DEDS Migration to a New Architecture.
Impact for Openreach CPs
Guide for CPs using DEDS for
downloading/uploading files.
Agenda

Introduction to DEDS

Need for Change

What is changing?

How will this happen?

What are benefits?

As a CP what do I need to change?

How can I go about it?

What are benefits for CPs?

Time Scales
This presentation does not cover changes for CPs where BT pushes/pulls data from CP server
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
Introduction
 DEDS
– Data Exchange & Distribution Service
 It
provides secure means to exchange data between
BT and CP systems outside BT network. Acts like a
post box.
 Currently
FTP over ISDN or VPN are the means of
data exchange with DEDS from CP systems.
 DEDS
services are used by about 800+ CP accounts
and there is growing demand for such service going
forward.
 New
DEDS is under development to replace the
existing old and exhausted method of connection to
a secure and strategic mechanism .
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
Need for Change
 ISDN
access to DEDS is slow due to limited
bandwidth.
 Being
older technology, ISDN setup is difficult
and costly to maintain in terms of availability of
equipment and skills to maintain them.
 VPN
access is limited by availability of VPN
ports on BT firewall. Ports are almost
exhausted.
 Existing
DEDS hardware has scalability
limitations.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
What is changing?
 DEDS
hardware will be migrated to new scalable
Architecture. This hardware will be accessed by CP
systems using standard Internet URL calls instead
of an IP address.
 FTP
Secure access with one-way SSL to DEDS is the
default mechanism.
 DEDS
will be exposed to internet with IP filtering
applied on BT firewall to accept calls only from
registered IPs.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
What are benefits for CPs?

Data transfer through a strategic, secure and Fast channel.

Move from an old ISDN set up to a scalable secured FTP
channel which is exposed to the internet. ISDN call
charges borne by CP’s would be eliminated.

Maintenance of ISDN, which is an old technology is not
required.

Secured FTP clients/server are readily available and many
of them are freeware.

Better and faster failover capabilities for DEDS which
would ensure minimal loss of service.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
Background on choosing FTPS

FTPS is a widely used standard alongside SFTP. Each has its own advantages and disadvantages.

Few specific reasons for choosing FTPS:
– Chrooting – Required to ensure each CP has isolated working area on DEDS server for Data
Security.
– Time bound login – Like CPS, there are other BTW services which are not available 24 * 7. It is
necessary to restrict CP access to DEDS outside of agreed service hours.
– Logging – To generate MIS of CP’s upload/download activities.
– Command Execution – To ensure CP can execute only certain commands necessary for
transfer of files and restrict potentially harmful commands for health of DEDS.

BT has experience on implementing SSL over HTTP on B2B Gateways and necessary
infrastructure for issuance and management of SSL certificates (server or client) is already built.

X509 certificates will be used by BT on DEDS server as Server Certificate. CPs will be provided
with necessary CA (certifying authority) certificates and keys to authenticate the same.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
How will this happen?
 The
change has been planned in phases for
smooth transition from existing system to the new
one.
 Phase
I–
 The New DEDS to be built on Strategic architecture.
 It will be accessible over internet using FTPS over one-way
SSL.
 OLD DEDS and NEW DEDS will co-exist during the agreed
transition period
 Data synchronization mechanism will be implemented
between old and new DEDS servers.
 CP transition to new DEDS system will start in this phase
 (Please refer to following diagram)
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
How will this happen? Continued…
CP
1
Phase - I
ISDN
/ VPN
CP
2
INTERNET
IP FILTERING
FTP
Secure
FTP
Existing
DEDS
Data synchronisation
NEW
DEDS
XFB / BDS / FTP
BT
System 1
BT
System n
Existing Setup
Proposed Setup
How will this happen? Continued…
 Phase II –
 BT systems within BT Intranet will be re-pointed to new
DEDS server. This phase has no CP impact.
– Phase III –
 Data Synchronization mechanism will be disabled/removed.
 Old DEDS will be de-commissioned and entire service will be
on NEW DEDS only.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
How will this happen? Continued…
CP
1
Phase - II
ISDN
/ VPN
CP
2
INTERNET
IP FILTERING
FTP
Secure
FTP
Existing
DEDS
Data synchronisation
NEW
DEDS
XFB / FTP/FTPS
BT
System 1
BT
System n
This phase has NO impact for CP systems
Existing Setup
Proposed Setup
How will this happen? Continued…
Phase - III
II
ISDN
/ VPN
CP
1
CP
2
INTERNET
IP FILTERING
FTP
Secure
FTP
Existing
DEDS
Data synchronisation
NEW
DEDS
XFB / FTP/FTPS
BT
System 1
Existing Setup
BT
System n
Proposed Setup
As a CP what do I need to change?

Installation of FTPS clients on the CP server’s. These clients
should as a minimum support one-way SSL.

CPs can use any FTP secure client of their choice. There are
many commercially available or freeware clients.
(List of samples is available in this slide pack later.)

CP programs executing these downloads/uploads would need a
change to integrate with the newly deployed FTP secure client.

CP would access DEDS via Internet connection.

New DEDS server will have a registered DNS URL. This is to
improve the failover process. CP programs will need to change
so that they FTPS onto new DEDS using this URL.

Decommission the existing ISDN setup.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
FTP secure client samples

CoreFTP Lite (Windows) URL: http://www.coreftp.com

SmartFTP (Windows) URL: http://www.smartftp.com

IglooFTP Pro (Windows, Linux) URL: http://www.iglooftp.com

FlashFXP (Windows) URL: http://www.flashfxp.com

SDI FTP (Windows) URL: http://www.sdisw.com

LFTP (Unix, MacOS X) URL: http://lftp.yar.ru/

RBrowser (MacOS X) URL: http://www.rbrowser.com

FTPTLS (OpenBSD, possibly other Unix as well) URL: http://www-user.tuchemnitz.de/~grmo/ftptls/ Port: http://www-user.tuchemnitz.de/~grmo/ftptls/port/ftptls-port.tar.gz

Glub Tech Secure FTP Client (at least Unix, MacOS X and Windows) URL:
http://secureftp.glub.com/

NOTE: BT does not recommend any specific product. The list above is for reference only.
CPs are requested to take their own informed decision.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
How can I go about it?
 Approach
BT account manager/BT front door contact
to schedule migration to NEW DEDS.
 Complete
FTPS client installation & configuration.
FTPS clients are available either commercially or as
free-ware.
 Test
connectivity to BT system with on-ramp server.
(Support team will make this available)
 Test
connectivity to NEW DEDS (Live)
 Start
using new DEDS!
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
Time scales
 Phase-I :
This is expected to be ready by end of
May-2010
 Phase-II :
This will start by end of May-2010. No CP
impact.
 Phase-III :
Plan is to start decommission of OLD
DEDS by end September 2010, but this is subject
to the CP transition plans to be discussed between
CPs and BT Account Managers / Product Line
leads.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
Thank You!