the computer Win02 whether a valid password is stored for the global identifier dispatch miller ftsetpwd ua dispatch miller s Win02 c 3 You want to check if a valid password is stored for the user ID miller on the local system ftsetpwd ua miller c 254 openFT Windows Administration openFT commands ftshwa 6 28 ftshwa Display admission sets ftshwa stands for show admission set and allows you to examine admission sets As the FTAC administrator you can obtain information on all admission sets in your system As the FT administrator you can determine the FTAC administrator and the ADM administrator It outputs the following information what limit values the owner of the user ID has set for the individual basic functions e what limit values the FTAC administrator has set for the user ID for the individual basic functions e whether or not the admission set has the FTAC privilege i e if the owner of the admission set is the FTAC administrator e whether or not the admission set has t
343. partner system if the partner system is not entered in the TNS and TCP IP RFC1006 was not used as the transport system In this case strange followed by the DTE address of the partner system is shown for X 25 links in Windows for example FILENAME Local file name ERRINFO Additional information on the error message if an error occurred during a transfer 284 openFT Windows Administration openFT commands ftshwl output RC Reason code Specifies whether a request was successful RC 0 or if not why it was rejected or cancelled You can obtain further information with the fthelp command REC TYPE Specifies whether the log record is an FT log record PCMD Indicates whether follow up processing was specified and started Possible values NONE No follow up processing specified STARTED Follow up processing was started contains no information about the successful completion of follow up processing NOT STARTED Follow up processing could not be started WRITE Write mode The field is assigned a value only for outbound requests for inbound requests it contains a blank Possible values NEW Anew file is created If a file with this name already exists file transfer is aborted EXT An existing file is extended otherwise a new is created REPLACE An existing file is overwritten If it does not already exist it is created TIME Specifies time when log record was written FUNCTION FT function TRANSFER
344. pecified time The optional data is automatically replaced by current values openFT Windows Administration 185 ftdell openFT commands rg 1 rg 0 rg not 999999999999 Here you use rg to specify the end log ID It is identified by a leading character followed by the 1 12 digit ID openFT then deletes all log records which belong to this log ID or which belong to a smaller log ID 999 Here you use rg to specify a time interval relative to the current date and time as a multiple of 24 hours i e number of days openFT then deletes all log records which are older than the specified time This means you are looking back in time If you specify rg 2 for example all log records which are older than two days 48 hours are deleted specified The range is not a selection criterion i e all log records are to be deleted by 00 00 hours of the current date Example 1 Asthe FT or FTAC administrator you wish to delete all FT log records written up to 00 00 hours of the current date ftdell 2 As the FT or FTAC administrator you wish to delete all FT log records written up to the current time ftdell rg 0 3 As the FT or FTAC administrator you wish to delete all log records written before the last 7 day period 7 times 24 hours before the current time ftdell rg 7 4 As the FT or FTAC administrator you wish to delete all log records from the beginning to the record with the l
345. penFT Windows Administration 43 Administering partners Tasks of the administrator 2 8 2 FTAC security levels for partner entries If the FTAC functionality is to be used the FT administrator should coordinate with the FTAC administrator to additionally define the security level relevant to FTAC for each partner in the partner list To do this the FT administrator uses the sl option in the ftaddptn or ftmodptn command Alternatively in the openFT Explorer Partner List Entry dialog box Security Level group The security levels regulate the degree of protection with respect to the partner system This protection can be best determined by the FTAC administrator Therefore he should advise the FT administrator on the assignment of the security levels to the partner systems A high security level is used when a high degree of security is required and a low level for a low degree of security When FTAC is first installed the security levels should be assigned in multiples of ten This leaves the option open to incorporate new partner systems flexibly into the existing hierarchy If the degree of required security changes with respect to a partner system the security level of the partner system can be modified with the command ftmodptn to meet the new requirements You can also use the operand s p in the ftaddptn and ftmodptn command to activate the following automatic mechanisms for the security levels e Partners that are authent
346. penFT Explorer Installation on the second node Install openFT V11 for Windows locally plus the supplementary product openFT CR if required see the first node 9 3 1 2 Configuration of resource specific openFT properties of Cluster Configure the cluster in such a way that one device which contains the switching file of openFT is always available in this case S You will find an example for configuring the resource specific openFT properties in section Configuring resource specific openFT properties on page 396 9 3 1 3 Configuration of openFT It is recommended not to use TNS default after new installation If using TNS make sure that on both nodes of the cluster the same TNS entries are available or use the registry replication of the cluster for this As of openFT V10 the asynchronous server is no separate service any more The services openFT and openFT Security Server must always be started 392 openFT Windows Administration Appendix openFT in a Windows cluster Configuration on first node P870_DDM e Stop asynchronous openFT server via Administration Stop Asynchronous Server or use command ftstop f Use TNS is active Adapt the TNS entries FJAM FJAMOUT and FTAM if required only TCP IP entries should be present Not using TNS is recommended ftmodo tns n e Set the address of the std instance ftmodi std addr P870_DDM e Oninstance std start asynchronous openFT server C
347. penFT commands fidell 6 12 ftdell Delete log record With ftdell you can delete log records for all login names if you are FT FTAC or ADM administrator This function is not permitted for the ordinary user Store the log records by redirecting the output of ftshw to a file or to the printer see section ftshwl Display log records in the user manual Deleting log records changes the size of the file since the storage space is freed immediately after deletion The time by which the log records are to be deleted can be entered either as a fixed time with date and time or as a relative time for example all records before 10 days ago Format ftdell h rg vyyy Jmm dd hhmm rg 1 999999999999 rg 0 999 Description h Displays the command syntax on the screen Entries after the h are ignored rg yyyy mm dd hhmm You use rg to specify the end of a logging interval When selecting the time this is interpreted as follows a4 digit specification is interpreted as the time expressed in hours and minutes a6 digit specification as the day date and time in hours and minutes an 8 digit specification as the month day and time in hours and minutes a12 digit specification as the year month day and time in hours and minutes The largest possible value that can be specified as the date is 20380119 January 19 2038 openFT then deletes all log records which are older that the s
348. provide the following documents an exact description of the error situation and information as to whether the error is reproducible the version number of the file transfer product in the own computer the version number of the file transfer product in the remote computer and the operating system of the remote partner computer diagnostic information which is created with the openFT command ftshwa The diaginfo command automatically calls ftshwd This allows you to create additional diagnostic information using diaginfo e g with diaginfo a gt diagfile txt if available the FTAC FT and ADM log records which are output with the FT command ftshwl if available the openFT trace file for errors related to a specific FT profile a printout of the profile ftshwpprofilename l and a printout of the admission sets ftshwa a the version and the variant of the operating system the version of the communication system PCMX etc if necessary the process tables openFT Windows Administration 347 Actions in the event of an error What if 348 openFT Windows Administration 8 Diagnosis This chapter describes how you can create and evaluate trace files Further diagnostic information can be obtained with the help of the command ftshwd Display diagnostic information on page 269 At the end of this chapter you will find code tables with which you can diagnose code conversion errors
349. put Syntax Integer Meaning on 3 the asynchronous openFT server is started off 4 the asynchronous openFT server is stopped Setting the values start or stop causes the openFT subagent to start or stop the asynchronous openFT server Reading access supplies information about the current status of the FT system on or off 88 openFT Windows Administration SNMP SNMP management 4 3 2 System parameters MIB definition Object name Access Meaning Command object identifier ftmodo ftSysparVersion read only Version 1 3 6 1 4 1 231 2 18 2 1 0 ftSysparTransportUnitSize read write Transport Unit Size tu 1 3 6 1 4 1 231 2 18 2 2 0 ftSysparMaxOSP read write Max OSP cl 1 3 6 1 4 1 231 2 18 2 7 0 ftSysparMaxISP read write Max ISP cl 1 3 6 1 4 1 231 2 18 2 8 0 ftSysparProcessorName read write Processor Name p 1 3 6 1 4 1 231 2 18 2 9 0 ftSysparStationName read write Station Name l 1 3 6 1 4 1 231 2 18 2 10 0 ftSysparCode read write Code Table CSS 1 3 6 1 4 1 231 2 18 2 11 0 The following values are supported iso8859 1 1 iso8859 2 2 iso8859 5 5 iso8859 6 6 iso8859 7 7 iso8859 9 9 undefined 255 ftSysparMaxInboundRegs read write Max Inbound Requests rql 1 3 6 1 4 1 231 2 18 2 12 0 ftSysparMaxLifeTime read write Max Life Time rqt 1 3 6 1 4 1 231 2 18 2 13 0 The distinction between Max OSP maximum
350. put format of the operating param eters Column Type Values PartnerLimit Number Value ReqLim Number Value TaskLim Number Value ConnLim Number Value ReqWaitLev Number Value TransportUnitSize Number Value PartnerCheck String STD TRANSP ADDR SecLev Number B P ATTR Value TraceOpenft String STD OFF TraceOut String FILE OFF TraceSession String STD OFF TraceFtam String STD OFF LogTransFile String ON OFF MaxInboundReq Number Value MaxReqLifetime String Value UNLIMITED SnmpTrapsSubsystemState String OFF ON SnmptTrapsFtState String OFF ON SnmptTrapsPartnerState String OFF ON SnmpTrapsPartnerUnreach String OFF ON SnmpTrapsReqQueueState String OFF ON SnmptTrapsTransSucc String OFF ON SnmptTrapsTransFail String OFF ON ConsoleTraps String ON OFF TeleService String empty HostName String Value NONE Identification String Value enclosed in double quotes 368 openFT Windows Administration Appendix Structure of CSV Outputs Column Type Values UseTns String YES NO ConsTrapsSubsystemState String ON OFF ConsTrapsFtState String ON OFF ConsTrapsPartnerState String ON OFF ConsTrapsPartnerUnreach String ON OFF ConsTrapsReqQueueState String ON
351. put in the standard format Example Display of command ftshwa a ftshwa a MAX USER LEVELS MAX ADM LEVELS ATTR USER ID OBS OBR IBS IBR IBP IBF OBS OBR IBS IBR IBP IBF STD 100 100 100 100 100 100 100 100 100 100 100 100 admin 50 50 1 1 1 1 100 100 100 100 100 100 PRIV ADMPR smith 90 90 0 0 0 90 100 100 100 100 100 100 The displayed information has the following meaning USER ID The USER ID column contains the login names to which the respective admission sets belong If a login name longer than 8 characters is specified the first 7 characters are output followed by an asterisk MAX USER LEVELS MAX ADM LEVELS The six columns under MAX USER LEVELS show the values specified by each of these FTAC users for their respective admission sets The six columns under MAX ADM LEVELS contain the values set by the FTAC administrator 256 openFT Windows Administration openFT commands ftshwa The lower of the two values determines whether or not the owner of this admission set may use the basic function specified The names of the basic functions are abbreviated as follows OBS OUTBOUND SEND OBR OUTBOUND RECEIVE IBS INBOUND SEND IBR INBOUND RECEIVE IBP INBOUND PROCESSING IBF INBOUND FILE MANAGEMENT The values in the admission set have the following meaning 0 The basic function is disabled 1 99 The basic function is only released for partner systems with the same or a lowe
352. quests are always issued locally No request type specified If you specify trr without parameters then all requests are selected for tracing Note that trr rs does not completely deactivate tracing Interface trace files for instance continue to be created if activated 212 openFT Windows Administration openFT commands ftmodo tro b You can use tro to select options for the trace function These options are only effective if the trace function is active b no bulk data Minimum trace Only protocol elements with no file contents bulk data are written to the trace file In the case of protocol elements with file contents the trace file simply notes that records have been suppressed at this point This note is entered only once for a sequence of similar records This option is only available for openFT and FTP partner No option specified If you specify tro without parameters then the trace is written normally atpsv partner transfer admission d atpsv allows you to specify the settings for the ADM trap server When you enter the ADM trap server for the first time you must specify both the partner and the transfer admission You can subsequently change each of the two parameters individually partner Name or address of the partner to which the ADM traps are sent This must either be a name from the partner list or the address must be specified in the form ftadm host See the section
353. queue are processed normally Requests that were cancelled due to the shutdown of the asynchronous openFT server are relaunched provided that the partner supports this function Format ftstop h Description h Displays the command syntax on the screen 338 openFT Windows Administration openFT commands ftupdi 6 41 ftupdi Update the instance directory Using ftupdi you can update an instance file tree that was made using openFT V8 1 or V10 0 so that it can continue to be used with openFT V11 0 The settings of the operating parameters FTAC admission sets FTAC admission profiles and log records are retained Any requests for this instance which are still present will be lost Format ftupdi h lt directory 1 128 gt Description h Displays the command syntax on the screen Any entries after h are ignored directory Here you enter the directory which contains the instance file tree of the instance to be updated Messages of the ftupdi command If ftupdi could not be carried out as specified an explanatory message is displayed the exit code will then be not equal to zero Example The FT administrator wants to update the directory of the instance hugo ftupdi C Program Files openFT var hugo openFT Windows Administration 339 ftupdk openFT commands 6 42 ftupdk Update public keys Using ftupdk you can update the public key files of existing key pair sets For exampl
354. quired to run the procedure openFT Windows Administration 431 Glossary protocol Set of rules governing information exchange between peer partners in order to achieve a defined objective This usually consists of a definition of the messages that are to be exchanged and the correct sequencing of messages including the handling of errors and other exceptions public key Public encryption key defined by the receiver of a message and made public or made known to the sender of the message This allows the sender to encrypt messages to be sent to the receiver Public keys are used by various encryption methods including the Rivest Shamir Adleman RSA procedure The public key must match the private key known only to the receiver receive file File in the receive system in which the data from the send file is stored receive system System to which a file is sent This may be the local system or the remote system record Set of data that is treated as a single logical unit relative path name The path from the current directory to the file remote administration Administration of openFT instances from remote computers remote administration server Central component required for remote administration and for ADM traps A remote administration server runs on a Unix or Windows system running openFT as of V11 0 If it is used for remote administration it contains all the configuration data required for this purpose
