Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

DEDS Migration to secured FTP

advertisement 
DEDS Migration to secured FTP
For discussion with GNP Industry
Introduction

Communication Providers (CP) connect into BT (DEDS) using
ISDN/VPN setups and use FTP to exchange Single Line Geographical
Number port requests/response files.

CP uploads and downloads the Number port request and response
files from DEDS server if CP is gaining the number.

DEDS uploads and downloads the Number port request and
response files from CP server if BT is gaining the number.
2
Limitations of current setup
•
ISDN access to DEDS is slow due to limited bandwidth.
•
Being older technology, ISDN setup is difficult and costly to maintain
in terms of availability of equipment and skills to maintain them.
•
VPN access is limited by availability of VPN ports on BT firewall. Ports
are almost exhausted.
•
Existing DEDS hardware has scalability limitations.
•
Failover capability is limited and slow on existing infrastructure.
3
EXISTING SETUP
CP 1
FTP
XFB
Primary DEDS
Secondary DEDS
DEDS CLUSTER
4
FIREWALL
FTP
FIREWALL
CP n
Number
Porting
application
PROPOSED SETUP
NEW DEDS
CP 1
CP n
FTPS (one way
SSL/TLS over
internet)
FTPS (one way
SSL/TLS over
internet)
D
N
S
D
N
S
S
W
I
T
C
H
I
N
G
Data
Mirrorin
g
NEW DEDS DR
5
S
W
I
T
C
H
I
N
G
XFB
Number
Porting
application
Advantages of the proposed set up

Data transfer through a secured and Fast channel.

Move from an old ISDN set up to a scalable secured FTP channel
which is exposed to the internet. ISDN call charges borne by CP’s
would be eliminated.

Maintenance of ISDN, which is an old technology is not required.

Secured FTP clients/server are readily available and many of them
are freeware.

CPs using Fax and Email as communication mode can easily migrate
to electronic medium as the proposed setup is being exposed to
internet.
Additional Benefit targeted with the proposed set up

Better failover capabilities for DEDS which would ensure minimal loss
of service.
6
Rationale of FTPS
•
FTPS is a widely used standard alongside SFTP. Each has its own
advantages and disadvantages.
•
Few specific reasons for choosing FTPS:
– Chrooting – Required to ensure each CP has isolated working
area on DEDS server for Data Security.
– Time bound login –It is necessary to restrict CP access to DEDS
outside of agreed service hours.
– Logging – Formatted logging which enables automated trapping
and monitoring of error scenarios. It is also possible to generate
MIS of upload/download activities. .
– Command Execution – To ensure CP can execute only certain
commands necessary for transfer of files and restrict potentially
harmful commands for health of DEDS.
7
What is Changing?
•
DEDS hardware will be migrated to new scalable Architecture. This
hardware will be accessed by CP’s systems using standard Internet
URL calls.
•
DEDS will be exposed to internet with IP filtering applied on BT
firewall to accept calls only from registered IP’s
•
FTPS replaces Normal FTP by using one way SSL/TLS and basic
authentication.
•
CP’s will upload/download the files to/from DEDS via One Way
SSL/TLS over internet using FTPS client.
•
DEDS would upload/download files from CP’s server using FTPS
client. CP would need to host FTPS server on their servers to allow
for FTPS transfers by DEDS.
8
Impacts of the Change
Number Porting order requests are initiated by the Gaining CP.
– For Numbers exporting out of BT, order files are uploaded by CP onto
DEDS (BT) and responses are downloaded by CP from DEDS (BT).
• CP would need to host FTPS client (compatible with pureftpd product used on
DEDS).
• X509 certificates will be used by BT on DEDS server as Server Certificate. CPs will
be provided with the required public key certificate of DEDS(BT).
• CPs would need to install/import it on their servers to be able to connect to DEDS.
• Port number to be used by FTPS client while connecting to DEDS would be
provided by DEDS support team. These ports will need to be configured by CP
onto the FTPS client.
• Changes needed in the process /automation to suit migration to secured FTP.
• CPs can continue using the same used id and password while accessing DEDS.
The folder structure on DEDS would also remain the same.
– For Numbers importing into BT, order files are uploaded by DEDS onto CP
servers and responses are downloaded by DEDS from CP servers.
• CPs has to host FTPS server on its machine.
• CPs will have to open up their firewall(s) to allow FTPS connections from DEDS.
• CPs have to provide BT with the necessary public key for DEDS. This would need
to be installed on DEDS and would be used for authentication while connecting to
CP machines.
• CPs will have to provide IPs, ports, usernames and passwords of their systems to
DEDS.
9
How Migration will be managed?
Migration will be managed in three phases.
•
Phase –I : New DEDS server will be available in live ready for CPs
to migrate.
–Once Phase – I is complete, CPs may start migration to new
DEDS. It is necessary that CP build the capabilities for FTPS
transfer as mentioned in the previous slides.
•
Phase –II : Number Port application will be migrated to new DEDS
during phase – II. During Phase I & Phase II, BT will internally
manage synchronisation of existing DEDS and new DEDS system.
•
Phase –III : The old DEDS server will be decommissioned as all CPs
would have migrated to FTPS connectivity with New DEDS.
•
DEDS support team will guide the CP’s during the migration process.
10
How can CP’s go about it?
•
Approach BT Product Manager / BT Account Manager contact to
schedule migration to NEW DEDS.
•
Complete FTPS client and server installation & configuration.
– FTPS clients and servers are available either commercially or as
free-ware.
•
Test connectivity to BT system with on-ramp server. (DEDS Support
team will make this available)
•
Test connectivity to NEW DEDS (Live)
•
Start using new DEDS!
11
Milestones
•
Phase-I : This is expected to be ready by end-May’10
•
Phase-II : This is planned to start in Jun’10.
•
Phase-III : Plan is to start decommission of OLD DEDS by
end of Phase II, but this is subject to the CP transition plans
to be discussed between CP’s and BT Account Managers /
Product Line leads.
12
FTPS Client Samples
•
CoreFTP Lite (Windows) URL: http://www.coreftp.com
•
SmartFTP (Windows) URL: http://www.smartftp.com
•
IglooFTP Pro (Windows, Linux) URL: http://www.iglooftp.com
•
FlashFXP (Windows) URL: http://www.flashfxp.com
•
SDI FTP (Windows) URL: http://www.sdisw.com
•
LFTP (Unix, MacOS X) URL: http://lftp.yar.ru/
•
RBrowser (MacOS X) URL: http://www.rbrowser.com
•
FTPTLS (OpenBSD, possibly other Unix as well) URL: http://wwwuser.tu-chemnitz.de/~grmo/ftptls/ Port: http://www-user.tuchemnitz.de/~grmo/ftptls/port/ftptls-port.tar.gz
•
Glub Tech Secure FTP Client (at least Unix, MacOS X and Windows)
URL: http://secureftp.glub.com/
NOTE: BT does not recommend any specific product. The list above is
for reference only. CPs are requested to take their own informed
decision.
13
Thank You
14
Related documents
DEDS VDC MIGRATION Impact for CPs
DEDS VDC MIGRATION Impact for CPs
DEDS VDC MIGRATION Impact for CPs
DEDS VDC MIGRATION Impact for CPs
PowerPoint Presentation - QR Code
PowerPoint Presentation - QR Code
Rising Stars 4.4 - Woolton Primary Blog
Rising Stars 4.4 - Woolton Primary Blog
what is cps
what is cps
CPS proceeds of crime (PowerPoint)
CPS proceeds of crime (PowerPoint)
Evaluation of Options for Financial and Human Resource
Evaluation of Options for Financial and Human Resource
Download
advertisement