Transfer CFT partners in flows

The following topics define Transfer CFT partners as used in Central Governance flows.

When a flow using Transfer CFTs is deployed, Central Governance deploys on each Transfer CFT the definition of the partners defined in the flow. There are three Transfer CFT partner objects involved: CFTPART, CFTTCP, and and CFTSSL (when using mutual authentication). When flows use mutual authentication, two Transfer CFT PKI objects are created on each Transfer CFT: PKICER and PKIENTITY. (A PKI entity is created for each new CFTSSL, where the entity includes the root certificate aliases used in flows. The entity alias is included in the ROOTCID field in the CFTSSL object.)

  • For each CFTPART, Central Governance sets values for the fields ID, NRPART, NRPASSW, NSPART, NSPASSW, PROT, SAP, and SSL (SSL if mutual authentication is used). The NSPASSW/NRPASSW is either generated or configured in the Transfer CFT static configuration.
  • For each CFTTCP, Central Governance sets values for the fields ID, CLASS, HOST.
  • For each CFTSSL, Central Governance sets values for the fields ID, DIRECT, VERSION, KEYTEXT, CIPHLIST, USERCID, VERIFY, ROOTCID (includes alias of PKI certificate or/and PKI entity) and ORIGIN.
  • For each CFTSSH, Central Governance accepts values for the HMAC field.

All other CFTTCP, CFTPART, and CFTSSL fields have the default values.

You can overwrite the following fields with values from the partner template configuration file.

Transfer CFT field Partner template parameter Partner template value Default Central Governance value if not set
CFTPART - ID cft.partner.id %HOSTNAME% (product host as it appears in the product list) STRING max_length=32
CFTTCP – CNXIN, CNXOUT, CNXINOUT

cft.partner.cnxin

cft.partner.cnxout

cft.partner.cnxinout

0..1000  
CFTTCP – RETRYW, RETRYM, RETRYN

cft.partner.retryw

cft.partner.retryn

cft.partner.retrym

0..32767

RETRYW = '1',

RETRYM ='30',

RETRYN ='20'

CFTSSL - ID      
CFTSSH - HMAC cft.ssh.hmac HMAC-SHA2-512,HMAC-SHA2-256,HMAC-SHA1, NONE None

When a broadcast or collect list is used in flows, Central Governance deploys a new object, CFTDEST. This is in addition to partners definition (CFTPART and CFTTCP objects) for each Transfer CFT partner.

 

Central Governance | Document Directory

Related Links