355. r Administrator permissions are not required for displaying the monitoring data The FT administrator must first activate monitoring with ftmodo mon n Monitoring data from partner systems can also be collected and output on the local computer using the openFT Monitor In addition the new preprocessing command FTMONITOR allows special admission profiles to be defined that only permit monitoring The monitoring data can be transferred to the local computer with ncopy or ft and saved in a file for subsequent evaluation for instance The openFT Monitor and the preprocessing command FTMONITOR use the openFT protocol openFT Windows Administration 15 Changes since the last version Preface Extended security functions e Secure FTP over SSL Encryption is now also possible for outbound requests to a standard secure FTP server e 2048 bit RSA key 2048 bit RSA keys are now also supported e 256 bit AES key 256 bit AES keys are now also supported Prioritization of partners Partners can be prioritized in the partner list Requests to different partners that have the same request priority are processed in the order given by the partner priority entered File transfer and request queue e The format of the target file can be specified in the transfer request new option tff for ft and ncopy e New script ft_mget for synchronously fetching several files e Requests with the status SUSPEND are output when the request que
356. r ID 1 36 gt a ini I ini r ini lr ini rl pn lt partner 1 200 gt fn lt file name 1 512 gt lt request ID 1 2147483647 gt lt request ID 1 2147483647 gt a Description h Displays the command syntax on the screen Entries after the h are ignored f f allows you to delete the request unconditionally from the local request queue i e without negotiation with the partner system Note that this can cause requests with an undefined state to arise in the partner s request queue You can only call this option as FT administrator The precondition is that the request was first cancelled with ftcanr without the option f ua user ID a You use ua to indicates the user ID for which requests are to be cancelled user ID The FT administrator can specify any login name openFT Windows Administration 161 ftcanr openFT commands a This option is only significant for the FT administrator The FT administrator can specify a to cancel the requests of all the login names ua not specified Your login name is used as the selection criterion Exception The FT administrator has called the command and specified transfer IDs In this case the default is a ini I ini r ini Ir ini rl You use ini to indicate the initiator for which you want to cancel requests You can specify J r Ir rl l Only requests initiated locally are cancelled r Only requests initiated remo
357. r abort of the request by means of a 4 digit reason code This column can also contain a positive acknowledgment to a request reason code 0000 You can use the fthelp command to determine the meaning of the reason codes Deleting log records All log records may be deleted by the openFT administrator the FTAC adminis trator and the ADM administrator To do this use the ftdell command Basically openFT writes an indefinite number of log records However if no more storage space is available on disk FT requests are rejected If you need continuous documentation over an extended period you should therefore back up the existing records from time to time e g in a file on CD or DVD by redirecting the output of ftshwl to a printer or to disk and then remove these log records from the current log file The benefit of this is first that the log records provide a complete documentation which can be maintained over long periods and second that the log file does not become unnecessarily large thus resulting in slower access performance Deleting log records causes the size of the log file to change since the storage space is immediately free upon deletion You can also view log records in the openFT Explorer by clicking on the Logging object window You can also execute the following functions via the openFT Explorer Delete log records Select log records Update log window You will find a detailed description of each of t
358. r rejected FTAC access checks only openFT Windows Administration 209 ftmodo openFT commands la a la f la m la n This option allows you to selectively activate the logging of administrative requests The following parameters are available a all This is the default value Log records are written for all administration requests f failure Log records are only written for failed administration requests m modifying Log records are written for all administration requests that make modifications n none No log records are written for administration requests mone n mon f This allows you to activate and deactivate openFT monitoring n on openFT monitoring is activated f off openFT monitoring is deactivated monr monrs llirj als This allows you to select openFT monitoring depending on the request type The value or r can be combined with a or s Boolean AND e g la al ls rs I local Monitoring data is collected for requests issued locally r remote Monitoring data is collected for requests issued remotely a asynchronous Monitoring data is collected for asynchronous requests Requests issued remotely are always regarded as asynchronous s synchronous Monitoring data is collected for synchronous requests Synchronous requests are always issued locally 210 openFT Windows Administration openFT commands ftmodo No request type specified If
359. r security level You can use the ftshwptn command to display a partner system s security level 100 The inbound basic function is enabled for all partner systems An asterisk after the value indicates that this entry was taken from the standard admission set and will automatically be modified if the value in the standard admission set is changed ATTR PRIV in the ATTR column indicates the privileged admission set admin is the FTAC administrator in this example ADMPR in the ATTR column indicates the ADM administrator This means that admin is also the administrator of the remote administration server openFT Windows Administration 257 ftshwatp openFT commands 6 29 ftshwatp Display ADM traps If you are the FT administrator of the ADM trap server ftshwatp allows you to obtain information on the ADM traps sent to the ADM trap server and stored in the ADM trap log file there If the ADM trap server is also used as remote administration server both the ADM administrator and the remote administrators can view traps e If you are the ADM administrator of the remote administration server you can view all ADM traps e Ifyou are a remote administrator you can view your ADM traps locally or with ftadm This means that you only see the ADM traps of those openFT instances for which you have at least FTOP permission See the section ftshwc Show openFT instances that can be remotely administered
360. r the h are ignored user ID s As the FTAC administrator you can specify any login name desired s for user ID By entering the value s the FTAC administrator can modify the standard admission set user ID not specified modifies the admission set of the login name under which ftmoda is entered priv y As the FTAC administrator you can assign administrator privileges to the specified user ID priv not specified does not change the FTAC administrator admpriv y If you are an ADM administrator this specification allows you to pass the administration admission for the remote administration server to the user ID specified In addition all profiles defined with f c are forwarded to the new user ID If profiles with the same name already exist under the new user ID the command is rejected If there does not yet exist an ADM administrator on the remote administration server the FTAC administrator has to define the ADM administrator first using admpriv Otherwise the remote adminstration server cannot be administrated i e the configuration file cannot be imported by means of ftimpc for example admpriv not specified does not change the ADM administrator ml s ml 0 100 sets the same value for all six basic functions Possible values are s sets each of the basic functions to the value defined in the standard admission set 0 disables all of the basic functions openFT Windows Administration 199
361. rID John AllowFunction FT FTAC gt lt AccessList gt lt Instance Name MCHSRV03 4 Description Windows Server 2003 domain controller Address ftadm MCHSRVO3 mch mycompany net Admission mchsrv03remote gt lt Instance gt openFT Windows Administration 135 Example of an XML configuration file Central administration lt Group gt lt Group gt lt Group Name Hamburg Description Computer Center North in Hamburg Wandsbek gt lt Group Name HH1 Description QA Computer Center gt lt AccessList gt 33 lt AccessEntry AdministratorID Jack AllowFunction FT FTAC gt lt AccessEntry AdministratorID Mike AllowFunction FT FTAC gt lt AccessList gt lt Instance Name HHWSRVO1 4 Description Solaris 10 Address ftadm HHWSRVO1 hhw mycompany net Admission hhwsrvOlremote gt lt Instance Name HHWSRVO02 4 Description HP 11 Address ftadm HHWSRVO2 hhw mycompany net Admission hhwsrv02remote gt lt Instance Name HHWSRV11 4 Description Solaris 9 Address HHWSRV11 hhw mycompany net Admission hhwsrvllremote Mode Legacy gt 6 lt AccessList gt lt AccessEntry AdministratorID Mike DenyFunction FTAC gt lt AccessList gt lt Instance gt 136 openFT Windows Administration Central administration Example of an XML configuration file lt Group gt lt Group Name HH2 Description HR department gt
362. rameters Tasks of the administrator 2 1 Setting the operating parameters The following parameters are available for controlling the operation of openFT You can specify these parameters by means of the ftmodo command e The instance identification of the local openFT instance e The maximum number of asynchronous requests that openFT should process simultaneously connection limit e The maximum number of processes that are available for processing asynchronous requests process limit e The upper limit for the length of blocks to be transferred Following the installation of openFT openFT FTAM the maximum block length is set to 65535 characters e The scope for protocols during openFT operation e The length of the RSA key to be used for encryption purposes e The code table that should be used by default for local text files You can view the current values of the parameters for an openFT instance with the ftshwo command You can also view and change the current operating parameters via the openFT Explorer To do this open the Operating Parameters window by selecting the appropriate menu item in the Administration menu You will find a detailed description of each function in the online help Tips for performance control When specifying the value for the process limit PROC LIM and the connection limit CONN LIM you must consider the following points e A low value for the process limit means that the requests are
363. rconnect with other FTP servers With the integrated FTAC function openFT offers extended admission and access protection FTAC stands for File Transfer Access Control 1 2 Target group This manual contains the information which is needed by openFT and FTAC administrators of Windows systems for their work and which is not included in the User Guide For general information on file transfer and file management you will also need the User Guide Further literature is listed in the references 12 openFT Windows Administration Preface Concept of manuals 1 3 Concept of openFT for Windows manuals The complete description of openFT and its optional components comprises four manuals The description is divided among the manuals as follows e openFT for Windows systems Installation and Administration The system administrator manual is intended for FT FTAC and ADM admin istrators It describes the installation of openFT and its optional components the operation control and monitoring of the FT system and the FTAC environment the administration commands for FT and FTAC administrators the configuration and operation of a remote administration server and a ADM trap server e openFT for Windows systems Managed File Transfer in the Open World The user manual is intended for the openFT user and describes the basic functions of the openFT product family the conventions for file transfers to compu
364. reasons only the first 32 characters or 42 characters in the case of ftexecsv preprocessing of a preprocessing or postprocessing command are transferred to the log record By arranging the call parameters appropriately or by inserting blanks you can influence which command parameters do not appear in the log 6 33 1 2 Short output format of a FT or FTAC log records Example The option rt tc causes only FT and FTAC log records to be output ftshwl rt tc nb 10 TYP LOG ID TIME RC PARTNER INITIAT PROFILE USER ADM FILENAME 2009 11 27 T 3302 14 42 27 0000 lt pitti REMOTE DOMAIN1 Tracel txt C 3301 14 42 27 0000 lt pitti REMOTE profil0l DOMAIN1 Tracel txt CCD 3300 14 16 41 0000 lt pitti REMOTE thomasw D aktuell T 3299 14 03 48 0000 lt pitti REMOTE peter readme txt T 3296 14 02 32 0000 gt pitti smith smith C fO1l txt C 3294 14 02 07 0000 gt pitti miller miller C rme txt T 3292 13 56 07 0000 gt pitti REMOTE DOMAIN1 ftexecsv ftshwo b a u T 3289 09 09 10 2072 gt cog2 te miller miller tw txt 3287 08 51 29 2072 gt cog2 te DOMAINI1 DOMAIN1 tw txt 3286 09 46 34 0000 lt servus DOMAINI1 DOMAIN1 CMDOUT openFT Windows Administration 279 ftshwl output openFT commands Explanation TYP Comprises three columns The first column specifies whether the log record is an FT or FTAC log record T FT log record C FTAC log record The second and third column identify
365. request and attempts to execute the resulting command For example if this option is specified as sp print and the request specifies file name as follow up processing FTAC executes print file name as follow up processing Prefix and suffix and follow up processing command must together not be longer than 1000 characters Please also bear in mind the information provided on the s option If a prefix was defined with sp the character set available for specifying follow up processing in the FT request is restricted to alphanumeric characters letters and digits the special characters _ a period between alphanumeric characters lsp not specified FTAC adds no prefix to the follow up processing specified in the request in the event of successful file transfer lss command3 lss defines a suffix for follow up processing in the local system in the event of successful file transfer FTAC then appends the character string command3 to the follow up processing specified in the FT request and attempts to execute the resulting command For example if this option is specified as ss file name and the request specifies print as follow up processing FTAC executes print file name as follow up processing Prefix and suffix and follow up processing command must together not be longer than 1000 characters Please also bear in mind the information provided on the s option If a suffix was d
366. requests in the WAIT Average Current state value number StRqhd Number of requests in the HOLD Average Current state value number StRqsp Number of requests in the Average Current SUSPEND state value 2 number StRalk Number of requests in the Average Current LOCKED state value number StRafi Number of requests in the x Average Current FINISHED state value 2 number StCLim Maximum number of connections Value currently set Upper limit for the number of connections established for asynchronous requests StCAct Number of occupied connections Share of Current for asynchronous requests StCLim in number 3 StRqLim Maximum number of requests Value currently set Maximum number of asynchronous requests in request management StRqAct Entries occupied in request Share of Current management StRqLim in number 3 StOftr openFT Protocol ON activated activated deactivated OFF deactivated 302 openFT Windows Administration openFT commands ftshwm Monitoring values Name Meaning Output Output unit with a Formatted Raw only StFtmr FTAM protocol ON activated activated deactivated OFF deactivated StFtpr FTP protocol ON activated activated deactivated OFF deactivated StTrer Trace x ON activated activated deactivated OFF deactivated 1 Maximum value of the monitoring interval time elapsed since the last time the monitoring values were queried or since the start of monitoring
367. rmat in which the ADM adminis trator defines the configuration In principle you can create the file on any system using a text editor It is however advantageous if you work on the future remote administration server and use an XML editor for instance the free XML editor XML Notepad 2007 from Microsoft If you do this you can use the supplied template complete with schema so that your entries are immedi ately checked See Using the XML template and XML schema Describing the configuration data in XML format provides a simple way to represent a complex configuration clearly by forming groups In the configuration file you define e the configuration see page 105 e the remote administrators see page 107 e the openFT instances and groups of instances to be administered by these remote administrators see page 109 e the remote administration permissions that the remote administrators have on each of the openFT instances access list see page 114 The ADM administrator must then import the configuration file into the remote administration server using the ftimpc command See page 117 The ftexpc command see page 189 allows you to create an XML file from the internal configuration data again at any time in order to modify the configuration for instance The structure of the XML file is described in the following sections An exhaustive example is given in the section Example of an XML configuration file on page 133
