Posted: 6/3/2015 3:38:21 PM EDT
|
So the guy who was spearheading the replacement of our enterprise FTP/SFTP solution went on to greener pastures and I got picked to reinvent the wheel. Of course, it wouldn't be any fun if I was given any specific requirements that the solution has to meet, or the previous employee's notes on any progress he had made on the project. With that said, I am at Square 1 and trying to evaluate what is available for an enterprise FTP server solution - knowing that we have a variety of statutory requirements (HIPAA, Sarbanes-Oxley, FERPA, FDA, etc) that may come into play for various scenarios.
So here I am, hoping some of you might have some expertise in this area that can point me towards packages that are at least worthy of consideration. Preferred platform would be Windows Server 2012 R2, but if there is a clear cut "best of breed" that runs on a *nix variant I can't rule it out. Any links to comparative reviews from reputable industry sites would be welcome too. |
|
This sorta depends on what you are doing, and who is using FTP. Is this the general pubic? Regular users? "IT" users? What files are you presenting, do you need people to upload to it. Where is the transfer to/from? Across a network, wide area network, or to the internet. Are you hosting ONE site with a bunch of stuff in it? Or a BUNCH of sites with different stuff in them? If you need some custom tools or scripting or whatever in it, I'd say you should use FTPD (or whatever the new Linux flavor tool is) and go through the steps of configuring it. If it's a bunch of relatively simple sites, and you just need FTP to a bunch of different people who shouldn't see each other's stuff, I'd use IIS 8. It does FTPS pretty well, and it is easy to configure, if you are willing to open up the data channel ports in your firewall. (Read up on that, it's tricky to implement and the steps involve doing stuff an admin would be a bit nervous about doing.) http://www.jscape.com/blog/bid/75602/Understanding-Key-Differences-Between-FTP-FTPS-and-SFTP There used to be a bunch of other off-brand softwares but most of them would probably cause problems with your auditing requirements. |
|
Windows Server 2012R2 has an FTP server role that does FTP over SSL which is, in my opinion, superior to SFTP and meets all compliance requirements. Which is totally why it exists.
http://stackingtech.com/2014/03/13/how-to-configure-ftp-server-in-windows-2012-r2/ |
|
As stated, I have been given no requirements yet, but answers below are my assumption based on my limited involvement in it in the past. Will be trying to get some explicit requirements that the solution must meet.
Quoted:
This sorta depends on what you are doing, and who is using FTP. Is this the general pubic? Regular users? "IT" users? Vendors/partners, regular users, IT users, automated systems (batch files, etc) What files are you presenting, do you need people to upload to it. Not entirely sure yet, know there is some purchase order stuff to vendors, some research exchange with other institutions Where is the transfer to/from? Across a network, wide area network, or to the internet. All of the above Are you hosting ONE site with a bunch of stuff in it? Or a BUNCH of sites with different stuff in them? Multiple diverse sites If you need some custom tools or scripting or whatever in it, I'd say you should use FTPD (or whatever the new Linux flavor tool is) and go through the steps of configuring it. If it's a bunch of relatively simple sites, and you just need FTP to a bunch of different people who shouldn't see each other's stuff, I'd use IIS 8. It does FTPS pretty well, and it is easy to configure, if you are willing to open up the data channel ports in your firewall. (Read up on that, it's tricky to implement and the steps involve doing stuff an admin would be a bit nervous about doing.) http://www.jscape.com/blog/bid/75602/Understanding-Key-Differences-Between-FTP-FTPS-and-SFTP There used to be a bunch of other off-brand softwares but most of them would probably cause problems with your auditing requirements. We already have IIS8.5 in house - I actually admin the majority of our shared enterprise IIS servers - but TPTB seem to get a warm fuzzy from third party sometime, thus my quest to see if there is something out there that can do it better. Thanks to both of you for your input so far. |
|
It sounds like you have a variety of requirements both known and unknown. You can't go wrong with setting up either SFTP or FTPS. I think the other posts cover that pretty well. Either of them will meet your security requirements. I prefer SFTP because I don't have to deal with as many firewall changes and it's used by most of our providers but if you want to stay Windows then FTPS is great and you can then even use third party CA for certificate based access.
On a broader note....I don't know if you have a need to automate a plethora of file transfers with your partners, benefit providers, and others but we found a pretty sweet solution without having to cobble together a bunch of disjointed scripts. There are others like this but the one we picked is called: GoAnywhere Director This is not an FTP server but it interacts with them and other services you may have. It has an easy to use interface to create FTP workflows, scheduling, reporting, etc. Here are a few use cases we use it for: 1) SAP system generates a positive pay file for our bank every half hour. Director picks the file up in a location on the network. Digitally signs and encrypts the file and then transfers it our bank. 2) Every month Director picks up a file from our 401k provider showing who is in the plan. Director reads the file and inserts that data into our SQL server. Calls a stored procedure to compare the file to our current employees in the HR system. Exports the stored procedure difference into another file. Encrypts the file and send it back to the 401k provider. 3) Director will monitor a partners SFTP site for incoming files. When one if found it will retrieve the file and move it to an internal network share. These scenarios go on and on and we found it very useful for things we didn't imagine in the beginning. |
|
Quoted: Windows Server 2012R2 has an FTP server role that does FTP over SSL which is, in my opinion, superior to SFTP and meets all compliance requirements. Which is totally why it exists. http://stackingtech.com/2014/03/13/how-to-configure-ftp-server-in-windows-2012-r2/ |
|
Quoted: I have this in use today and its easy to setup and fantastic. Keep it in the DMZ and use local users on the box as it not in our AD. Quoted: Quoted: Windows Server 2012R2 has an FTP server role that does FTP over SSL which is, in my opinion, superior to SFTP and meets all compliance requirements. Which is totally why it exists. http://stackingtech.com/2014/03/13/how-to-configure-ftp-server-in-windows-2012-r2/ My setup has local IP addresses in a data center network and the audit/security guys said "you want to do WHAT?" when I told them about opening a block of higher ports for data channels and the goofy network address translation configuration you have to do for that. The FTPS fad has died down in my industry for now so we rolled out quietly without it. ;) (I know it's not a fad, but it's not on their minds much so will deal with it later when someone squawks.) |