DEDS Migration to a New Architecture.
Impact for CPs
Guide for CPs using DEDS for downloading/uploading files.
Agenda
•
•
•
•
•
•
•
•
•
Introduction to DEDS
Need for Change
What is changing?
How will this happen?
What are benefits?
As a CP what do I need to change?
How can I go about it?
What are benefits for CPs?
Time Scales
This presentation does not cover changes for CPs where BT pushes/pulls data from CP server
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
Introduction
• DEDS – Data Exchange & Distribution Service
• It provides secure means to exchange data
between BT and CP systems outside BT network.
Acts like a post box.
• Currently FTP over ISDN or VPN are the means of
data exchange with DEDS from CP systems.
• DEDS services are used by about 800+ CP
accounts and there is growing demand for such
service going forward.
• New DEDS is under development to replace the
existing old and exhausted method of connection
to a secure and strategic mechanism .
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
Need for Change
• ISDN access to DEDS is slow due to limited
bandwidth.
• Being older technology, ISDN setup is difficult
and costly to maintain in terms of availability of
equipment and skills to maintain them.
• VPN access is limited by availability of VPN
ports on BT firewall. Ports are almost
exhausted.
• Existing DEDS hardware has scalability
limitations.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
What is changing?
• DEDS hardware will be migrated to new scalable
Architecture. This hardware will be accessed by CP
systems using standard Internet URL calls instead
of an IP address.
• FTP Secure access with one-way SSL to DEDS is the
default mechanism.
• DEDS will be exposed to internet with IP filtering
applied on BT firewall to accept calls only from
registered IPs.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
What are benefits for CPs?
• Data transfer through a strategic, secure and Fast
channel.
• Move from an old ISDN set up to a scalable secured
FTP channel which is exposed to the internet. ISDN
call charges borne by CP’s would be eliminated.
• Maintenance of ISDN, which is an old technology is
not required.
• Secured FTP clients/server are readily available and
many of them are freeware.
• Better and faster failover capabilities for DEDS which
would ensure minimal loss of service.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
Background on choosing FTPS
• FTPS is a widely used standard alongside SFTP. Each has its own advantages
and disadvantages.
• Few specific reasons for choosing FTPS:
•
•
•
•
Chrooting – Required to ensure each CP has isolated working area on DEDS server for Data Security.
Time bound login – Like CPS, there are other BTW services which are not available 24 * 7. It is
necessary to restrict CP access to DEDS outside of agreed service hours.
Logging – To generate MIS of CP’s upload/download activities.
Command Execution – To ensure CP can execute only certain commands necessary for transfer of files
and restrict potentially harmful commands for health of DEDS.
• BT has experience on implementing SSL over HTTP on B2B Gateways and
necessary infrastructure for issuance and management of SSL certificates
(server or client) is already built.
• X509 certificates will be used by BT on DEDS server as Server Certificate.
CPSOs will be provided with necessary CA (certifying authority) certificates
and keys to authenticate the same.
• If CPSO continue to receive files from DEDS in PUSH mode, CPSO’s can
either arrange a server certificate on their own or BTW can get one issued
using their own CA (affiliated to Verisign).
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
How will this happen?
• The change has been planned in phases for
smooth transition from existing system to the new
one.
• Phase I –
 The New DEDS to be built on Strategic architecture.
 It will be accessible over internet using FTPS over one-way
SSL.
 OLD DEDS and NEW DEDS will co-exist during the agreed
transition period
 Data synchronization mechanism will be implemented
between old and new DEDS servers.
 CP transition to new DEDS system will start in this phase
 (Please refer to following diagram)
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
How will this happen?
CP
1
Continued…
Phase - I
ISDN
/ VPN
CP
2
INTERNET
IP FILTERING
FTP
Secure
FTP
Existing
DEDS
Data synchronisation
NEW
DEDS
XFB / BDS / FTP
BT
System 1
BT
System n
Existing Setup
Proposed Setup
How will this happen?
Continued…
• Phase II –
 BT systems within BT Intranet will be re-pointed to new
DEDS server. This phase has no CP impact.
• Phase III –
 Data Synchronization mechanism will be disabled/removed.
 Old DEDS will be de-commissioned and entire service will
be on NEW DEDS only.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
How will this happen?
CP
1
Continued…
Phase - II
ISDN
/ VPN
CP
2
INTERNET
IP FILTERING
FTP
Secure
FTP
Existing
DEDS
Data synchronisation
NEW
DEDS
XFB / FTP/FTPS
BT
System 1
BT
System n
This phase has NO impact for CP systems
Existing Setup
Proposed Setup
How will this happen?
Continued…
Phase - III
II
ISDN
/ VPN
CP
1
CP
2
INTERNET
IP FILTERING
FTP
Secure
FTP
Existing
DEDS
Data synchronisation
NEW
DEDS
XFB / FTP/FTPS
BT
System 1
Existing Setup
BT
System n
Proposed Setup
As a CP what do I need to change?
• Installation of FTPS clients on the CP server’s. These
clients should as a minimum support one-way SSL.
• CPs can use any FTP secure client of their choice. There
are many commercially available or freeware clients.
(List of samples is available in this slide pack later.)
• CP programs executing these downloads/uploads would
need a change to integrate with the newly deployed FTP
secure client.
• CP would access DEDS via Internet connection.
• New DEDS server will have a registered DNS URL. This is to
improve the failover process. CP programs will need to
change so that they FTPS onto new DEDS using this URL.
• Decommission the existing ISDN setup.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
FTP secure client samples
•
•
•
•
•
•
•
•
CoreFTP Lite (Windows) URL: http://www.coreftp.com
SmartFTP (Windows) URL: http://www.smartftp.com
IglooFTP Pro (Windows, Linux) URL: http://www.iglooftp.com
FlashFXP (Windows) URL: http://www.flashfxp.com
SDI FTP (Windows) URL: http://www.sdisw.com
LFTP (Unix, MacOS X) URL: http://lftp.yar.ru/
RBrowser (MacOS X) URL: http://www.rbrowser.com
FTPTLS (OpenBSD, possibly other Unix as well) URL: http://wwwuser.tu-chemnitz.de/~grmo/ftptls/ Port: http://www-user.tuchemnitz.de/~grmo/ftptls/port/ftptls-port.tar.gz
• Glub Tech Secure FTP Client (at least Unix, MacOS X and Windows)
URL: http://secureftp.glub.com/
•
NOTE: BT does not recommend any specific product. The list above is for reference
only. CPs are requested to take their own informed decision.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
How can I go about it?
• Approach BT account manager/BT front door
contact to schedule migration to NEW DEDS.
• Complete FTPS client installation & configuration.
FTPS clients are available either commercially or
as free-ware.
• Test connectivity to BT system with on-ramp
server. (Support team will make this available)
• Test connectivity to NEW DEDS (Live)
• Start using new DEDS!
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
Time scales
• Phase-I : This is expected to be ready by end of
May-2010
• Phase-II : This will start by end of May-2010. No
CP impact.
• Phase-III : Plan is to start decommission of OLD
DEDS by end September 2010, but this is subject
to the CP transition plans to be discussed between
CPs and BT Account Managers / Product Line
leads.
BT is happy to take this opportunity to share its plans regarding the migration with affected customers. BT can accept no liability whatever for the
consequences of any action taken by customers in relation to the contents of these slides.
Thank You!