368. rtner system pts Deactivates the ADM traps on the status of the partner system ptu Activates the ADM traps if a partner system is not available ptu Deactivates the ADM traps if a partner system is not available tpc a tpc n tpc Console trap list comma separated You use tpc to activate and deactivate console traps In Unix and Windows systems console traps are written to the openFT file conslog In Unix BS2000 and z OS systems they are also output at the console and in Windows systems they are also written to the event log For tpc you can enter the following values 214 openFT Windows Administration openFT commands ftmodo a all All traps are written n none No traps are written sss Activates traps relating to the status of the openFT subsystem sss Deactivates traps relating to the status of the openFT subsystem fts Activates traps relating to the status of the asynchronous server fts Deactivates traps relating to the status of the asynchronous server rqs__ Activates traps relating to the status of the request queue rqs_Deactivates traps relating to the status of the request queue rqc__ Activates traps on the successful termination of a request rqc_ Deactivates traps on the successful termination of a request rqf Activates traps on the unsuccessful termination of a request rqf Deactivates traps on the unsuccessful termination of a request pts Activates traps relating to the
369. rver or on another openFT instance In the second case they must specify a corresponding FTAC transfer admission on the remote administration server The attributes of the remote administrators and the address and access data of the openFT instances to be administered are defined in a central configuration file on the remote administration server Access to the openFT instances to be administered is controlled by special admission profiles that are set up on the instances To this end the following commands have been introduced or enhanced e New command ftadm for administering the openFT instances e New commands ftimpc and ftexpc for importing and exporting the configuration data on the remote administration server e New command ftshwc that allows remote administrators to view the instances they are allowed to administer e The ftmodo command has been expanded to allow the properties of the remote administration server to be defined e The ftcrep and ftmodp commands have been expanded to allow the admission profiles for remote administration to be defined e The ftshwi command has been expanded to make it possible to select on the basis of the new administration log records and their properties The openFT Explorer also makes these functions available and has been expanded accordingly 14 openFT Windows Administration Preface Changes since the last version ADM traps ADM traps event driven short messages can
370. rwise If the destination file did not exist it is created NEW A new destination file is created and written COMPRESS This specifies whether the file should be transferred with data compression Possible values BYTE ZIP NONE TRANSP Indicated whether the file is to be sent in transparent file format Possible values YES NO OWNER Local login name PARTNER Name or address of the partner see also page 40 PARTNER STATE Status of the partner Possible values ACT Activated DEACT Deactivated openFT Windows Administration 331 ftshwr openFT commands NOCON No connection for example because the openFT server has not been started in the remote system INSTERR An installation or configuration error has occurred the local system is not known to the partner for instance authentication of one of the partners has failed or the encryption is local or not available to the partner system SHORT A resource bottleneck has occurred on the partner PARTNER PRIO Prioritization of the partner when processing requests Possible values LOW The partner has low priority NORM The partner has normal priority HIGH The partner has high priority LOC Properties in the local system FILE File name in the local system TRANS ADM Transfer admission for the local system CCSN CCS name used in the local system The CCSN is only output for text files SUCC PROC Local follow up processing commands i
371. s NONE TransFile String ALLOWED NOT ALLOWED ModFileAttr String ALLOWED NOT ALLOWED ReadDir String ALLOWED NOT ALLOWED FileProc String ALLOWED NOT ALLOWED RemAdm String ALLOWED NOT ALLOWED AccAdm String ALLOWED NOT ALLOWED Text String Value enclosed in double quotes NONE 372 openFT Windows Administration Appendix Structure of CSV Outputs Column Type Values DataEnc String NRES YES NO ModDate yyyy mm dd Value hh mm ss AdmTrapLog String ALLOWED NOT ALLOWED openFT Windows Administration 373 Structure of CSV Outputs Appendix 9 1 8 ftshwptn The following table indicates the CSV output format of a partner Column Type Values PartnerName String Value enclosed in double quotes Sta String ACT DEACT NOCON LUNK RUNK ADEAC AINACT LAUTH RAUTH NOKEY DIERR IDREJ SecLev String STD B P ATTR Value enclosed in double quotes Trace String FTOPT STD ON OFF Loc Number Value Rem Number Value Processor String Value enclosed in double quotes empty Entity String Value enclosed in double quotes empty NetworkAddr String Value enclosed in double quotes Port Integer Value PartnerCheck String FTOPT STD TRANSP ADDR AUTH AUTHM TransportSel String Value enclosed in double quotes empty LastAccessDate yyyy mm dd Value Sessi
372. s If csv is specified output is always in long form analogous to regardless of whether or not has also been specified csv not specified The FT profiles are output in the standard format i e in abbreviated form if l is not specified and in detailed form if is specified Examples 1 You are an FTAC administrator and want to view all the standard admission profiles on your system ftshwp s s n a 1 Output takes the following form STD TRANS ADM NOT SPECIFIED USER ADM john OWN FT FUNCTION TRANSFER FILE MODIFY FILE ATTRIBUTES READ FILE DIRECTORY LAST MODIF 2009 03 23 17 12 25 STD TRANS ADM NOT SPECIFIED RITE NEW FILE USER ADM dagobert OWN FT FUNCTION TRANSFER FILE LAST MODIF 2009 03 22 16 06 55 2 You are the FT administrator and wish to view the profile acctrap1 on the ADM trap server ftshwp acctrapl 1 Output takes the following form acctrapl USER ADM ADMINOO2 OWN FT FUNCTION ADM TRAP LOG LAST MODIF 2008 09 23 18 24 42 The value ADM TRAP LOG under FT FUNCTION in the acctrap profile means that the remote administration server can receive ADM traps with this profile openFT Windows Administration 315 ftshwp openFT commands 3 You are the ADM administrator and wish to view the ADM profiles on the remote administration server ftshwp s a adm 1 Output takes the following form acccentr
373. s Trace files process pid thid time PPE Interface trace files Here process is the name of the process which the command has executed pid the process ID as a hexadecimal number thid the thread ID as a hexadecimal number and time the time in milliseconds since the system start Explanation for protocol trace files oddhhmm Sssccc specifies the creation time of the protocol trace file Here o indicates the month 1 January 2 February A October B November C December dd the day hhmm the time in hours hh and minutes mm ssccc the time in seconds ss and milliseconds ccc PPPPP specifies the Process ID of the protocol trace file if Type Y iii is the index of the server process type S starting with 001 Trace files in case of errors Ifa trace file cannot be written without errors due to a memory bottleneck a message to this effect is output Ifa record of a server process trace file cannot be written as a result of an infringement of the maximum record length the trace file is closed and the subsequent records are written to a new continuation file with the additional suffix Liii e g 8101010 S33222 1001 fttf first trace file 8101010 S33222 1001 L001 fttf continuation file openFT Windows Administration 351 Trace files Diagnosis 8 1 3 Evaluating trace files with fttrace Trace files for all protocols openFT FTAM and ftp protocol are evaluated with the fttrace co
374. s enough as long as the basic function inbound send was disabled by the user but if it was disabled by the FTAC administrator it is also necessary that he she grant privi leged status to the FT profile n default value restricts the profile to the value in the admission set for the basic function inbound send iir y iir n iir ignore inbound receive allows the value for the basic function inbound receive in the admission set to be ignored for details see im y allows the basic function inbound receive to be used even if it is disabled in the admission set At the same time components of the basic function inbound file management can also be used see table at iif Specifying this option is enough as long as the basic function inbound receive was disabled by the user but if it was disabled by the FTAC administrator it is also necessary that he she grant privileged status to the FT profile n default value restricts the profile to the value in the admission set for the basic function inbound receive iip y iip n iip ignore inbound processing allows the value for the basic function inbound follow up processing preprocessing postprocessing in the admission set to be ignored for details see im y allows the basic function inbound follow up processing prepro cessing postprocessing to be used even if it is disabled in the admission set Specifying this option is enough as long as the basic functio
375. s for profile name Makes the admission profile the standard admission profile for the user ID If the admission profile previously had a transfer admission you must also specify tad n nn not specified leaves the profile name unchanged 224 openFT Windows Administration openFT commands ftmodp tad transfer admission n allows you to modify the transfer admission of an FT profile As the FTAC administrator you can also modify the transfer admissions for other login names if you have FT administrator privileges If the modified admission profile is a standard admission profile ftmodp s or nn s only tad n is permitted transfer admission The transfer admission must be unique within your Windows system so that there are no conflicts with transfer admissions defined by other FTAC users for other access permissions A binary transfer admission must be specified in hexadecimal format in the form x or X If the transfer admission you select has already been assigned FTAC rejects the ftmodp command and issues the message Transfer admission already exists n for transfer admission disables the old transfer admission n must be specified if you convert an admission profile that has a transfer admission to a standard admission profile using nn s transfer admission not specified tad causes FTAC to prompt you to enter the transfer admission after the command has been entered Your entry is not
376. s in the form yyyymmdd with yyyy for year mm for month and dd for day Note that for all date entries you may only specify values up to and including 20380119 January 19 2038 user ID User ID for accessing the required system maximum 64 characters 3 characters for hexadecimal format X The maximum length is system dependent In Unix systems a maximum of 32 characters with first 8 characters being unique in Windows systems a maximum of 36 characters command up to 1000 characters exception ftadm for follow up processing commands the commands for success and failure must not be longer than 1000 characters in total partner Name of the partner system in the partner list 1 to 8 characters or address of the partner system maximum 200 characters The address of the partner system is to be specified in the following form protocol host port tsel ssel psel For further details see section Specifying partner addresses on page 40 profile name alphanumeric a z A Z 0 9 up to 8 characters transfer admission the transfer admission usually consists of printing characters and may not start with a hyphen minimum 8 characters maximum 67 characters in Unix systems maximum 32 characters If a transfer admission consists of non printing characters then it must be specified in hexadecimal format in the form x or X 144 openFT Windows Administration openFT commands Nota
377. s to the protected system via file transfer openFT Windows Administration 423 Glossary FTADM protocol Protocol used for communication between two openFT instances in order to perform remote administration or transfer ADM traps FTAM 1 document type for text files FTAM 3 document type for binary files FTAM catalog The FTAM catalog is used to extend the file attributes available in Unix systems It is only relevant for access using FTAM For example a file can be deleted using the command erase on a Windows system even if the permitted actions parameter does not allow this FTAM file attributes All systems which permit file transfer via FTAM protocols must make their files available to their partners using a standardized description ISO 8571 To this end the attributes of a file are mapped from the physical filestore to a virtual filestore and vice versa This process distinguishes between three groups of file attributes kernel group describes the most important file attributes storage group contains the file s storage attributes security group defines security attributes for file and system access control FTAM partner Partner system that uses FTAM protocols for communication FTAM protocol File Transfer Access and Management Protocol for file transfer standardized by the International Organization for Standardization ISO ISO 8571 FTAM FTP partner Partner syste
378. sary Transport Name Service TNS Service used to administer properties specific to transport systems Entries for partner systems receive the information on the particular transport system employed transport protocol Protocol used on the transport layer transport selector T selector Subaddress used to address an ISO 8072 application in the transport layer transport system The part of a system or architecture that performs approximately the functions of the four lower OSI layers i e the transport of messages between the two partners in a communication connection Sum of the hardware and software mechanisms that allow data to be transported in computer networks Unicode The universal character encoding maintained by the Unicode Consortium This encoding standard provides the basis for processing storage and inter change of text data in any language in all modern software and information technology protocols The Unicode Standard defines three Unicode encoding forms UTF 8 UTF 16 and UTF 32 universal class number Character repertoire of a file in the virtual filestore UNIX Registered trademark of the Open Group for a widespread multiuser operating system A system may only bear the name UNIX if it has been certified by the Open Group Unix system Commonly used designation for an operating system that implements functions typical of UNIX and provides corresponding interfaces POSIX and Linux are a
379. scription is a string that describes the group in more detail The maximum length of the string is 100 bytes The following elements can be assigned to a group e Optional access list element with the tag lt AccessList gt You use the access list to define for the individual remote administrators the remote adminis tration permissions on the openFT instances that belong to this group and to any subsequent child groups For a detailed description of the access list refer to the section Defining an access list on page 114 e Optional group elements with the tag lt Group gt You can specify any number of groups By specifying further nested groups it is possible to represent the relationships between the groups hierarchically In this event the total path length must not exceed 200 bytes See the note on page 106 openFT Windows Administration 109 Remote administration Central administration e Optional instance elements with the tag lt Instance gt for the openFT instances that belong to this group You can define up to 5000 instances in a single configuration Specification of the group and instance elements within a group is optional but a group must contain a least one further group or one instance Example lt Configuration Xeno lt AdministratorID gt lt Group Name Muenchen Description Computer Center Muenchen gt lt Group Name MCH1 Description Computer Center Muenchen Schwabing gt
380. se contact ssl core openssl org ucts derived from this software may not be called OpenSSL nor OpenSSL appear in their names without prior written permis of the OpenSSL Project stributions of any form whatsoever must retain the following owledgment s product includes software developed by the OpenSSL Project use in the OpenSSL Toolkit http www openss org FTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS AND ANY ED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ARE DISCLAIMED IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS UTORS BE LIABLE FOR ANY DIRECT DIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCURE PROFITS OF LIAB ING NEG SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE ENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY ILITY WHETHER CONTRACT STRICT LIABILITY OR TORT INCLUD LIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS 20 openFT Windows Administration Preface License provisions This product includes cryptographic software written by Eric Young eay cryptsoft com This product includes software written by Tim Hudson tjh cryptsoft com Original SSLeay Li
381. sender verification on a partner specific basis These settings only affect partners which are connected via the openFT protocol and do not operate with authentication e g partners with openFT V8 0 or earlier 242 openFT Windows Administration openFT commands ftmodptn i identification Deactivates checking of the transport address Only the partner s identification is checked The partner s transport address is also not checked even if extended sender verification is globally active see the ftmodo command on page 204 a address Activates checking of the transport address The partner s transport address is checked even if checking of the transport address is globally deactivated see ftmodo command on page 204 If the transport address under which the partner logs on is not the same as the entry in the partner list then the request is rejected neither i nor a specified ptc without parameters means that the operating system parameters apply to sender verification ptc not specified The setting for sender verification is unchanged sl 1 100 sl p sl You use this option to assign a security level to the specified partner system or to all the partner systems A low security level means that the need for protection vis a vis this partner is low for instance because the partner s identity has been authenticated using cryptographic methods which means that you can be certain that the partner is g
382. sense if the local openFT instance is flagged as a remote administration server ftmodo admcs y command ff l may only be specified by the FT administrator c client access The admission profile is allowed to be used for the access to remote administration server function ADM profile This allows a remote administrator on a remote computer to use this profile to access the local remote administration server and issue remote administration requests The local openFT instance must be flagged as a remote administration server ftmodo admcs y command jf c may only be specified by the ADM administrator lil The value c must not be combined with any other value In addition an FT profile created with ff c cannot be changed into a FT profile using the other FT functions t m p ta orl and vice versa No function specified Specifying ff allows you to undo any specification with regard to the functions All file transfer functions are then permitted corresponds to tmpr but not the remote administration functions a c and ADM trap functions J openFT Windows Administration 231 ftmodp openFT commands ff not specified The previous specification with respect to the functions remains unchanged dir f dir t dir ft specifies for which transfer direction s the FT profile may be used Possible values for the direction f t ft tf f allows data transfer only from a partner system to the local sy
383. sign the default instance a separate address in order to avoid address clashes e Modifying an instance You can assign a different Internet host name to an instance with the ftmodi command openFT Windows Administration 61 Using openFT in a cluster Tasks of the administrator Please note If you assign the default instance std a host name local requests to the address 127 0 0 1 used for test purposes for instance are no longer possible e Deactivating an instance You can deactivate an instance with the ftdeli command Deactivating an instance in this manner only removes the instance from the openFT instance management The instance file tree is not changed e Setting up an instance You can select the openFT instance you want to work with using the ftseti command The command sets the OPENFTINSTANCE environment variable to the name of the instance You can also set up the instance via the openFT Explorer As soon as there is more than one instance then a list appears in the openFT Explorer from which you select the instance e Outputting information on instances You can query information on the instances using the ftshwi command e Updating an instance file tree Using the ftupdi command you can modify the instance file tree of an older version of openFT for use in the current version That is only necessary for instances that were not active at the time of an update installation il You will find deta
384. sing and postprocessing e For FTAC profiles that are only to be used for getting monitoring data specify the filename prefix FTMONITOR The functions of the profile must permit File Preprocessing ff 1p For details see Example 3 on page 182 fnp not specified FTAC adds no prefix to the file name Is ls n ls command1 ls specifies follow up processing which is to be performed under your login name in the event that file transfer is successful If Is is specified no success follow up processing may be requested in the FT request Specifying s only makes sense if you also make an entry for f see below to preclude the possibility than an intentionally unsuccessful request can circumvent the s entry If you have defined a prefix for the file name with fnp and plan follow up processing for this file you must specify the complete file name here n for command If ls n is specified no success follow up processing is permitted in the event of a successful file transfer ls not specified or Is does not restrict follow up processing in the local system in the event of successful file transfer however see also sp or ss openFT Windows Administration 177 ftcrep openFT commands lsp command2 lsp defines a prefix for follow up processing in the local system in the event of successful file transfer FTAC then adds the character string command2 to the follow up processing specified in the FT
385. sion profile for an openFT instance lt V11 0 To allow remote administration an admission profile must be set up on the instance to be administered that permits the FT functions Transfer Files TRANSFER FILE and Pre Postprocessing FILE PROCESSING The same comments apply as for an openFT instance as of V11 0 see page 119 Example The FT administrator enters the following command for an admission profile for instance Unix or Windows system ftcrep profile name transfer admission ff tp Possible alternative using the openFT Explorer Open the Admission Profile dialog box for instance using File New Admission Profile and then in the Options tab activate the options Transfer Files and or Delete Files and File Processing BS2000 OSD CREATE FT PROFILE NAME profile name TRANSFER ADMISSION transfer admission F T FUNCTION TRANSFER FILE FILE PROCESSING z OS FTCREPRF NAME profile name TRANSFER ADMISSION transfer admission FT FUNCTION TRANSFER FILE FILE PROCESSING openFT Windows Administration 121 Remote administration Central administration 5 1 4 Issuing remote administration requests This section is intended for all remote administrators for whom specific permissions for remote administration have been specified in the configuration of the remote administration server Remote administrators can perform remote administration using commands see below or using the
386. specified the previous time restriction defined for the transfer admission remains unchanged u pr u pu using u you can control how FTAC reacts when someone attempts to assign an existing transfer admission to an FT profile Normally the transfer admission must be disabled immediately by designating it as private Transfer admissions that do not require as much protection can be designated as public This means that they are not disabled even when a user attempts to assign another transfer admission of the same name Possible values pr default value the transfer admission is disabled as soon as someone with another login name attempts to specify a transfer admission of the same name private In this case the u and d parameters are set to their default values at the same time 226 openFT Windows Administration openFT commands ftmodp pu the transfer admission is not disabled even if someone attempts to specify a transfer admission of the same name public u is ignored if the modified profile is a standard admission profile u not specified the previous setting remains unchanged priv y priv n This option is used by the FTAC administrator to grant privileged status to an FT profile y grants privileged status to the FT profile The FT administrator s entries in the admission set are ignored for requests executed with a privileged FT profile i e if the user uses the iml iis iir iip Or
387. ssing allows the value for the basic function inbound follow up processing preprocessing postprocessing in the admission set to be ignored for details see imi y allows the basic function inbound follow up processing prepro cessing postprocessing to be used even if it is disabled in the admission set Specifying this option is enough as long as the function was disabled by the user but if it was disabled by the FTAC administrator it is also necessary that he she grant privi leged status to the FT profile n restricts the profile to the value in the admission set for the basic function inbound follow up processing preprocessing postpro cessing iip not specified causes the values specified in the profile for the basic function inbound follow up processing preprocessing postprocessing to apply unchanged iif y iif n iif ignore inbound file management allows the values for the basic function inbound file management in the admission set to be ignored for details see iml y allows the basic function inbound file management to be used even if it is disabled in the admission set Specifying this option is enough as long as the basic function inbound file management was disabled by the user but if it was disabled by the FTAC administrator it is also necessary that he she grant privileged status to the FT profile n restricts the profile to the value in the admission set for the basic function inbound file
388. st to display directories lt The request is sent to local system This transfer connection is specified for areceive request a request to modify file attributes When a FTAM partner modifies the access rights of a local file two log records are written No direction is specified in front of PARTNER in this case arequest to delete files INITIAT Request initiator If initiated in the remote system REMOTE PROFILE Name of the profile used for file transfer only in FTAC log record USER ADM Login name to which the requests in the local system refer If a login name longer than 8 bytes was specified the first seven bytes are output followed by an asterisk FILENAME Local file name openFT Windows Administration 281 ftshwl output openFT commands 6 33 1 3 Short output format of an ADM log record Examples The option rt a causes only ADM log records to be output 1 Output ADM log records on a client ftshwl ftadmin rt a nb 5 TYP LOG ID TIME RC PARTNER INITIAT PROFILE USER ADM FILENAME 2009 06 19 A 39 04 30 35 0000 lt flexthom ftadmin ftadmin A 36 04 30 15 0000 lt flexthom ftadmin ftadmin A 33 04 29 49 0000 lt flexthom ftadmin ftadmin A 30 04 28 15 0000 lt flexthom ftadmin ftadmin A 27 04 22 56 0000 lt flexthom ftadmin ftadmin 2 Output ADM log record on the administered openFT instance ftshwl rt a TYP LOG ID TIME RC PARTNER INITIAT PROFILE USER ADM FILENAME 2009 06
389. status of partner systems pts Deactivates traps relating to the status of partner systems ptu Activates traps when a partner system is inaccessible ptu Deactivates traps when a partner system is inaccessible ccs CCS name You use CCS name to define a new character set which is represented by a code table This character set is then used as the new default value for transfer requests ft ncopy The code table specification is only relevant for requests to openFT partners Default value CP1252 Another character set can be explicitly assigned for ft and ncopy options lc and rc You can also define your own character set For details concerning CCS names and the associated code tables see section Administering code tables on page 28 openFT Windows Administration 215 ftmodo openFT commands acta a acta openft ftam ftp adm This option allows you to activate or deactivate the asynchronous inbound server You can activate the asynchronous inbound server for specific protocols openFT FTP FTAM ADM by specifying a comma delimited list of one or more protocol types a The asynchronous inbound servers are activated for all installed protocol types openft Activates the asynchronous inbound server for requests via the openFT protocol ftam Activates the asynchronous inbound server for requests via the FTAM protocol A warning is issued if the FTAM protocol is not installed ftp A
390. stem t allows data transfer only from the local system to the remote system It is thus not possible to create rename or delete direc tories ft tf transfer direction is not restricted in the profile dir not specified leaves the transfer direction entries in the FT profile unchanged pn partner1 partner2 You use pn to specify that this admission profile is to be used only for FT requests which are processed by a certain partner system You can specify the name of the partner system in the partner list or the address of the partner system For details on address specifications see section Specifying partner addresses on page 40 You can specify more than one partner system maximum 50 with a maximum total of 1000 characters partner I partner2 not specified pn Cancels a previous restriction defined for partner systems so that the FT profile can be used by every partner system pna partner1 partner2 pna adds one or more partner system s to the list of permitted partner systems Up to 50 partner systems can be entered in the list max 1000 characters If the list has been empty up to now then the profile is limited to the specified partner system s 232 openFT Windows Administration openFT commands ftmodp pnr partner1 partner2 pnr deletes one or more partner system s from the list of permitted partner systems Please note As soon as you delete the last partn
391. ster switching 61 code table EBCDIC DF 04 354 ISO 8859 1 355 collect monitoring data admission profile 182 Comma Separated Value CSV command 144 command syntax commands file management file transfer 140 instance concept log function 141 communication controller compression 420 computer network open 420 428 420 143 140 141 420 openFT not started 32 config xml 104 authentication 419 config xsd 104 authorization configuration 67 login 428 configuration data LOGON 428 save andrestore 65 448 openFT Windows Administration Index configuration file defining instances 111 schema 104 template 104 configure monitoring 45 CONN LIM recommendations 26 connection limit 26 connectivity 420 conslog 63 console commands message file for 63 console traps activating deactivating 213 214 constraint set 420 contents type 420 controlling diagnostics SNMP 91 openFT operation 26 convert to standard admission profile 224 correction version install 74 create FT profile ftcrep 167 instance 61 instance ftcrei 164 key pairset 166 sefault admission profile 168 create new key 92 CSV output format ADM traps 359 admission profile 371 admission set 357 general description 146 instances remote administration 360 log record 361 monitoring values 364 operating parameters 368 partner 374 partner properties 305 319 D data 421 data communication system 420 data compression 420 data encoding
392. synchronous jobs e State e g number of requests currently queued You must be an FT administrator in order to activate deactivate or configure monitoring If the asynchronous openFT server has been started and monitoring is activated ftmodo any user can call up the data and display it on the basis of certain criteria ftshwm 2 9 1 Configuring monitoring You use the ftmodo command page 204 or the openFT Explorer Administration Operating Parameters Trace tab to configure monitoring The following options are available e Activate and deactivate monitoring ftmodo mon e Select monitoring by partner type ftmodo monp e Select monitoring by request type ftmodo monr Once the settings have been selected they are retained until you explicitly change them This means that they also remain unchanged after the computer has been rebooted You can check the current settings with the ftshwo command The MONITOR row indicates whether monitoring is activated and shows any criteria used for selection openFT Windows Administration 45 Monitoring with openFT Tasks of the administrator 2 9 2 Displaying monitoring data You can call up the monitoring data at any time provided that monitoring is activated and the asynchronous openFT server is started You can output the data into different ways e Using the command ftshwm ftshwm outputs the monitoring data in the form of tables that you can further process
393. t ADM trap src partner src allows you to specify that only those ADM traps are to be displayed that originate from a specific partner You can specify the name from the partner list or specify the partner address src not specified The partner name is not used as a selection criterion tt fts pts ptu rqc raf l irqs tt allows you to specify the type of ADM traps to be output You can specify several values separated by commas fts All ADM traps are output that indicate that the asynchronous openFT has started FT START or stopped FT STOP pts All ADM traps are output that indicate a status change of a partner system PART STATE ptu All ADM traps are output that indicate that a partner system may not be reachable PART UNREA raqs All ADM traps are output that indicate that the amount of requests in the request queue has reached a limit of at least 85 RQ LIM HIGH or has fallen below a value of 80 RQ LIM LOW rqf All ADM traps are output that indicate failed transfer TRANS FAIL rac All ADM traps are output that indicate successful transfer TRANS SUCC tt not specified The ADM trap type is not used as a selection criterion nb 1 9999999 a nb allows you to specify the number of ADM traps to be output a for number nb a outputs all ADM traps that meet the specified selection criteria openFT Windows Administration 261 ftshwatp openFT commands nb no
394. t Request id gt not found Meaning The request with the transfer ID lt Request id gt could not be found Measure Specify the existing transfer ID and repeat the command 48 Active requests could not yet be deleted 49 CCS name lt 1 gt unknown 50 ftscript process could not be started 51 Error displaying an ftscript user 52 ftscript user number limit exceeded 53 ftscript chapter not found 54 ftscript id not found 55 ftscript file not found 56 _ftscript request is still running 57 Inbound requests cannot be modified 58 The ADM trap server configuration is invalid 410 openFT Windows Administration Appendix Messages for administration commands 59 60 61 62 63 monitoring is not active Meaning The command is only supported if monitoring is activated Measure Activate monitoring in the operating parameters and repeat the command File could not be created Meaning The command was not executed because the local file could not be created Measure Check the directory and access rights Repeat the command Higher level directory not found Meaning The local file could not be created when exporting the configuration data because the specified path does not exist Measure Create or correct the path for the configuration file and repeat the command File already exists Meaning The command was not executed because the specified file already exists Measure Either delete the existing conf
395. t instance is unknown or the disk space allocated is insufficient to allow creation of the request file the file for storing trace data or the key files Measure Either create the Config user ID or increase its disk space allocation or have your system administrator do it Specified file is not a valid trace file openFT could not be started Partner with same attribute lt attribute gt already exists in partner list Meaning There is already a partner entry with the same attribute lt attribute gt in the partner list Measure The attribute lt attribute gt in partner entries must be unique Correct the command accordingly and try again Maximum number of partners exceeded Meaning The partner list already contains the maximum permissible number of partner entries Measure Delete partners that are no longer required openFT Windows Administration 409 Messages for administration commands Appendix 45 No partner found in partner list Meaning A partner for the specified selection could not be found in the partner list Measure Check if the specified partner name or address was correct If necessary repeat the command using the correct name or address 46 Modification of partner protocol type not possible Meaning The protocol type of the partner entry cannot be changed subsequently Measure Delete the partner from the partner list if necessary and enter it again with a new protocol type 47 Request l
396. t specified If nb is not specified the output will depend on whether rg has also been specified or not If rg is specified all ADM traps that meet the specified selection criteria are output corresponds to nb a If rg is not specified then only one ADM trap is output corresponds to nb 1 l l specifies that the ADM traps are to be output in detailed format csv csv specifies that the ADM traps are to be output in CSV format The values in the output are separated by semicolons csv must not be specified at the same time as Neither nor csv specified The ADM traps are output in the default short format 262 openFT Windows Administration openFT commands ftshwatp Output 6 29 1 Description of the output of ADM traps When you output ADM traps using the ftshwatp command you can select between a short concise output format a long detailed output and finally output in CSV format for further processing in external programs The ADM traps are identified by trap IDs These IDs are assigned in ascending sequence For technical reasons the numbering sequence may contain gaps The sequence of entries in the ADM trap log file does not always correspond to the temporal sequence in which the ADM traps occurred on the system concerned Searching for records according to particular selection criteria can therefore take a long time because it is in principle necessary to read in all the entries
397. tching clusters 61 switching the language interface 37 symbolic link 176 symbolic name 379 384 synchronous request 436 sysatpf 130 system 436 local 427 437 remote 433 437 system parameters SNMP 89 system wide actions 142 T T selector 438 TCP IP 437 timestamp updating on admission profile 239 TLS 54 TNS addressing options 41 TNS Transport Name Service TNS entries automatically created 381 checking 344 cluster configuration 380 trace 63 349 activating deactivating 211 for asynchronous requests 212 for locally submitted requests 212 for remotely submitted requests 212 for synchronous requests 212 partner specific 349 preparing 352 438 458 openFT Windows Administration Index trace files 349 evaluate 352 preparing 63 trace function activating deactivating 211 transfer admission 144 437 outputting ADM trap server 305 transfer unit 437 Transmission Control Protocol TCP 437 transport connection 437 transport layer 437 Transport Layer Security 54 Transport Name Service addressing options 41 Transport Name Service TNS 438 transport protocol 438 transport selector 438 partner computer 42 transport system 438 U Unattended installation 75 universal class number 438 UNIX TM 438 update installation 67 user data encrypt 79 userID 144 using disabled basic functions 171 V variable length record 439 virtual filestore 439 VisibleString 419 439 W WAN Wide Area Network
398. te Description The value of the attribute Description is a string that describes the configuration data in more detail The maximum length of the string is 100 bytes Example lt Configuration Version 1100 Description Configuration for central server MCHSRVO1 gt Eoas E lt Configuration gt Elements of a configuration A configuration contains the following elements e Atleast one administrator ID element with the tag lt AdministratorID gt for defining a remote administrator You can define up to 100 remote adminis trators For a detailed description refer to the section Defining remote administrators on page 107 e Optional access list element with the tag lt AccessList gt You use an access list to define the administration permissions on the openFT instances for the individual remote administrators For a detailed description of the access list refer to the section Defining an access list on page 114 openFT Windows Administration 105 Remote administration Central administration e Optional group elements with the tag lt Group gt Groups can be nested thus allowing the geographical or organizational structure of a company to be represented for instance The maximum nesting depth is limited See the note on page 106 For a detailed description of a group refer to the section Defining groups and openFT instances to be administered on page 109 e Atleast one instance element with th
399. te openFT ftstop and delete the log file You can for instance use the Windows Explorer in order to do this The log file is stored under the name syslog and is located in the log directory of the relevant openFT instance see also Instance directory on page 68 In the case of the default instance under Windows XP the pathname is openFT installation directory var std log syslog This means that you lose all log records access to the admission set and admission profile file causes errors or if this file is defective The possible reasons are 1 Manual access to sysfsa dat and or sysfsa idx These files are located in the respective openFT instance directory under config see Instance directory on page 68 2 System crash with sysfsa open Possible solutions Attempt to export import Use ftexpe to export the data to a backup file Then shut down the openFT server with ftstop delete sysfts dat and sysfsa idx and restart openFT with ftstart Import the data by from the backup file using ftimpe Try to repair the ISAM index file with dcheck the example is valid for the standard instance on Windows XP dcheck b C Program Files openFT var std config sysfsa It may be necessary to delete the index file explicitly If the data file sysfsa dat is empty then no data is lost As a result both ISAM files can be deleted with openFT stopped and can then be initialized before ftstart by using the ftshwa com
400. tection against a partner system 434 openFT Windows Administration Glossary send file File in the sending system from which data is transferred to the receive file sending system Here FT system that sends a file This may be the local system or the remote system server Logical entity or application component which executes a client s requests and assures the coordinated usage of all the generally available services File Print data base Communication etc May itself be the client of another server service As used in the OSI architecture a service is the set of functions that a service provider makes available at a service access point As used in the client server architecture a set of functions that a server makes available to its clients Term used in Windows A program routine or process used to perform a particular system function to support other programs in particular on a low level hardware related service class Parameter used by FTAM partners to negotiate the functions to be used session In OSI the term used for a layer 5 connection In SNA a general term for a connection between communication partners applications devices or users session selector Subaddress used to address a session application shell metacharacters The following metacharacters have special meanings for the shell Windows command prompt lt gt amp amp amp
401. tely are cancelled Ir rl Both local and remote requests are cancelled ini not specified The initiator is not used as a selection criterion corresponds to r or rl pn partner You use pn to specify the partner system for which you want to cancel requests Partner is the name or address of the partner system You should specify the partner in the same form as in the request allocation or as in the output from the ftshwr command fn file name You use fn to specify the name of the file for which requests are to be cancelled Requests which access this file in the local system are cancelled You must specify the file name which was used when the request was issued and which is output for the ftshwr command Wildcards are not permitted in file names request ID1 request ID2 request ID3 a For request ID enter the number of the request to be cancelled Leading zeros may be omitted The request identification request ID may be obtained from the request receipt acknowledgment displayed on the screen or using the ftshwr command if you have forgotten the request ID You can also specify a number of request identifications at the same time If in addition to request ID you specify other selection criteria a request with the specified request ID is only cancelled if it also satisfies the other conditions 162 openFT Windows Administration openFT commands ftcanr a specified as request ID a selects all requests
402. tem or remote system under which this FT request is executed The owner is always the ID under which the request is submitted not the ID under which it is executed partner gt S partner system partner list File containing specifications concerning remote systems FT systems partner system Here FT system that carries out FT requests in cooperation with the local system password Sequence of characters that a user must enter in order to access a user ID file job variable network node or application The user ID password serves for user authentication t is used for access control The file password is used to check access rights when users access a file or job variable It is used for file protection purposes permitted actions File attribute in the virtual filestore attribute of the kernel group that defines actions that are permitted in principle port number Number that uniquely identifies a TCP IP application or the end point of a TCP IP connection within a processor POSIX Portable Open System Interface Board and standards laid down by it for interfaces that can be ported to different system platforms postprocessing openFT makes it possible to process the received data in the receiving system through a series of operating system commands under the process control of openFT in contrast to follow up processing 430 openFT Windows Administration Glossary preprocessing The
403. ters running different operating systems details on implementing FTAM the openFT user commands the openFT Script commands the messages of the different components e openFT for Unix systems and Windows systems C Program Interface This manual is intended for C programmers and describes the C program interface on Unix systems and Windows systems e openFT for Unix systems and Windows systems openFT Script Interface This manual is intended for XML programmers and describes the openFT Script commands the XML statements for the openFT Script interface Many of the functions described in the manuals are also available in the openFT graphical interface the openFT Explorer A detailed online help system that describes the operation of all the dialogs is supplied together with the openFT Explorer The online help system also contains a complete description of the openFT commands openFT Windows Administration 13 Changes since the last version Preface 1 4 Changes since the last version This section describes the changes in openFT V11 0 for Windows compared to openFT V10 0 for Windows Remote administration openFT instances from different platforms can be administered using a remote administration server that can run on a Unix or Windows system Remote administrators are defined for this purpose These remote administrators can enter the administration requests on the remote administration se
404. tes private and not privileged admzy adm n specifies whether or not the ADM profiles i e FT profiles with the property access to remote administration server corresponding to ftcrep ff c are to be imported Possible values are y default value all ADM profiles are imported This option is permissible only if an ADM administrator is configured on the target computer n no ADM profiles are imported Example The admission set and FT profiles of the login name donald were saved to the file fracsave with ftexpe They are to be imported to another system under the same login name ftimpe ftacsave u donald As the FTAC administrator you may receive the following messages for example OWNER NAME donald secretl FT profile already exists secret2 These messages indicate that donald has already created the FT profiles secret and secret2 on the new system and these profiles were therefore not imported Note If after import you wish to delete an admission set for a login name that does not exist on your computer enter the command ftmoda Wlogin name ml s This situation can occur when you use ftexpe to incorporate into your system a file that has been created on a different host openFT Windows Administration 197 ftmoda openFT commands 6 19 ftmoda Modify admission sets ftmoda stands for modify admission set As the FTAC administrator you can use this command to define settings for the st
405. th openFT FTAM up to V10 As of openFT FTAM V11 for Windows the default value has been changed to FTAM and can therefore be omitted ssel Session selector under which the file transfer application is accessible in the partner system You can specify the selector in printable or hexadecimal format Oxnnnn Length 1 through 10 characters alphanumeric characters and the special characters _ are permitted A printable selector is encoded in ASCII with a variable length in the log Default value empty psel Only relevant for FTAM partners Presentation selector under which the file transfer application is available in the partner system You can specify the selector in printable or hexadecimal format Oxnnnn Length 1 through 10 characters alphanumeric characters and the special characters _ are permitted A printable selector is interpreted as ASCII with a variable length in the log Default value empty Examples The partner computer with the host name FILESERV is to be addressed over different protocols connection types Connection type protocol Address specification openFT partner FILESERV FTAM partner ftam FILESERV BS2000 Windows or Unix system with default setting as of V11 0 FTAM partner Windows system with ftam FILESERV SNI FTAM default setting up to V10 0 Third party FTAM partner ftam FILESERV 102 tsel ssel psel FTP partner ftp FILESERV o
406. th the distribu tion 3 All advertising materials mentioning features or use of this soft ware must display the following acknowledgement This product includes cryptographic software written by Eric Young eay cryptsoft com The word cryptographic can be left out if the rouines from the ibrary being used are not cryptographic related i openFT Windows Administration 21 License provisions Preface THI IMP If you include any Windows specific code or a derivative thereof fro acknowledgement This product incl soft com S SOFTWARE IS PROV LIED WARRANTIES udes software written by Tim H CL RANTIES OF MERCHANTABILI DIS ANY TIA GOO RUP CON WIS ADV The sio not Lin CLAIMED IN DIRECT IND L DAMAGES I DS OR SERVICES TION HOWEVER CAUS RACT STRICT LIAB E ARISING IN ANY SED OF THE POSSIB distr O EVE IRECT CLUDI and vati li no si cluding cence r deri TS G ILI AY ILI TY AN DED BY ERIC YOUNG UDING HALL 1 D FII the apps directory application code you m AS IS A ust include an udson tjh crypt D ANY EXPRESS OR BUT NOT LIMITED NESS FOR A gt TO PARTICULAR PU LIED WAR RPOSE ARE THE IMP HE AUTHOR OR CO INCIDENTAL BUT NOT LI LOSS OF US ED AND O SPECIAL EX ITED TO P TA OR PRO THEORY OF DAT ANY C Y 0 ib
407. the FT function empty transfer file c read file attributes only in the FTAC log record delete file only in the FTAC log record OU gt create file only in the FTAC log record possible only for transfer requests issued in the remote partner system modify file attributes only in the FTAC log record R read directory only in the FTAC log record CD create directory only in FTAC log record DD delete directory only in FTAC log record MD modify directory attributes only in FTAC log record L Login Failed inbound FTP access only in FTAC log record LOG ID TIME RC Log record number specifies time when the log record was written Reason code Specifies whether a request was successful RC 0 or if not why it was rejected or cancelled Additional information on the reason code is available using the fthelp command PARTNER Provides information about the partner system involved The name in the partner list or the address of the partner system possibly truncated to 8 characters or the name under which the partner system is entered in the TNS is output The name or address of the partner system is preceded by an identifier to indicate the direction of the request 280 openFT Windows Administration openFT commands ftshwl output gt The request is sent to partner system This transfer direction is specified for a send request a request to display file attributes a reque
408. the German Austria EBCDIC character set defined by IBM 28 openFT Windows Administration Tasks of the administrator Administering code tables Name of the CCS Meaning IBM500 for the International EBCDIC character set defined by IBM IBM1047 for the OpenExtensions EBCDIC character set defined by IBM CP437 for the English USA OEM character set defined by Microsoft CP720 for the Arabic OEM character set character set defined by Microsoft CP737 for the Greek OEM character set defined by Microsoft CP775 for the Lettish OEM character set defined by Microsoft CP850 for the Western Europe OEM character set defined by Microsoft CP852 for the Polish OEM character set defined by Microsoft CP855 for the Serbian OEM character set defined by Microsoft CP857 for the Turkish OEM character set defined by Microsoft CP858 for the OEM character set CP850 with the Euro symbol defined by Microsoft CP862 for the Hebrew OEM character set defined by Microsoft CP866 for the Cyrillic OEM character set defined by Microsoft CP874 for the Thai Windows character set defined by Microsoft CP1250 for the Central Europe Windows character set defined by Microsoft CP1251 for the Cyrillic Windows character set defined by Microsoft CP1252 for the Western Europe Windows character set with the Euro symbol defined by Microsoft openFT Windows Administration 29
409. the corresponding commands in the Administration menu of the openFT Explorer to stop and subsequently start the server The changes take effect immediately The new configuration is displayed in the openFT Explorer if you choose the Update command from the context menu of the relevant remote administration server 5 1 3 Configuring an openFT instance to be administered The remote administration server uses FTAC transfer admissions to access the openFT instances These must be entered in the configuration file when defining the openFT instance See page 111 This means that the appropriate admission profiles must be defined in the openFT instances from which administration is being carried out The properties of this profile depend on the version of the openFT instance to be administered 5 1 3 1 Configuring an admission profile for an openFT instance as of V11 0 To allow remote administration an admission profile with the function Remote Administration REMOTE ADMINISTRATION must be set up on the instance to be administered The following cases must be distinguished e An admission profile with the permission FT FT access for reading and modification or FTOP FT access for reading must belong to the FT admin istrator e An admission profile with the permission FTAC FTAC access for reading and modification must belong to the FTAC administrator e An admission profile with the permission FT FTAC FT and FTAC access for readin
410. the value nb rc 0 ffff f Defines the reason code as a selection criterion for log record output O ffff All log records with a specified reason code are output f Alllog records with reason codes other than 0000 are output This criterion yields a list of log records for all requests terminated with error messages rc not specified The reason code is not a selection criterion l Defines that the log records are to be output in long form 1 not specified The log records are output in short form if csv has not been specified csv You can use csv to specify that the log records are to be output in the CSV format The values in the output are separated by semicolons If csv is specified output is always in long form analogous to regardless of whether or not has also been specified csv not specified The log records are output in the standard format i e in abbreviated form if Z is not specified and in detailed form if is specified tid request id tid specifies the request number for which you want to output the log records tid not specified The request id is not a selection criterion openFT Windows Administration 277 fishwl openFT commands adm administrator id adm specifies the administrator ID for which you want to output the ADM log records adm not specified The administrator id is not a selection criterion ri routing info ri specifies the routing information
411. their profile if they have stored their user password in openFT The ftsetpwd command is available for this purpose see page 253 Alternatively choose the User Password command from the Administration menu of the openFT Explorer Format ftcrep h lt profile name 1 8 gt s lt transfer admission 8 36 gt n ua lt user ID 1 36 gt lt password 1 64 gt n v y v n d yyyymmdd u pr u pu priv y priv n iml y iml n iis y iis n iir y iir n iip y iip n iif y iif n ff t m p rllal ff c dir f dir t dir ft pn lt partner 1 200 gt lt partner 50 1 200 gt pn fn lt file name 1 512 gt fn fnp lt file name prefix 1 511 gt ls ls n ls lt command1 1 1000 gt lsp lt command2 1 999 gt lss lt command3 1 999 gt If If n lf lt command4 1 1000 gt lfp lt command5d 1 999 gt lfs lt command6 1 999 gt wm o wm n wm e wm one c y c n txt lt text 1 100 gt openFT Windows Administration 167 ftcrep openFT commands Description h Displays the command syntax on the screen Entries after the h are ignored profile name s is the name you wish to assign to the FT profile This name can be used to address the FT profile for example when it is to be modified or deleted Be sure not to confuse the profil
412. ther systems it may also be a symbolic name e g eth0 The scope ID can be identified using the ipconfig command Default value 1100 for openFT partners tsel A different default value can also be set in the operating parameters using ftmodo ftstd 4800 for FTAM partners 21 for FTP partners 11000 for ADM partners Transport selector under which the file transfer application is available in the partner system The transport selector is only relevant for openFT and FTAM partners You can specify the selector in printable or hexadecimal format Oxnnnn The specification will depend on the type of partner openFT partner Length 1 through 8 characters alphanumeric characters and the special characters are permitted A printable selector will be coded in EBCDIC in the protocol and may be padded with spaces internally to the length of eight characters Default value FJAM FTAM partner Length 1 to 10 characters a printable selector will be coded as variable length ASCII in the protocol Exception T selectors that start with FTAM default value are coded in EBCDIC and padded with spaces to the length of 8 characters All alphanumeric characters and the special characters _ and can be used with ASCII selectors 42 openFT Windows Administration Tasks of the administrator Administering partners Default value FTAM Note As a rule SNI FTAM must be specified for Windows partners wi
413. tics information of the instance and view the properties If you expand the subtree of an instance the icons for all the administration objects of the instance are displayed E amp Test_system E NN Admission Profiles FI Admission Sets f Ftscript Requests Logging Partner List zj Request Queue ge Traces Administration objects of an instance in the openFT Explorer You can administer these objects of the instance Test_system in the example in the same way as you would normally do locally with openFT For further details refer to the online Help system openFT Windows Administration 127 Remote administration Central administration 5 1 5 Logging remote administration ADM log records are created in each of the openFT instances involved when remote administration requests are issued ADM log records are explicitly flagged as being of a particular type A They are handled in a similar way to FT or FTAC log records i e you can e view ADM log records with the ftshwl command see the section ftshwl Display log records on page 272 e and you can delete ADM log records with the ftdell command provided that you have the appropriate permission see the section ftdell Delete log record on page 185 Alternatively you can also view and delete ADM log records using the openFT Explorer Logging object directory in the object tree Controlling ADM logging The FT administra
414. ties 319 SEC OPTS 284 291 Secure FTP 54 434 security attributes 434 security group 424 434 security level 434 defining default 208 fttrace 352 security measures 57 sefault admission profile creating 168 send file 435 sender verification setting 209 sending system 435 sequence entries in the command 145 server 435 service 435 service class 435 session 435 openFT Windows Administration 457 Index session selector 435 partner computer 43 setting up an instance 62 shell metacharacters 435 shell procedure partner properties 319 Simple Network Management Protocol SNMP 436 simultaneous requests number of 26 SNA network 435 SNMP 85 cluster 86 diagnostics control 91 public key encrypting 92 SNMP Simple Network Management Protocol 436 special characters specify instance as remote administration server 207 specify name of the local systems 80 SSID 269 standard admission profile converting to 224 deleting 187 obtaining information 311 standard admission set 56 436 not saved 195 recommendation 57 standard error output stderr standard input stdin 436 standard output stdout 436 starting asynchronous openFT server 337 automatic openFT 81 openFT 32 statistical data SNMP 87 statistical information SNMP 90 status of openFT SNMP 87 stderr 436 145 436 436 stdin 436 stdout 436 stop asynchronous openFT server 338 storage group 424 436 string 436 string significance 436 swi
415. tion Tasks of the administrator Authentication 2 10 Authentication If data requiring an extremely high degree of security is to be transferred it is important that the respective partner system undergo a reliable identity check authentication before the transfer The two openFT instances that are engaged in a transfer must be able to mutually check each other using crypto graphic means to ensure that they are connected to the correct partner instance In versions of openFT after version 8 1 for Unix systems and Windows systems or version 9 0 for BS2000 and z OS an expanded addressing and authenti cation concept is supported This is based on the addressing of the openFT instances using a network wide unique ID and the exchange of partner specific key information When communicating with partners that are using openFT version 8 0 or older the functions described in the following are not usable The previous addressing concept is still supported for these partners for the sake of compat ibility In FTAM partners authentication is not available in this form since the FTAM protocol standardized by the ISO does not provide for comparable functionality 2 10 1 Instance Identifications Each openFT instance that works with authentication must be assigned a network wide unique instance identification instance ID The instance ID replaces the previous addressing of openFT instances using processor and applicatio
416. tion server replaces the shortest command names which are guaranteed by openFT by the full command names If this replacement of the command name causes the entire remote administration command to become longer than the maximum command length of 8192 characters the command is rejected 414 openFT Windows Administration Appendix Messages for administration commands 54 57 Measure Have the ADM administrator carry out the necessary adjustments to the configuration data or check the command Repeat the changed command if necessary Invalid command Meaning The specified command is not a command that is permitted to be executed on the specified system using the remote administration facility Measure Specifying an admissible command or add the missing routing information Repeat the command openFT is not authorized to execute administration requests Meaning openFT is not no longer authorized to process administration requests This is for example the case if a remote administration server has been demoted to a normal server ftmodo admcs n or if commands that are only allowed to be executed on a remote administration server are processed by an openFT instance that has not been configured as a remote administration server openFT Windows Administration 415 Messages for administration commands Appendix 416 openFT Windows Administration Glossary Italic type indicates a refere
417. tion must not be specified in conjunction with ty Monitoring values of the object Duration are not output If the specification is not used the data is output in print edited form openFT Windows Administration 295 ftshwm openFT commands The following section Description of the monitoring values on page 297 contains a table with notes that show what values are output when the raw option is specified or is not specified and how the values are to be interpreted depending on this option po polling interval Data is to be output initially after the specified polling interval in seconds has elapsed and then repeated at this interval If you also specify pnr you can limit the number of times the data is output If you specify po without pnr output is repeated an unlimited number of times If repeated output has been started with the po option with or without pnr it can be cancelled by an interrupt signal Output is also cancelled in the event of an error when openFT is terminated or when monitoring is terminated Possible values 1 through 600 po not specified The monitoring values are output immediately and once only pnr polling number CSV pnr specifies the number of times data is output pnr can only be specified in conjunction with po Possible values 1 through 3600 The information is to be output in CSV format First the short names of the monitoring values are output in on
418. tion of the remote administration server 2 eee eee ee 193 ftimpe Import profiles and admission sets 195 ftmoda Modify admission sets 198 ftmodi Modify aninstance 265 202 ftmodo Modify operating parameters 204 ftmodp Modify FT profiles 2 25 221 ftmodptn Modify partner properties 241 ftmodr Change the property of requests 247 ftmonitor Call the openFT Monitor for displaying measurement data 2 eee ee es 249 ftremptn Remove a partner from the partner list 252 ftsetpwd Store user password 22005 253 ftshwa Display admission sets 005 255 ftshwatp Display ADMtraps 258 Description of the output of ADM traps 263 Short output format ofan ADMtrap 263 Long output format of an ADM trap 264 ftshwc Show openFT instances that can be remotely SUNMNISIEIE gk ce ee eae ee de ecawat a ees 266 ftshwd Display diagnostic information 269 openFT Windows Administration Contents 6 32 6 33 6 33 1 6 33 1 1 6 33 1 2 6 33 1 3 6 33 1 4 6 33 1 5 6 33 1 6 6 33 2 6 34 6 34 1 6 35 6 36 6 37 6 38 6 38 1 6 38 1 1 6 38 1 2 6 38 1 3 6 39 6 40 6 41 6 42 ftshwe Display FT profiles and admission sets from a file 270 ftshwl Display log records 2 022805 272 Description of log record outp
419. tional Conventions Special characters and blanks Special characters in the entries for file name file name prefix transfer admission user ID account password follow up processing see notes on the commands must be escaped using a backslash Note that the entries for command strings file names and free text must be enclosed in double quotes if the entries contain blanks If the entry also contains double quotes the double quotes must be escaped with a backslash Example The account number 1111111 00000000 88888888 is specified in the transfer admission The comma is a special character that enables file transfer separating the elements of the triple user ID account and password and must therefore be escaped with a backslash The entry then appears as follows 111111 1 00000000 88888888 Sequence of entries The sequence of entries in the command is arbitrary Exceptions to this are specifications that do not start with a minus sign in the command syntax description if there is more than one such specification e g transfer admission or the system login openFT Windows Administration 145 Output in CSV format openFT commands 6 3 Output in CSV format For some Show commands openFT offers output in CSV format CSV Comma Separated Values is a popular format in the PC environment in which tabular data is defined by lines Output in CSV format is offered for the following commands
420. tmodp e extend In the FT request only e may be entered for write mode i e the receive file is extended by appending the transferred file to the end if the receive already exists The receive file is created if it does not yet exist one means that the FT profile does not restrict the write mode wm not specified leaves the write mode entries in the FT profile unchanged C c y c n Using c you can determine whether data encryption is required or forbidden If the setting in the profile does not correspond to the setting in the request the request is denied The setting is not valid for file management requests since there is no encryption for these requests y Only requests with data encryption may be processed using this profile n Only requests without data encryption may be processed using this profile neither y nor n specified c resets the current setting Requests with and without data encryption are both accepted c not specified The encryption option remains unchanged txt text txt allows you to enter a new comment in the FT profile up to 100 characters text not specified txt deletes an existing comment txt not specified an existing comment remains unchanged lil As soon as you modify an admission profile the timestamp is also updated The timestamp is output with ftshwp 1 LAST MODIF The timestamp is also updated if you do not change the properties of the profile i e if you
421. tn command to modify the properties of partner systems in the local system s partner list Format ftmodptn h lt partner 1 200 gt a pa lt partner address 1 200 gt id lt identification 1 64 gt id ri lt routing info 1 8 gt ri i ri ptc i ptc a ptc pri l pri n pri h sl 1 100 sl p sl st a st d st ad am n am y tr n tr f tr Description h Displays the command syntax on the screen Entries after the h are ignored partner a partner is the name of the partner system in the partner list or the address of the partner system whose properties you want to modify a for partner Partner is not a selection criterion i e you modify the properties of all the partner systems present in the partner list This specifi cation is only of use in combination with the options ptc s st tr and under certain circumstances ri pa partner address You use pa to enter the address of the partner system in the following form protocol host port tsel ssel psel For details concerning address specifications see section Specifying partner addresses on page 40 pa not specified The partner address is unchanged openFT Windows Administration 241 ftmodptn openFT commands id identification id Identification unique in the network of the openFT instance in the partner system In the case of
422. to be executed on the openFT instance You should always enclose command in quotes If command contains spaces or special characters the quotes are mandatory For further details see ftadm Execute remote administration command on page 153 124 openFT Windows Administration Central administration Remote administration transfer admission On the remote computer only FTAC transfer admission for accessing the remote administration server The associated profile must have the property ACCESS TO ADMINISTRATION see page 102 and the profile name must be assigned to a remote administrator in the configu ration file see page 107 5 1 4 2 Remote administration using the openFT Explorer The object tree of the openFT Explorer contains the item Remote Administration with the following icon You can log in to the remote administration server locally or perform remote administration from a remote computer Logging into the remote administration server locally If you log in to the remote administration server locally and your user ID is configured as a remote administrator there the object tree displays an additional icon for the local remote administration server The local remote administration server has the name server name Local where server name is the host name of the remote administration server If you click on this node all openFT instances that you are permitted to admin ister are displayed SA Remote
423. tor po 1 ERROR MSG Request 65592 has been canceled in the remote system Explanation TRAP ID Number of the ADM trap in the ADM trap log file up to 12 digits TYPE Trap type The possible values are the same as for the short output format See the description on page 263 264 openFT Windows Administration openFT commands ftshwatp Output TIME Date and time at which the trap occurred SOURCE Name of the partner on which the trap occurred TRANS ID Transfer ID of the transfer that triggered the trap RC Reason code of the transfer that triggered the trap INITIATOR User ID or location of the transfer that triggered the trap PARTNER Partner name of the transfer or partner that triggered the trap PTN STATE Partner state of the partner that triggered the trap FILENAME Filename of the transfer that triggered the trap ERROR MSG Message text of the transfer that triggered the trap openFT Windows Administration 265 ftshwc openFT commands 6 30 ftshwc Show openFT instances that can be remotely administered Jftshwc allows you to show the openFT instances that you are permitted to administer as remote administrator You can enter ftshwc both locally on the remote administration server and by remote administration using ftadm see page 153 If you enter ftshwc locally on the remote administration server the openFT instances are determined on the basis of the user ID under which you
424. tor controls the scope of ADM logging using the operating parameters The following options are available log all administration requests e log all administration requests that modify data e log administration requests during which errors occurred e disable ADM logging Do this using the ftmodo la command or the openFT Explorer Administration Operating Parameters menu General tab 128 openFT Windows Administration Central administration ADM traps 5 2 ADM traps ADM traps are short messages that openFT sends to the ADM trap server if certain events occur during operation of openFT Such events may include errored FT requests status changes or the unavailability of partners for instance The ADM traps are stored permanently on the ADM trap server This allows openFT systems to be monitored at a central location The FT administrator of the ADM trap server is thus provided with a simple way of gaining an overview of events that have occurred on the openFT instances he is monitoring using the openFT Explorer or the ftshwatp command If the ADM trap server is simultaneously used as a remote administration server remote administrators can also view traps from other systems and hence monitor the systems that they are administering 5 2 1 Configuring the ADM trap server To allow an openFT instance to act as an ADM trap server you must carry out the following actions in your role as FT administrator e The Remote
425. tration System Administrator Guide openFT Windows Administration 445 Related publications 446 openFT Windows Administration Index FJAM 382 FJAM openFT default T selector 217 FJAMOUT 382 FTAM 382 FTMONITOR 182 lt AccessList gt tag remote administration server lt Configuration gt tag remote administration server lt Group gt tag remote administration server lt Instance gt tag remote administration server 113 105 109 1141 1100 openFT default port 217 11000 default remote administration port 218 21 ftp default port 216 4800 FTAM default port 217 A absolute pathname 417 access to remote administration server 175 231 access control 417 access protection 417 access right 417 access rights transferred file 36 action list 417 asynchronous openFT server 216 partner specific trace 349 addressing options Internet hostname 41 TNS 41 Transport Name Service 41 ADM administrator 96 189 199 defining 101 ADM partner 40 ADM partners activating deactivating tracing 212 ADM profile create 175 delete 188 modify 223 ADM trap server activating 207 deactivating 207 outputting the transfer admission 305 removing 213 specifying 213 ADM traps 129 CSV output format 359 output description 263 setting up a profile on the ADM trap server 129 174 231 specifying the destination 213 administered openFT instance 96 as of V11 0 96 V8 0 through V10 0 97 administrat
426. tributes Change the attributes of a partner For further details refer to the online help system Dynamic partners Users may as required specify partners via the name in the partner list or via their addresses dynamic partners In this way they can also address partners that are not entered in the partner list 82 openFT Windows Administration Installation and configuration Setting up a partner list As FT administrator you may also lock the partner list for security reasons To do this use the ftmodo dp command or select Administration Operating Parameters from the menu Exporting the partner list You can use the ftshwptn command to export the partner list entries to a file for example in order to back up the entries or use them in other systems On export the entries are converted into the corresponding commands ftmodptn which you simply need to read in In ftshwpin you also specify the platform for which the commands are to be generated Examples To back up the partner list in a format for Windows systems in the file ftpartner bat ftshwptn pw gt ftpartner bat You can re import the partner list by calling the file as a batch file e g with cmd c ftpartner bat To export the partner list in BS2000 format to the file fipartner bs2 ftshwptn p2 gt ftpartner bs2 openFT Windows Administration 83 Setting up a partner list Installation and configuration 84 openFT Wi
427. ts to execute the resulting command For example if this option is specified as fp print and the request specifies error txt as follow up processing FTAC executes print error txt as follow up processing Prefix suffix and follow up processing commands must together not be longer than 1000 characters Please also bear in mind the information provided on the f option If a prefix was defined with fp the character set available for specifying follow up processing in the FT request is restricted to alphanumeric characters letters and digits the special characters _ a period between alphanumeric characters You can cancel an existing prefix by specifying f command5 not specified lfp cancels the follow up processing prefix in the FT profile in the event of unsuccessful file transfer lfp not specified leaves the prefix entries in the FT profiles for follow up processing in the event of unsuccessful file transfer unchanged openFT Windows Administration 237 ftmodp openFT commands lfs command6 Ifs defines a suffix for follow up processing in the local system in the event that file transfer is unsuccessful FTAC then appends the character string command6 to the follow up processing specified in the FT request and attempts to execute the resulting command For example if this option is specified as fs _file name and the request specifies print as follow up pr
428. ttributes and Modify file attributes p processing The FT profile can be used for the file transfer functions File Preprocessing or File Postprocessing The FT function Transfer files must also be permitted Specification of p has no significance for profiles with a file name prefix fnp or a file name fn since in this case the first character of the file name or file name prefix decides whether the profile can only be used for preprocessing and postprocessing 1 or only for file transfer file management no I 230 openFT Windows Administration openFT commands ftmodp The use of follow up processing is not controlled by f but by f and ls r read directory The FT profile can be used for the file transfer functions Display directories and Display file attributes a administration The admission profile is allowed to be used for the remote administration function This means that it authorizes a remote administration server to access the local openFT instance To do this the associated transfer admission must be configured in the remote administration server ff a may only be specified by the FT administrator or FTAC administrator I logging The admission profile is allowed to be used for the Receive ADM traps function This allows another openFT instance to send its ADM traps to the remote administration server via this profile This specification only makes
429. tus openFT Windows Administration 325 ftshwr openFT commands pn partner You use pn to specify a name or an address for the partner system for which you want to display requests The partner should be specified as on request submission or as output by the ftshwr command without the s l or csv option If openFT finds a partner in the partner list for a specified partner address then ftshwr displays the name of the partner even if a partner address was specified at the time the request was entered fn file name You use fn to specify the file name for which requests are to be displayed Requests that access this file in the local system are displayed You must specify the file name that was used when the request was issued This file name is also output by the ftshwr command without the fn option Wildcards are not permitted in the file name S sum specifies that a summary overview of requests is to be output For each possible request status see the st option this overview indicates the number of requests that have this status l long form specifies that the request properties are to be output in full csv Specifies that the request properties are to be output in CSV format If you also specify s then the summary overview is output in CSV format The values in the overview are output separated by semicolons s l and csv not specified The request attributes are output in standard form request I
430. u OUT OF THE TY OF a R TORT INCLUDI USE OF TH SUCH DAMAGE tion ve of this code cannot be chang mply be copied and put under another distribution licence the GNU Public Licence terms for any pu RIBU EMPLARY ROCUREMENT OF SUBSTITUTE TS O IABIL NEGL S SOF blicall ed i ORS BE LIABLE FOR OR CONSEQUEN R BUSINESS INT TY WHETHER I GENCE OR OTHE WARE EVEN IF ER R y available ver e this code can 22 openFT Windows Administration 2 Tasks of the administrator This chapter describes the most important administration tasks to be performed when running openFT You can administer openFT both via the openFT Explorer and by using commands The following options are available Functions and commands that only the administrator may use e g start openFT or delete log records Functions and commands that are accessible to both the user and the administrator but where the administrator is allowed to do more than the user e g modify admission sets The tasks of the administrator include Setting operating parameters 2 Starting and stopping openFT 2 Administering the request queue Viewing and deleting log records Administering admission sets and FT profiles Diagnostic options e g switching the trace for error diagnostics on and off Creating and administering instances in order t
431. u must activate the Remote Command Execution and Administration Objects options in the properties of this partner You can restrict access from a remote system to the transfer of monitoring data In order to do this you define an admission profile by specifying a file name prefix with the keyword FTMONITOR as a preprocessing command FTMONITOR is a keyword for openFT that causes monitoring data to be transferred in the form required by the graphical openFT Monitor 46 openFT Windows Administration Tasks of the administrator Monitoring with openFT An elegant and secure method of transferring the monitoring data in the form of line based output is to define an admission profile containing a file name prefix with the keyword FTMONITOR as a preprocessing command and which can therefore only be used for this purpose see the examples below Example 1 Define an admission profile monitor on the remote system Partner that only permits the output of monitoring data Assign onlyftmonitor as the transfer admission Unix or Windows system ftcrep monitorl onlyftmonitor ff tp fnp FTMONITOR BS2000 system CREATE FT PROFILE NAME MONITORI TRANSFER ADMISSION ONLYFTMONITOR FILE NAME EXPANSION FTMONITOR FT FUNCTION TRANSFER FILE FILE PROCESSING z OS system FTCREPRF NAME MONITORI TRANSFER ADMISSION ONLYFTMONITOR FILE NAME EXPANSION FTMONITOR FT FUNC
432. ue is displayed It is also possible to select requests on the basis of the SUSPEND status when displaying requests ftshwr st s e More entries have been reserved in the request queue for inbound requests than in previous versions in order to guarantee as far as possible that inbound requests do not need to be rejected because there is no more space in the request queue Logging and traces e Itis also possible to select on the basis of the request number and whether the request was for FTP when outputting log records ff and tid options for ftshwl e The logging ID can be up to 12 characters long e The traces have been optimized and the structure and names of the trace files have been changed 16 openFT Windows Administration Preface Changes since the last version Other changes Additional code tables are supplied With ftexec it is also possible to enter the commands to be executed via stdin A default admission profile can be set up for each user ID s option for ftcrep and ftmodp This is primarily intended for partners who must specify the transfer admission in a specific form Admission profiles now have a timestamp with the most recent change date This is output with ftshwp l for instance A uniform method of activating and deactivating the asynchronous inbound server openFT FTAM FTP ADM has been introduced new option acta for ftmodo openFT Windows Administration 17 Notat
433. uest was issued in the remote system DATA Indicates the file type Possible values CHAR default value for openFT partners The file contains text with variable record lengths BIN The file contains an unstructured sequence of binary data USER The file contains structured binary data with variable record length ENCRYPT Indicates whether data encryption was specified Possible values NO YES DICHECK Specifies whether the integrity of the data is to be checked Possible values NO YES FILESIZE Size of the file in bytes If the output is followed by a K the output is in kilobytes If it is followed by an M the output is in megabytes The size is indicated here only if the request was already active For receive requests a value is indicated here only if the partner has sent one with the request PRIO Request priority Possible values NORM The request has normal priority LOW The request has low priority No entry The request was issued in the remote system CANCEL If the Cancel Timer was set the time at which the request is deleted from the request queue is indicated here If no cancel time was specified in the request NO is output 334 openFT Windows Administration openFT commands ftshwr RECFORM Record format Possible values UNDEFINED VARIABLE FIX RECSIZE Maximum record size if specified DIAGCODE This column is usually empty Otherwise it provides further diagnost
434. ur local openFT instances with the parameter id of the ftmodo command Instance IDs of partner systems should from your local system s point of view correspond to the partner address by which the partner system is known in the openFT Instance IDs of partner systems should from your local system s perspective correspond to the partner address by which the partner system is known to openFT If this is not the case you must enter the partner in the partner list and explicitly specify its instance ID Note the following Ifyou do not specify the instance ID when entering the partner in the partner list the partner address is set as the default with openFT and ADM partners without port number and or transport selector if these were specified with the partner address This means that the instance ID of the partner must then match the specified partner address without port number T selector lf your partner system is still a version of openFT equal to or older than V8 0 authentication is not supported In this event you should specify lt processor gt lt entity gt with the processor name and station name of the partner as a dummy ID when entering the partner in the partner list so that incoming requests from this partner can be assigned to this entry Alternatively it is possible to resolve the name using a DNS or to make an entry in the hosts file or in the TNS When TNS is used the global name must corre spond to
435. ure that the configuration data on the two computers is consistent 98 openFT Windows Administration Central administration Remote administration the admission profiles for accessing the remote administration server and the partner list entries if they are used are identical on Computer 1 and Computer 2 the admission profiles on the administered instances are defined in such a way that they accept both remote administration servers as partners If authentication is used you must also note that the keys for the computers from which administration is performed must be present on both remote administration servers the administered instances require the keys of both remote administration servers For this reason with complex configurations in particular you should implement failsafe protection of the remote administration server using a cluster You can find examples of how to set up a cluster in the section The openFT instance concept in a Windows cluster on page 391 openFT Windows Administration 99 Remote administration Central administration 5 1 2 Configuring the remote administration server The remote administration server stores the data required for remote adminis tration and must be configured in a number of steps Some of these steps can only be performed by the ADM administrator who must have been defined beforehand Overview of the configuration steps openFT as of V1
436. uring installation and contains subdirec tories for application specific data for the corresponding openFT instance such as the log file key pair sets and trace files On Windows systems the pathname depends on the version of the operating system On Windows 2000 Windows XP and Windows Server 2003 the default pathname is openFT installation directory var instance 68 openFT Windows Administration Installation and configuration Installation On Windows Vista Windows Server 2008 Windows 7 and Windows Server 2008 R2 the default pathname is ProgramData Fujitsu Technology Solutions openFT var instance Inthe case of an update installation from openFT V10 0 under Windows Vista Windows Server 2008 Windows 7 and Windows Server 2008 R2 the instance specific files are located in the directory ProgramData Fujitsu Siemens openFTwar instance This is the default path set up by openFT V10 0 instance is the name of the corresponding instance The default instance named std always exists When you create a new instance using ftcrei you can select any path name for the instance directory The following sections describe which steps must be performed for the three installation variants by you as the system administrator as well as those which are handled automatically by the installation procedure openFT Windows Administration 69 New installation Installation and configuration 3 1 1 New installatio
437. ut 279 Logging requests with preprocessing postprocessing 279 Short output format of a FT or FTAC log records 279 Short output format of an ADM logrecord 282 Long output format of an FT log record 283 Long output format of an FTAC logrecord 287 Long output format of an ADM log record 290 Reason codes of the logging function 292 ftshwm Display monitoring values of openFT operation 295 Description of the monitoring values 297 ftshwo Display operating parameters 305 ftshwp Display FT profiles 240 5 311 ftshwptn Display partner properties 317 ftshwr Display request properties and status 324 Output of the fishwr command 4a es ke ee Re ee d 327 Standard ftshwr output 20 327 Totaled ftshwr output 2 reman eunate rata 329 Detailed output from ftshwr 2 329 ftstart Start asynchronous openFT server 337 ftstop Stop asynchronous openFT server 338 ftupdi Update the instance directory 339 ftupdk Update public keys 502 250005 340 WHAT as caedere tA HA RAR CORO eo 341 Actions in the event of an error 2 28585 347 Diagnosis a6 k f 8 aye od eee a a a a oo 349 Trace tiles lt 2682 he eee ee dew Re we 349 Activating deactivating trace functions 349 Viewing itaca THOS s
438. ven complex configurations simply and in a clearly structured way Subsequent changes are simple to incorporate and thus make the configuration easy to maintain The remote administration server runs on either a Unix or a Windows system e Simplified authentication procedure If you wish to use authentication for reasons of security it is only necessary to distribute a few keys For the direction to the remote administration server the keys of computers from which administration is to be performed must be stored on the remote administration server For the direction from the remote administration server to the instances to be administered it is only necessary to store the public key of the remote administration server on the openFT instances to be adminis tered e High performance The new remote administration interface allows far longer command sequences than in openFT up to V10 0 In addition it is possible to configure the remote administration server in such a way that it is available exclusively for remote administration In this case there is no dependency on normal FT operation and hence no mutual impact openFT Windows Administration 93 Central administration Simple administration Remote administrators only need one central transfer admission Up to openFT V10 the remote administrators had to remember the access data for each openFT instance to be administered Central logging of important
439. vented if it is possible to replace this command with for example a Trojan horse openFT Windows Administration 181 ftcrep openFT commands Example 1 You wish to create an FT profile for the following purpose The Duck Goldmines are to be able to send their monthly reports from their computer goldmine to the president at head office via file transfer The file monthlyreport_goldmineO1 is to be printed out after transfer The command required to create such an FT profile at head office is ftcrep goldmrep fortheboss d 20171231 di r f pn goldmine fn monthl yreport_goldmineOl 1s print monthl yreport_goldmineO1 1 f n wm o The FT profile has the name goldmrep and the transfer admission fortheboss It permits only the monthlyreport_goldmine0O1 file to be transferred to the bank Following successful transfer the file is printed out in the bank Follow up processing after unsuccessful file transfer is however prohibited The transfer admission is only valid until December 30 2017 the FT profile disabled as of 00 00 hours on December 31 2017 You want to set up the standard admission profile on your user ID in sucha way that only the file transfer and file creation functions are possible This profile can for instance be used by FTAM partners that always have to specify the user ID and the password for inbound access The command is as follows ftcrepi s n wm n f f t You want to define an ad
440. with encryption prior to ftmodo kl 0 that have been submitted but not yet started are aborted with errors Any running requests are processed and their encryption is retained New requests using encryption are rejected After reinstallation the default value k 768 is used tu transport unit size You use the parameter tu to define the upper limit for message length at transport level block length You can choose a value between 512 and 65535 The default value is 65535 characters The block length only applies to requests to openFT partners pl process limit pl process limit is the maximum number of openFT servers used for the processing of asynchronous requests The default value is 2 process limit not specified If you specify p without parameters then the number of openFT servers is equal to the number of connections i e each connection is handled by a separate openFT server 206 openFT Windows Administration openFT commands ftmodo cl connection limit Maximum number of asynchronous requests that are processed simulta neously Possible values 1 to 255 The default value is 16 admcl connection limit Maximum number of connections provided for remote administration requests Possible values 1 through 255 The default value after a new installation is 8 Read the note under admcs admcs n admcs y Specifies whether the local openFT instance is flagged as a remote administration server
441. ws Administration 191 fthelp openFT commands 6 16 fthelp Display information on the log record reason codes With fthelp you can have the meanings of the reason codes for the log function displayed on the screen RC column in ftshw output You can also request the output of the message texts associated with the exit codes of certain FT commands Format fthelp h lt number 1 ffff gt Description h Displays the command syntax on the screen Entries after the h are ignored number This is a four digit reason code from the log function or the exit code of an FT command belonging to a synchronous FT request The reason code contains encoded information on an FT request accepted by openFT The reason codes and their meanings are listed in the section Reason codes of the logging function on page 292 The exit codes message numbers are listed in section Exit codes and messages for administration commands on page 405 Example You wish to find out the meaning of reason code 3001 fthelp 3001 3001 Request rejected Invalid user identification Thus reason code 3001 means that the specified login name or transfer admission is invalid 192 openFT Windows Administration openFT commands ftimpc 6 17 ftimpc Import the configuration of the remote administration server ftimpc stands for import configuration If you are an ADM administrator ftimpc allows you to import an XML file co
442. y date and time in hours and minutes an 8 digit specification as the month day and time in hours and minutes and a 12 digit specification as the year month day and time in hours and minutes The largest possible value that can be specified as the date is 20380119 January 19 2038 openFT Windows Administration 273 fishwl openFT commands openFT then displays all the log records written during the specified time period The older time is taken to be the start time and the earlier time as the end time The optional data yyyy mm dd is automatically replaced by current values If you omit the limit after the dash the current time is taken If you omit the limit before the dash the time of the first log record written is taken rg yyyy mm dd hhmm If the minus sign is missing the range is the exact minute specified The largest possible value that can be specified as the date is 20380119 January 19 2038 The optional data yyyy mm dd is automatically replaced by current values rg 1 999999999999 1 999999999999 rg is used to specify the start and or end of a range of log IDs 1 999999999999 The selection of a log ID is indicated by the leading character openFT then displays all the log records which lie within the specified range If the log ID limit before the dash is omitted the current ID is taken and if the log ID limit after the dash is omitted the ID of the first log record
443. y if specified by the user LEGAL QUAL Legal qualification Is output only if the local system is the initiator and the value is specified by the user 336 openFT Windows Administration openFT commands fistart 6 39 ftstart Start asynchronous openFT server This command starts the asynchronous openFT server This processes all the requests stored in the request queue as well as all the inbound requests It is necessary to terminate and restart the asynchronous openFT server for instance if you have changed the file access permissions for newly created files See the section File access rights for newly created files on page 36 Format ftstart h Description h Displays the command syntax on the screen openFT Windows Administration 337 ftstop openFT commands 6 40 ftstop Stop asynchronous openFT server This command shuts down the asynchronous openFT server After this no further inbound requests and no locally submitted asynchronous requests are processed Inbound requests are rejected Locally submitted asynchronous requests are stored in the request queue Once the ftstop command has been issued the asynchronous openFT server server is not stopped until all the server processes have been terminated This may take a few minutes if for example disconnection is delayed due to line problems When the asynchronous openFT server is restarted the requests present in the request
444. y user ID password Specifies the password of the login name A binary password must be specified in hexadecimal format in the form x or X The FT profile for the login name is only valid while the password is valid for the login name If the password is changed the profile can no longer be used openFT Windows Administration 169 ftcrep openFT commands If you want to assign an FT profile for another user and also assign a transfer admission for that profile you must specify the login name as well as the password for that login name if you do not have FT administrator privileges n for password This entry may only be specified by the FTAC administrator With n you cannot assign any transfer admission for the FT profile if you do not have FT administrator privileges comma only no password Entering comma without password causes FTAC to query the password on the screen after the command is entered The entry is not displayed to prevent unauthorized persons from seeing the transfer admission user ID only without comma and no password specified the profile is valid for all the passwords for user ID ua specified or ua not specified the FT profile is created for the individual login name v y v n defines the status of the transfer admission Possible values are y default value the transfer admission is not disabled it is valid n the transfer admission is disabled it not va
445. ynamic partner entries activating 219 deactivating 219 dynamic partners 82 E EBCDIC 422 emulation 422 ENCR 284 291 encryption of user data 79 outbound request to FTP server 54 software for 79 ending openFT 32 enter partner in partner list 148 entering TS applications for partner system 384 entity 422 426 entries for follow up processing 145 entries in the command sequence 145 error diagnosis 63 349 export FT profile 190 FTAC environment 190 partner list 83 F F SYSTEM 328 file attributes 422 display 173 201 230 modify 173 201 230 file management 422 commands 140 filename 143 DNS name 41 document type 421 file transfer dummy ID commands 140 partners with openFT up to _ with postprocessing 430 V8 0 50 file transfer request 422 File Transfer Access and Management 424 450 openFT Windows Administration Index file type 165 202 FILE NAME ftshwr output 329 files delete 173 201 230 rename 173 201 230 firewall 381 firewall processor 422 fixed length record 422 follow up processing 423 follow up processing request 423 front end processor 421 FT administration permission 116 FT administrator 423 FT log record delete 185 FT operator 116 FT profile delete 187 display 311 export 190 modify 221 privilege 221 read from file 195 saving 59 write ina file 190 FT request 423 433 FT system 423 FT trace 423 FTAC administration permission 116 FTAC File Transfer Access Control 423 F
446. you specify monr monitoring data is collected for all requests Note that monr rs does not completely deactivate monitoring monr rs has the same effect as monp See the section Description of the monitoring values on page 297 monp monp a monp openft ftam ftp This allows you to select openFT monitoring depending on the protocol type used for the partners Combinations are also permitted if you specify the protocols individually separated by commas a Monitoring data is collected for all partners openft Monitoring data is collected for openFT partners ftam Monitoring data is collected for FTAM partners ftp Monitoring data is collected for FTP partners No protocol type specified If you specify monp with no parameters the monitoring is deactivated for partners In this event only certain monitoring data values are populated See the section Description of the monitoring values on page 297 tr n tr f tr c This allows you to activate and deactivate the openFT trace function n on The openFT trace function is activated f off The openFT trace function is deactivated c change The current trace file is closed and a new one is opened trp a trp openft ftam ftp adm This allows you to select the openFT trace function depending on the type of protocol used for the partners by specifying a comma separated list of one or more protocol types All the partners t
Download Pdf Manuals
Related Search